Patches and updates

ArcGIS Notebook Server Security Patch

Published: March 28, 2022

Summary

This security patch addresses multiple security vulnerabilities found in log4j distributed with ArcGIS Notebook Server. Esri recommends that all customers using ArcGIS Notebook Server 10.7.1 apply this patch.

Description

EsriĀ® announces the ArcGIS Notebook Server Security Patch. Esri recommends that all customers using ArcGIS Notebook Server 10.7.1 apply this patch.

This patch deals specifically with the issues listed below under Issues Addressed with this patch.

Issues Addressed with this patch

  • BUG-000147723 - Update Log4j in ArcGIS Notebook Server to address security vulnerabilities.
  • BUG-000147725 - Update ArcGIS Notebook server postinstallation utility to support updating notebook runtimes with new imageId.

  • Please see ArcGIS Enterprise Log4j Security Patches Available for further details.

To avoid conflicts this patch also addresses:

  • BUG-000139408 - There is a denial-of-service security vulnerability in ArcGIS Notebook Server.

 

Installing this patch on Windows

 

Installation Steps:

 

This patch should be installed on all ArcGIS Notebook Server installations related to the ArcGIS Notebook Server site.

The ArcGIS product listed in the table must be installed on your system before you can install a patch. Each patch setup is specific to the ArcGIS product in the list. To determine which products are installed on your system, please see the How to identify which ArcGIS products are installed section. Esri recommends that you install the patch for each product that is on your system.

  1. Download the appropriate file to a location other than your ArcGIS installation location.

    ArcGIS Enterprise 10.7.1  
       
        ArcGIS Notebook Server ArcGIS-1071-NBS-Log4j-Patch.msp
         Checksum
         (SHA256)    		 5E846200922DF94B9F0408258310E6DFE560B038B7BB74D60621EA31067E30BB
       

  2. Make sure you have write access to your ArcGIS installation location.
  3. Double-click ArcGIS-1071-NBS-Log4j-Patch.msp to start the setup process.

    NOTE: If double clicking on the MSP file does not start the setup installation, you can start the setup installation manually by using the following command:

    msiexec.exe /p [location of Patch]\ArcGIS-1071-Log4j-Patch.msp

 

Post installation steps for installing the Advanced Notebook Runtime Image on Windows.

Complete the following steps to download and install the advanced runtime image included with this patch.

  1. Download the advanced runtime image file to a location other than your ArcGIS installation location.

    ArcGIS Enterprise 10.7.1  
       
        ArcGIS Notebook Server Advanced arcgis-notebook-python-advanced-10.7.1.11595.1.tar.gz
         Checksum
         (SHA256)    		 C061CE6EC92D7FA50965C71D4B7BB2CF70823D64338EA45DA38856D2286BE470
       

  2. Open the command prompt window as an administrator.
  3. Change directories to the ArcGIS Notebook Server tools folder. By default,this path is C:\Program Files\ArcGIS\NotebookServer\tools\postInstallUtility.
  4. Optionally, refer to the utility's help by running the following command:

    > PostInstallUtility.bat -h
  5. Install the Docker image arcgis-notebook-python-advanced-10.7.1.11595.1.tar.gz by specifying its file path. The image should be zipped in the .tar.gz format. Run the following command:

    > PostInstallUtility.bat -l arcgis-notebook-python-advanced-10.7.1.11595.1.tar.gz
  6. Run the following command to update the imageId in the advanced runtime:

    > PostInstallUtility.bat -r 10.7.1 true false

     

    Installing this patch on Linux

    Installation Steps:

    Complete the following install steps as the ArcGIS Install owner. The Install owner is the owner of the arcgis folder. This patch should be installed on all ArcGIS Notebook Server installations related to the ArcGIS Notebook Server site.

    The ArcGIS product listed in the table must be installed on your system before you can install a patch. Each patch setup is specific to the ArcGIS product in the list. To determine which products are installed on your system, please see the How to identify which ArcGIS products are installed section. Esri recommends that you install the patch for each product that is on your system.

    1. Download the appropriate file to a location other than your ArcGIS installation location.


      ArcGIS Enterprise 10.7.1  
         
          ArcGIS Notebook Server ArcGIS-1071-NBS-Log4j-Patch-linux.tar
           Checksum
           (SHA256)      		 ABF431C2A49E766A9A9C1C892FDC45BE51ED2EB914F2753D1FE442D132A99DCC
         

    2. Make sure you have write access to your ArcGIS installation location, and that no one is using ArcGIS.
    3. Extract the specified tar file by typing:

      % tar -xvf ArcGIS-1071-NBS-Log4j-Patch-linux.tar
    4. Start the installation by typing:

      % ./applypatch

      This will start the dialog for the menu-driven installation procedure. Default selections are noted in parentheses ( ). To quit the installation procedure, type 'q' at any time.

    Post installation steps for installing the Advanced Notebook Runtime Image on linux.

    Complete the following steps to download and install the advanced runtime image included with this patch.

    1. Download the advanced runtime image file to a location other than your ArcGIS installation location.

      ArcGIS Enterprise 10.7.1  
         
          ArcGIS Notebook Server Advanced arcgis-notebook-python-advanced-10.7.1.11595.1.tar.gz
           Checksum
           (SHA256)      		 C061CE6EC92D7FA50965C71D4B7BB2CF70823D64338EA45DA38856D2286BE470
         

    2. Open a terminal using the ArcGIS Notebook Server installation account.
    3. Change directories to the ArcGIS Notebook Server tools folder. By default, this path is ${HOME}/arcgis/notebookserver/tools/postInstallUtility.
    4. Optionally, refer to the utility's help by running the following command:

      > ./PostInstallUtility.sh -h
    5. Install the Docker image arcgis-notebook-python-advanced-10.7.1.11595.1.tar.gz by specifying its file path. The image should be zipped in the .tar.gz format. Run the following command:

      > ./PostInstallUtility.sh -l arcgis-notebook-python-advanced-10.7.1.11595.1.tar.g
    6. Run the following command to update the imageId in the advanced runtime:

      > PostInstallUtility.sh -r 10.7.1 true false

    Uninstalling this patch on Windows

    ArcGIS Notebook Server Security Patch for Windows cannot be uninstalled, the usual Uninstall in the Windows Control Panel is disabled.

    Uninstalling this patch on Linux

    ArcGIS Notebook Server Security Patch for Linux should not be uninstalled. The uninstall is not disabled, but it is recommended that you completely uninstall the product and then re-install if it becomes necessary.

    Patch Updates

    Check the Patches and Service Packs page periodically for the availability of additional patches. New information about this patch will be posted here.

    How to identify which ArcGIS products are installed

    To determine which ArcGIS products are installed, choose the appropriate version of the PatchFinder utility for your environment and run it from your local machine. PatchFinder will list all products, hot fixes, and patches installed on your local machine.

    Getting Help

    Domestic sites, please contact Esri Technical Support at 1-888-377-4575, if you have any difficulty installing this patch. International sites, please contact your local Esri software distributor.


    Download ID:8010

    Get help from ArcGIS experts

    Contact technical support

    Download the Esri Support App

    Go to download options