Vendor Updates fail to properly update/upgrade older Software versions
Last Updated March 25, 2015
1. Reviewed Adobe APSB14-16 bulletin(Flash Player 184.108.40.206, 220.127.116.11). It fails to deploy the newest Version Release of Adobe Flash Player to the clients, and old Flash Player packages are still present in the Patch Management Updates directory for this bulletin. 1. Checked in the Patch Remediation Center, and found it displayed 6 updates for the bulletin, half for Release v13 and the other half are for Release v14.
2. Reviewed Wireshark bulletins WIRES-035 and WIRES-036, and found they are deploying different Version Releases of Wireshark as follows: - WIRES-035: Wireshark 1.10.9 - WIRES-036: Wireshark 1.12.0 1. Found that distributing WIRES-036 does not target to upgrade a client with WIRES-034 (v1.10.8) installed.
3. Found Version Releases are failing to upgrade some lower Version Releases to the highest Version Release available at the time: 1. Example: Found clients running Wireshark v1.8.X do not upgrade to WIRES-036 but only upgrades to WIRES-035.
4. Additionally, some instances show that a client's installed version was upgraded to a newer Version Release, as in the following examples: 1. Adobe released Flash Player 11; however, it upgraded the clients to v13, a newer Version Release, upon implementing APSB14-22. v15 was also available at the time. 2. Adobe released Flash Player 13 ActiveX; however, it upgraded to v15 ActiveX, a newer Version Release, upon implementing APSB14-22.
Per failure to upgrade in the examples listed above:
1. APSB14-16 holds updates for both v13 & v14 and those updates would target the respective installed versions from this bulletin. 1. Patch Management Solution is for applying software updates, and Flash v14 is a major Version Release and is a separate product from v13, and a new End User License Agreement (EULA) may be in order for acceptance. For example, if a client has Flash Player 13 installed and a software update for both Flash Player 13 and 14 is enabled in Patch Remediation Center, the installation will be patched to the most recent for that supported version, v13 to v13 but not v13 to v15.
2. WIRES-035 (1.10.9) is targeting to update WIRES-034 (1.10.8) 1. Patch Management Solution is for applying software updates, and WIRES-036 (1.12.0) is a major Version Release and is a separate product from v1.10, and a new End User License Agreement (EULA) may be in order for acceptance.
3. Wireshark maintains two supported versions, "Stable Version Release" and "Old Stable Version Release". Older unsupported "Version Releases" of software are going to upgrade to the next version, "Old Stable Version Release", that is still constant with the coding of the installed version. The newest "Stable Release" will not apply. 1. Example: Clients have Wireshark v1.8.x installed. They will upgrade to WIRES-035 (1.10.9), for that is the next highest Version Release that would support the lower version of software. WIRES-036 will not target v1.8.x.
Per failure to maintain the versions listed above:
4. Often the old version of Software is no longer supported by the Vendor and the next major Version Release is the provided Software Update distributed to the client; that is what gets installed.
Patch Management is working as designed, for it is applying Software Updates that are in sync with the appropriate targeted version per their respective vendor logic. This targeting pertains to current supportability from the vendor, for if the update version is no longer supported (or has been made better per the vendor's logic), the new higher versions will be implemented; however, if the older version is supported, the software version will be updated and the major version will not be implemented.
Vendor will release a Software Version. The vendor then decides upon the next Update release if there is an older version that will become unsupported, and the new version is going to be installed upon enabling the Software Update, or if the old version is to remain with a new subversion, and the new major Version Release is to be provided alongside the old version.
Patch Management deploys per the Vendor's logic publically posted and ensures least impact to the environment; it resolves the same security vulnerabilties found in 'older version' as in the 'new release' updates, for the current coded version is the best to target, where jumping multiple versions will have a greater impact on supported platforms, and that could cause more problems with untested code being implemented into the environment. Additionally, if the newest major release is the updated version; it will be implemented per Vendor logic.
Moreover: Patch is unable to accept the EULA for the end user. Please utilize Software Delivery Solution, or other software deployment method, to install 'Major Versions,' and if applicable; the product will upgrade as targetable per the logic provided by the vendor.
Advisory: It is currently being reviewed as an Enhancement Request to have Patch Management Solution deploy this Software Upgrade. Please subscribe to this KM article to receive notifications moving forward.
Patch Management 7.1 SP1, SP2, MP1.x, 7.5 and 7.5 SP1
Imported Document ID: TECH222436
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe