Problem:
Two vulnerabilities have been discovered in the QNX operating system images distributed by Tridium.
The first vulnerability is related to a vulnerability that could allow a less privileged process to gain read access to privileged files.
The second is related to a vulnerability in the QNX procfs service that could allow a less privileged process to gain access to a chosen process's address space.
The following supported platforms are impacted: - Niagara AX 3.8u4 (JACE 3e, JACE 6e, JACE 7, JACE-8000)
- Niagara 4.4u3 (JACE 3e, JACE 6e, JACE 7, JACE-8000)
- Niagara 4.7u1 (JACE-8000, Edge 10)
NOTE: Niagara Windows and Linux Supervisor installations are not impacted.
|
|
|
|
Solution:
Installing the patched files for the affected versions will remedy the issue.
...
- Restart the version of Workbench you are updating.
- Connect to the platform of the device
- Open the Software Manager
- Observe the files are no longer in the inbox of the user home
- Commission the device using the “Commissioning Wizard”
- Make sure the “install/upgrade core software from distribution files” box is checked
- Confirm the version number of the dists being installed
| Product | QNX Patches |
|---|
| Niagara AX 3.8u4 | OS Dist: 2.7.402.2
NRE Config Dist: 3.8.401.1 |
| Niagara 4.4u3 | OS Dist: 4.4.73.38.1 NRE Config Dist: 4.4.94.14.1 |
| Niagara 4.7u1 | OS Dist: (JACE 8000) 4.7.109.16.1
OS Dist (Edge 10): 4.7.109.18.1 NRE Config Dist: 4.7.110.32.1 |
| View file |
|---|
| name | r47-4.7u1.zip |
|---|
| height | 250 |
|---|
|
| View file |
|---|
| name | r44-4.4u3.zip |
|---|
| height | 250 |
|---|
|
| View file |
|---|
| name | r38-3.8u4.zip |
|---|
| height | 250 |
|---|
|