C

CVE-2022-23775 – Vulnerability Upgrade to 1.4.10 or higher to fix

Please upgrade immediately to version 1.4.10 or higher to fix security vulnerability, CVE-2022-23775. Contract TrueStack at [email protected] if you have any trouble upgrading. New instances purchased from the AWS marketplace will be versions 1.4.10 or higher.

To upgrade:

  • On the Admin tab in the console click on Update, notice the version number at the bottom of the screen. This should update you to version 1.4.10 or higher<img fetchpriority="high" decoding="async" src="https://truestack.com/wp-content/uploads/2022/03/Upgrade1.4.10.png" alt="Update Button" width="592" height="407" class="aligncenter size-full wp-image-2493"

    • Troubleshoot upgrading:

  • If TrueStack hangs on the upgrade or doesn’t upgrade to 1.4.10, SSH into the instance and run sudo apt-get upgrade
  • Follow these steps:
  • First backup your instance from the Admin tab of the TrueStack Direct Connect Console.
  • Download and install Putty from here. or use another SSH tool if you have one.
  • On your EC2 dashboard open the SSH port to your IP for your TrueStack Direct Connect Security Group.  Click to expand image.
    TrueStack SG with SSH
  • Open Putty.  Type the Public IP Address of your instance in section Host Name (or IP address).  Make sure the port is set to 22 and the Connection type is SSH.
    Putty SSH
  • In Putty under Connection, expand SSH and Click on Auth.  Browse to the location where you saved the Key Pair (certificate) that is associated with your TrueStack Direct Connect EC2 instance in AWS.  This Key Pair was created when you set up your AWS EC2 account or the first time you set up TrueStack Direct Connect.  Open your instance.
    Putty SSH settings
  • Accept the certificate.  To login, type the username: admin
    Putty Logon
  • Type: sudo apt-get upgrade.  Click y for yes when prompted.
  • When the upgrade completes Type: sudo apt-get update
  • From the AWS console Stop and restart your TrueStack Direct Connect instance by clicking Actions / Instance State / Stop
  • Once the Instance completely stops, start it again from the Actions tab.
  • Login to your TrueStack Direct Connect console.  Create another backup.  Then run the updates on the settings tab to get the most up to date version of TrueStack Direct Connect.
  • Remove the SSH inbound port on your TrueStack Direct Connect Security Group.

If Sudo apt-get upgrade fails:

Some of our clients have reported that upgrades from 1.4.6, or 1.4.7 to 1.4.10 fail. If this is the case, follow these steps:

  • Follow the steps above to make a backup and SSH in to the instance.
  • After running sudo apt-get upgrade you may see this error:
  • Follow the directions in the command and run sudo dpkg –configure -a
  • Then run sudo apt-get upgrade again

    • If no errors restart your Truestack instance from the AWS console and ensure it’s now up to 1.4.10 or higher

  • You may however get this error:
  • If you see this error follow the directions but add “sudo” at the front of the command. Run this command: sudo apt –fix-broken install
  • During this command you may be prompted to use additional space, click Y for Yes or enter to add additional space
  • After this you may prompted to keep the current version of cloud.cfg. Click enter for N or No (default) which is to keep the current version.
  • Then run sudo apt-get upgrade again

    • If no errors restart your Truestack instance from the AWS console and ensure it’s now up to 1.4.10 or higher

    Please contact us at [email protected] if you have any trouble upgrading to version 1.4.10

    CVE-2022-23775 – Vulnerability Upgrade to 1.4.10 or higher to fix
Permalink
CVE-2022-23775 – Vulnerability Upgrade to 1.4.10 or higher to fix