Forum Discussion
How interpret vulnerability SOLs that seem to recommend conflicting code revisions?
I have VCMP guest LTMs on Viprion chassis running version 11.4.1 HF3, and have been tasked with re-mediating the following vulnerabilities:
https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16821.html https://support.f5.com/kb/en-us/solutions/public/16000/600/sol16620.html https://support.f5.com/kb/en-us/solutions/public/16000/900/sol16920.html
SOL16821 looks to have no fix, but the other two do list "Versions known to be not vulnerable"; however, they do not line up on the exact levels and hot fixes. My question is what do you do when these don't line up across all the vulnerabilities?
I would expect that 11.5.3 HF1, the most currently offered 11.5.x, should have all the previous fixes. If this is true, then it would satisfy the 11.5.1 HF9 in SOL16620 and the 11.5.2 - 11.5.3 in SOL16920. But the wording of the SOL documents implies that no, you must use the exact listed version.
If that is true, how could you ever reconcile this stuff?
1 Reply
- Rob_Stansbury_1
Nimbostratus
Let me try to post those URLs again with some line breaks in them...
https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16821.html[support.f5.com]
https://support.f5.com/kb/en-us/solutions/public/16000/600/sol16620.html[support.f5.com]
https://support.f5.com/kb/en-us/solutions/public/16000/900/sol16920.html[support.f5.com]
Help guide the future of your DevCentral Community!
What tools do you use to collaborate? (1min - anonymous)Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com