Bruker patches for Log4j CVE-2021-44228 issue
Topspin
Topspin
受影响的版本
- TopSpin 3.5
- Topspin 3.6
- TopSpin 4
Older versions of TopSpin use the Log4j 1.x version of the library, which is not affected.
How to apply the patch
力量的当前版本补丁是艾娃ilable here:
The patch automatically identifies product installations on your system and provides a graphical user interface for information.
Windows
补丁作为可执行文件交付。下载后,只需双击文件即可启动补丁。它会自动要求执行管理特权。
Linux
补丁作为可执行文件交付。After download, open a shell, ensure you have administration privileges on your machine, then execute the .sh file.
macOS
The patch is delivered as disk image. After download, double-click the .dmg file to mount it, then execute the installer file shown. You may need to go “System Preferences / Security & Privacy” and approve the execution of the installer.
Please find a change log and more information here:
The TopSpin Log4j Patcher will fix existing TopSpin and GoScan installations that may use affected Log4j 2 versions. Details about the vulnerability are available here:https://nvd.nist.gov/vuln/detail/CVE-2021-44228
该工具将从安装中删除Jndilookup类。这是官方Apache Log4J网站上描述的建议缓解策略:https://logging.apache.org/log4j/2.x/security.html#
Please note that the patch executable cannot be used on the CentOS 5 operating system (which is end of life since March 2017).
ParaVision
ParaVision
受影响的版本
- ParaVision 360
Older versions of ParaVision are based on older versions of TopSpin. These TopSpin versions use the Log4j 1.x version of the library, which is not affected.
How to apply the patch
力量的当前版本补丁是艾娃ilable here:
The patch is delivered as a compressed zip file. Please, unpack it and execute following command from the command line (shell or terminal). Execution of this script may require that you have administration privileges on your machine.
Linux
CD TS-LOG4SHELL-PATCH
./bin/ts-log4shell-patch –d /opt/PV-360.3.2
Execute this script for each ParaVision 360 version you have installed.
Topspin Log4J Patcher(TS-LOG4SHELL-PATCH)将修复可能使用受影响Log4J 2版本的现有Topspin安装。有关漏洞的详细信息,请参见:https://nvd.nist.gov/vuln/detail/cve-2021-44228
该工具将从安装中删除Jndilookup类。这是官方Apache Log4J网站上描述的建议缓解策略:https://logging.apache.org/log4j/2.x/security.html#
版本1.0.5或更晚的补丁程序现在可以相应地处理文件bsmsserver.jar。该文件是不判定的,但可以通过常见扫描工具检测到。
Goscan 3
GoScan
受影响的版本
- Goscan 3
The patch for TopSpin installations can be used for GoScan installations as well. Please follow the instructions given for TopSpin above. The patch automatically identifies product installations on your system and provides a graphical user interface for information.
Note: For any GoScan version earlier than 3.0, please upgrade to the latest GoScan version first, then apply the patch.
Please download and run this patch even if you have applied earlier versions of the patch. Version 1.0.8 also removes backup copies of the affected file which are uncritical for your system but may still cause warnings by vulnerability scanners.
The GoScan Log4j Patcher (install4j-goscan-log4j2-patch) will fix existing GoScan installations that may use affected Log4j 2 versions. Details about the vulnerability are available here:https://nvd.nist.gov/vuln/detail/CVE-2021-44228
该工具将从安装中删除Jndilookup类。这是官方Apache Log4J网站上描述的建议缓解策略:https://logging.apache.org/log4j/2.x/security.html#
Version 1.0.1 or later of the patch now handles the file bsmsserver.jar accordingly. This file was uncritical but could be detected by common scanning tools.
Daltonics Software
Bruker Daltonics Software
受影响的版本
Only the服务器部件of the Bruker Daltonics client/server solutions
- HyStar
- Biopharmacompass®
- proteinscape®
- TASQ®
- MetaboScape®
- and ToxTyper
被影响。
Details about the vulnerability are available here:https://nvd.nist.gov/vuln/detail/CVE-2021-44228
该工具将从安装中删除Jndilookup类。这是官方Apache Log4J网站上描述的建议缓解策略:https://logging.apache.org/log4j/2.x/security.html#
力量的当前版本补丁是艾娃ilable here:
The log4j patch will fix existing Compass Server installations that use affected Log4j 2 versions. The patch is delivered as a compressed zip file, unpack the file and first read the instructions in thereadme.txtfile. Details on the patch and a step-by-step guide of the actions the script performs can be found in this document.
Check if your computer needs to be patched
Open the WindowsServices对话框(您需要行政权利)。检查是否Bruker指南针服务器betway手机客户端下载服务存在并在您的计算机上运行。如果是,请在此计算机上应用Log4J-Patch。如果没有,您无需采取进一步的行动。
How to apply the patch
警告:确保不执行任何测量或数据处理任务。脚本的执行将停止并重新启动指南针服务!betway手机客户端下载
Extract content of the .zip file.You should see three files (patch-log4j2.bat, patch-log4j2.ps1, readme.txt) and one folder (patch-files).
Select the “patch-log4j2.bat” via left-mouse-button click. See screenshot (1)
使用正确的鼠标按钮单击打开此文件的上下文菜单。
选择“作为管理员运行”以执行具有管理特权的批处理文件“ Patch-Log4j2.bat”。请参阅屏幕截图(2)
IMPORTANT: Always run the script using "Run as administrator" even if you are logged in as user with administrative rights! If you are unsure about running scripts under administrative rights, please involve your local IT team for support.