Support Center > Search Results > SecureKnowledge Details
R77.30, R77.20 Security hotfix for DLP and Threat Extraction blades Technical Level
Symptoms
  • Certain files manipulated in a specific way can cause Check Point User Space process to crash with a core dump file.
Solution

Background

This hotfix includes security enhancements for Data Loss Prevention and Threat Extraction blades.
Check Point highly recommends installing this hotfix if those blades are activated.

This hotfix should be installed on the following R77.20 / R77.30 Security Gateway configurations:

  • Single Security Gateways
  • Cluster members
  • StandAlone machines (Security Gateway + Management Server)
  • Threat Emulation appliances (if Threat Extraction blade is enabled)

 

Availability

Version Availability
R77.30
R77.20
and
lower
  • Hotfix for R77.20 GA (without any hotfixes) is provided below in this article.

  • Contact Check Point Support to prepare a Hotfix for your version pf Security Gateway.
    For faster resolution and verification, please collect CPInfo files
    from the Security Management Server and Security Gateways involved in the case.

 

Installation instructions

This section provides the hotfix for:

  • Security Gateways R77.30 with General Availability Take 205 of R77.30 Jumbo Hotfix Accumulator running on Gaia OS
  • Security Gateways R77.20 GA (without any hotfixes) running on Gaia OS / SecurePlatform OS
Click Here to Show the Entire Section
  • Show / Hide instructions for CPUSE in Gaia Portal
    • Online Installation

      1. CPUSE Software Updates Policy should be configured to allow self-update of CPUSE Agent.
        Otherwise, users should manually install the latest build of CPUSE Agent from sk92449.
      2. Connect to the Gaia Portal on your Check Point machine.
      3. Navigate to Upgrades (CPUSE) pane - click on Status and Actions.
      4. Verify the package - check whether this package can be installed without conflicts:
        Select the hotfix package R77.<XX> Hotfix for sk115596 - click on the More button on the toolbar - click on the Verifier.
      5. Select the hotfix package R77.<XX> Hotfix for sk115596 - click on the Install Update button on the toolbar.
      6. Reboot is required.
    • Offline Installation

      1. Install the latest build of CPUSE Agent from sk92449.
      2. Download the Gaia CPUSE Offline package:
        OS R77.30 R77.20
        Gaia - CPUSE Offline
      3. Connect to the Gaia Portal on your Check Point machine.
      4. Navigate to Upgrades (CPUSE) pane - click on Status and Actions.
      5. On the toolbar, click on the More button - select Import Package - browse for the CPUSE Offline package (TGZ file) - click on the Upload.
      6. Verify the package - check whether this package can be installed without conflicts:
        Select the hotfix package R77.<XX> Hotfix for sk115596 - click on the More button on the toolbar - click on the Verifier.
      7. Select the hotfix package R77.<XX> Hotfix for sk115596 - click on the Install Update button on the toolbar.
      8. Reboot is required.

    Notes:



  • Show / Hide instructions for CPUSE in Gaia Clish
    • Online Installation

      1. CPUSE Software Updates Policy should be configured to allow self-update of CPUSE Agent.
        Otherwise, users should manually install the latest build of CPUSE Agent from sk92449.
      2. Connect to the command line on Gaia OS.
      3. Log in to Clish.
      4. Acquire the lock over Gaia configuration database:
        HostName> lock database override
      5. Import the package from Check Point cloud:
        • On R77.30:
          HostName> installer import cloud Check_Point_Hotfix_R77_30_Gaia_sk115596.tgz
        • On R77.20:
          HostName> installer import cloud Check_Point_Hotfix_R77_20_Gaia_sk115596.tgz
      6. Show the packages that are available for download:
        HostName> show installer packages available-for-download
      7. Verify that this package can be installed without conflicts:
        HostName> installer verify <Package_Number>
      8. Download the package from Check Point cloud:
        HostName> installer download <Package_Number>
      9. Install the downloaded package:
        HostName> installer install <Package_Number>
        Note: The progress (in per cent) will be displayed in Clish.
      10. Reboot is required.
    • Offline Installation

