I received an email from ESRI regarding security issue in ArcGIS server. We are currently using Server 10.1 SP1. Is our version affected by this issue?
I received an email from ESRI regarding security issue in ArcGIS server. We are currently using Server 10.1 SP1. Is our version affected by this issue?
I believe SDE software is bundled with ArcGIS Server. As such, does this mean that this patch would need to be applied to SDE databases as well as ArcGIS Server servers?
I downloaded the msp file and it is only 44 KB whereas the Oracle Critical patch msp file was 10,120 KB. Is this security patch really only 44 KB (I'm just wondering if the download did not run completely)?
I do not think that this patch requires an Enterprise Geodatabase upgrade and from the description of the issue it is a server based issue, not geodatabase.
Update: I think that if there is a EGDB upgrade required that there will be a patch for the Desktop client also. Just my thought.
I downloaded the 10.6 version of the patch and it was 108kb.
The patch is about 44 kb. It is small. If at any point you want to make sure you have the real and complete files, you can download a tool called md5sum. You can run this tool at the command line, for example,
md5sum c:\users\david-or-whatever-your-account-is-called\downloads\ArcGIS-106-S-IACS-Patch.msp
This will then provide a value and you can compare it to the md5 value posted on the patch page. For instance for the Windows 10.6 version of this patch, the checksum is 8B246B657A6015CC19D66382D6720BEE. This way you can be sure you have the patch we posted.
Hi Elizabeth - Unfortunately ArcGIS 10.1 has been retired, as of January 1, 2018, and is no longer supported. This would be a main reason that a patch might not be available.
Update: To be clear, I am not sure if the issue also impacts previous versions of the ArcGIS Server (pre-10.2.1) for which their are patches available. Regardless anything pre-10.2.x is now retired.
Retired: Esri Support 10.1
What does Retired Status mean? http://downloads2.esri.com/support/TechArticles/Product-Life-Cycle.pdf
Hope this help. I would recommend you look into upgrading to a newer release in the near future in case you have a need to get support.
All,
does anyone know what this patch is doing?
it just seems a bit vague and im going to have to explain why i want to install a patch in a live production environment.
thanks
Dave
Elizabeth,
From looking at the tech support article:
Problem: Warning of security vulnerability in ArcGIS Server
And bug listing:
BUG-000113291: There is an improper access control issue in ArcGIS ..
It looks like all versions of Server were affected. But, there are only patches available for 10.2.1 and upward, unfortunately.