Install Patch for Aspera High Speed Transfer Server, Aspera High Speed Transfer Endpoint, and Aspera Streaming
Linux, PowerLinux, and zLinux
1. Upgrade to the latest release of your product, if possible.
2. Download the patch.
Linux 64-bit:
Linux 32-bit:
https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/IBM+Aspera+High-Speed+Transfer+Server&release=All&platform=All&function=fixId&fixids=pvt_aspera-hsts-3.9.6.178540-aspshell-fix-linux-32:952336749145676928
PowerLinux:
zLinux:
3. Make a backup copy of the existing aspshell binary:
cp /opt/aspera/bin/aspshell /tmp/aspshell
4. Install the newly downloaded binary:
cp path_to_downloaded_aspshell /opt/aspera/bin/
5. Change permissions and ownership:
chmod 0755 /opt/aspera/bin/aspshell
chown root:root /opt/aspera/bin/aspshell
6. There is no version number accessible from aspshell, so validate with shasum:
shasum -a 256 /opt/aspera/bin/aspshell
Or for Red Hat Linux, use the command: sha256sum /opt/aspera/bin/aspshell
For Linux 64-bit, the result should be:
cf9b6de9f6e5eff03dae1beb86aa5a53b038b014d2304b1a6f2dd293342f9d9f
For Linux 32-bit, the result should be:
96de9614238177ce6ba3a124b8ceb74fc12770e6b2d19851ee3af1eb42b37fbe
For PowerLinux, the result should be:
0cf981215f9a55f53c0658b97de38518a9150382dcac93b460db83fda1d2c155
For zLinux, the result should be:
199d3a3b4db815b9434222ec1c918ac102ec50eaee8149541b3f8c63afa78150
Windows
1. Upgrade to the latest release of your product, if possible.
2. Download the Windows patch.
For Windows 64-bit:
For Windows 32-bit:
3. Make a backup copy of the existing aspshell binary.
For HSTS:
copy %PROGRAMFILES%\Aspera\Enterprise Server\bin\aspshell C:\ProgramData\
For HSTE:
copy %PROGRAMFILES%\Aspera\Point-to-Point\bin\aspshell C:\ProgramData\
4. Install the newly downloaded binary.
For HSTS:
copy path_to_downloaded_aspshell %PROGRAMFILES%\Aspera\Enterprise Server\bin\
For HSTE:
copy path_to_downloaded_aspshell %PROGRAMFILES%\Aspera\Point-to-Point\bin\
5. Validate the shasum on Windows with this command:
certutil -hashfile path_to_downloaded_aspshell.exe SHA256
For Windows 64-bit, the result should be:
4f1e68895bb10b936d574557f8dab888f1201e5e5d859aec9789d07f2ccc8da9
For Windows 32-bit the result should be:
db5c4b8f6e2231402af7d4078bf64b84978f80dda7427c6119efb1a71fd45f4f
6. Validate the patch installation by checking that a transfer via Aspera Connect is successful.
If so, the patch was correctly installed and the vulnerability closed.
Mac OS
1. Upgrade to the latest release of your product, if possible.
2. Download the Mac OS patch from:
3. Make a backup of the existing aspshell binary:
mv /Library/Aspera/bin/aspshell /tmp/aspshell
4. Install the newly downloaded binary:
cp path_to_downloaded_aspshell Library/Aspera/bin/
5. Change permissions and ownership:
chmod 0755 /Library/Aspera/bin/aspshell
chown root:admin /Library/Aspera/bin/aspshell
6. There is no version number accessible from aspshell, so validate with shasum:
shasum -a 256 /Library/Aspera/bin/aspshell
The result should be:
923eb0a49ae0ad2f1da29c4a11d9ee455d31059b0f1cedda92b8f56670df5205
7. Validate the patch installation by checking that a transfer via Aspera Connect is successful.
If so, the patch was correctly installed and the vulnerability closed.
Solaris x86 and Solaris SPARC
1. Upgrade to the latest release of your product, if possible.
2. Download the patch.
Solaris x86:
Solaris SPARC:
3. Make a backup copy of the existing aspshell binary:
cp /opt/aspera/bin/aspshell /tmp/aspshell
4. Install the newly downloaded binary:
cp path_to_downloaded_aspshell /opt/aspera/bin/
5. Change permissions and ownership:
chmod 0755 /opt/aspera/bin/aspshell
chown root:bin /opt/aspera/bin/aspshell
6. There is no version number accessible from aspshell, so validate with digest:
digest -v -a sha256 /opt/aspera/bin/aspshell
For Solaris x86, the result should be:
8cadf22704aa81b452da41f8b876d4b32dcf9b256e02de35edff48017e58d1d4
For Solaris SPARC, the result should be:
25d6b3f044441303ab4e2c2fd4fe5f5cfeb0d77db54f8ccede303db18a2a4b14
7. Validate the patch installation by checking that a transfer via Aspera Connect is successful.
If so, the patch was correctly installed and the vulnerability closed.
Isilon
1. Upgrade to the latest release of your product, if possible.
2. Download the Isilon patch from:
3. Make a backup copy of the existing aspshell binary:
cp /usr/local/aspera/bin/aspshell /tmp/aspshell
4. Install the newly downloaded binary:
cp path_to_downloaded_aspshell /usr/local/aspera/bin
5. Change permissions and ownership:
chmod 0755 /usr/local/aspera/bin/aspshell
chown root:root /usr/local/aspera/bin/aspshell
6. There is no version number accessible from aspshell, so validate with shasum:
shasum -a 256 /usr/local/aspera/bin/aspshell
For Isilon, the result should be:
387e771d33edcd3cd331945ffc879e26b7ea4e0aa47517a5191c246ba455a433
7. Validate the patch installation by checking that a transfer via Aspera Connect is successful.
If so, the patch was correctly installed and the vulnerability closed.
AIX
1. Upgrade to the latest release of your product, if possible.
2. Download the AIX patch from:
3. Make a backup copy of the existing aspshell binary:
cp /opt/aspera/bin/aspshell /tmp/aspshell
4. Install the newly downloaded binary:
cp path_to_downloaded_aspshell /bin/
5. Change permissions and ownership:
chmod 0755 /opt/aspera/bin/aspshell
chown root:root /opt/aspera/bin/aspshell
6. There is no version number accessible from aspshell, so validate with shasum:
shasum -a 256 /opt/aspera/bin/aspshell
For AIX, the result should be:
401cfc25402dfc109c9f706e1c483503e07a89b7fb1b64e4fe00d6bf49158cf1
7. Validate the patch installation by checking that a transfer via Aspera Connect is successful.
If so, the patch was correctly installed and the vulnerability closed.
Install Patch for Aspera Proxy
1. Download the Linux patch from:
2. Make a backup copy of the existing aspshell binary:
cp /opt/aspera/proxy/bin/aspshell /tmp/aspshell
3. Install the newly downloaded binary:
cp path_to_downloaded_aspshell /opt/aspera/proxy/bin/
4. Change permissions and ownership:
chmod 0755 /opt/aspera/proxy/bin/aspshell
chown root:root /opt/aspera/proxy/bin/aspshell
5. There is no version number accessible from aspshell, so validate with shasum:
shasum -a 256 /opt/aspera/proxy/bin/aspshell
For Linux, the result should be:
cf9b6de9f6e5eff03dae1beb86aa5a53b038b014d2304b1a6f2dd293342f9d9f
Install Patch for Aspera Faspex on Demand, Aspera Server on Demand, Aspera Shares on Demand, and Aspera Application on Demand
1.SSH to your server.
For IBM Cloud:
# ssh -i your_key root@your_ip_address
For AWS, you will also need to sudo to the root user.
2. Run the following commands:
# cd /opt/aspera/bin
# rm aspshell
# chmod 755 aspshell
3. Validate the patch installation by checking that a transfer via Aspera Connect is successful.
If so, the patch was correctly installed and the vulnerability closed.
Install Patch for Aspera Transfer Cluster Manager
Copy the following script to the Firstboot Script field of the ATCM cluster console:
#!/bin/bash
cat > /opt/aspera/firstboot/firstboot.d/99-custom.sh << 'SCRIPT_END'
#!/bin/bash
#### whatever else you
#### might have in script already
function aspshellPatch() {
yum install -y unzip
pushd /opt/aspera/bin/
cp -v -f aspshell{,.SAVE}
popd
pushd /tmp
unzip aspera-hsts-3.9.6.178540-aspshell-fix.zip
chmod 0755 aspshell
chown root.root aspshell
mv -v -f aspshell /opt/aspera/bin/
rm -f aspera-hsts-3.9.6178540-aspshell-fix.zip
popd
}
#### whatever else you
#### might have in script already
echo "========== Install aspshell patch =========="
aspshellPatch
echo "========== Installed aspshell patch =========="
exit $ret
SCRIPT_END
chmod +x /opt/aspera/firstboot/firstboot.d/99-custom.sh
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSL85S","label":"IBM Aspera High-Speed Transfer Server (HSTS)"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.9.6","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS8NDZ","label":"IBM Aspera"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSL7UM","label":"IBM Aspera High-Speed Transfer Endpoint (HSTE)"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SUNSET","label":"PRODUCT REMOVED"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRFYR","label":"IBM Aspera on Demand"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMVZ9","label":"IBM Aspera Streaming"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]