      1. Download the Gaia CPUSE Offline package:
        OS R77.30 R77.20
        Gaia - CPUSE Offline
      2. Install the latest build of CPUSE Agent from sk92449.
      3. Transfer the offline package to the target Gaia machine (into some directory, e.g., /some_path_to_fix/).
      4. Connect to the command line on target Gaia OS.
      5. Log in to Clish.
      6. Acquire the lock over Gaia configuration database:
        HostName> lock database override
      7. Import the package from the hard disk:
        HostName> installer import local <Full_Path>/Check_Point_Hotfix_R77_<XX>_Gaia_sk115596.tgz
      8. Show the imported packages:
        HostName> show installer packages imported
      9. Verify that this package can be installed without conflicts:
        HostName> installer verify <Package_Number>
      10. Install the imported package:
        HostName> installer install <Package_Number>
      11. Reboot is required.

    Notes:



  • Show / Hide instructions for Legacy CLI on SecurePlatform OS
    1. Download the Legacy CLI package:
      OS R77.20
      SecurePlatform - CLI
    2. Transfer the hotfix package to the machine (into some directory, e.g., /some_path_to_fix/).
    3. Connect to the command line on target SecurePlatform OS.
    4. Log in to Expert mode.
    5. Unpack and install the hotfix package:
      [Expert@HostName]# cd /some_path_to_fix/
      [Expert@HostName]# tar -zxvf Check_Point_Hotfix_R77.20_sk115596_SPLAT.tgz
      [Expert@HostName]# ./fw1_wrapper_<HOTFIX_NAME>
      Note: The script will stop all of Check Point services (cpstop) - read the output on the screen.
    6. Reboot the machine.

    Notes:

    • Make sure to take a snapshot of your Check Point machine before installing this hotfix.
    • In cluster environment, this procedure must be performed on all members of the cluster.

 

Uninstall instructions

Click Here to Show the Entire Section
  • Show / Hide instructions for CPUSE in Gaia Portal
    1. CPUSE Software Updates Policy should be configured to allow self-update of CPUSE Agent.
      Otherwise, users should manually install the latest build of CPUSE Agent from sk92449.
    2. Connect to the Gaia Portal on your Check Point machine.
    3. Navigate to Upgrades (CPUSE) pane - click on Status and Actions.
    4. Select the hotfix package R77.<XX> Hotfix for sk115596 - click on the Uninstall button on the toolbar.
    5. Reboot is required.

    Notes:



  • Show / Hide instructions for CPUSE in Gaia Clish
    1. Install the latest build of CPUSE Agent from sk92449.
    2. Connect to the command line on target Gaia OS.
    3. Log in to Clish.
    4. Acquire the lock over Gaia configuration database:
      HostName> lock database override
    5. Show the installed packages:
      HostName> show installer packages installed
    6. Uninstall the hotfix package:
      HostName> installer uninstall <Package_Number>
    7. Reboot is required.

    Notes:



  • Show / Hide instructions for Legacy CLI on SecurePlatform OS
    1. Connect to the command line.
    2. Log in to Expert mode.
    3. Uninstall the hotfix:
      [Expert@HostName]# /opt/CPsuite-R77/uninstall_fw1_wrapper_<HOTFIX_NAME>
      Example for R77.20:
      # /opt/CPsuite-R77/uninstall_fw1_wrapper_HOTFIX_GOLLUM_HF_265
    4. Reboot the machine.

    Notes:

    • Make sure to take a snapshot of your Check Point machine before uninstalling this hotfix.
    • In cluster environment, this procedure must be performed on all members of the cluster.

 

Revision History

Show / Hide revision history

Date Description
20 Apr 2017
  • Added link to Hotfix package for "R77.20 GA"
  • Added "Revision History" section
06 Apr 2017
  • Added version "R77.20" to the article title, article "Version" field, and article body
07 Feb 2017
  • "Symptom" field - added the description "Certain files manipulated in a specific way can cause Check Point User Space process to crash with a core dump file."
05 Feb 2017
  • Rewrote this article
  • Added a note that Hotfix for R77.30 is integrated into R77.30 Jumbo Hotfix Accumulator since Take_213
  • Added a note that to get this Hotfix for R77.20, customers should contact Check Point Support
23 Jan 2017
  • Added a note that this hotfix should also be installed on Threat Emulation appliances (if Threat Extraction blade is enabled)
20 Jan 2017
  • First release of this article
Applies To:
  • 02443892 , 02462556 , 02465552
  • CR02456115

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment