English

ArcGIS Data Store 10.6.1 Security Update 1 Patch

Summary

This patch resolves a security vulnerability, within the intranet, that allows remote code execution using elevated privileges on the operating system on which the tile cache data store is installed and configured.

Description

Esri® announces the ArcGIS Data Store 10.6.1 Security Update 1 Patch. This patch addresses a security vulnerability within the intranet that allows remote code execution using elevated privileges on the operating system on which the tile cache data store is installed and configured. Esri strongly encourages all customers with ArcGIS Enterprise to install this patch at the earliest possible opportunity. It deals specifically with the issues listed below under Issues Addressed with this patch.

The ArcGIS Data Store 10.6.1 Security Update 1 Patch cannot be uninstalled from the tile cache data store using the patch remove utility. As such, see the uninstall instructions to reset the ArcGIS Data Store to the pre-patch state if needed.


Issues Addressed with this patch


  • BUG-000117892 - ArcGIS Data Store has a remote code execution vulnerability in the tile cache data store.

Installing this patch on Windows


Installation Steps:


ArcGIS Data Store 10.6.1 must be installed before installing this patch. All command utilities must be run on the ArcGIS Data Store machine.

  1. Use the backupdatastore command utility to make a backup of the tile cache data store.

  2. Download the appropriate file to a location other than your ArcGIS installation location.

    ArcGIS Data Store 10.6.1   Checksum (Md5)
         
    ArcGIS Data Store ArcGIS-1061-DS-SECU1-Patch.msp AC20A4B73D841A55526E21E4F86F0738
         

  3. Make sure you have write access to your ArcGIS installation location.

  4. For highly available ArcGIS Data Store installations that contain primary and standby tile cache data store machines follow these instructions:
    1. Stop the ArcGIS Data Store service on the standby data store machine.

    2. Stop the ArcGIS Data Store service on the primary data store machine.

    3. On the primary data store machine, double-click ArcGIS-1061-DS-SU1-Patch.msp to start and click Update to finish the setup process.

    4. Once the setup process finishes on the primary data store, double-click ArcGIS-1061-DS-SU1-Patch.msp to start and click Update to finish the setup process on the standby machine.

  5. For single-machine ArcGIS Data Store installations, double-click ArcGIS-1061-DS-SU1-Patch.msp to start and click Update to finish the setup process.

    NOTE: If double clicking on the MSP file does not start the setup installation, you can start the setup installation using the following command:

    msiexec.exe /p [location of Patch]\ ArcGIS-1061-DS-SECU1-Patch.msp


Installing this patch on Linux


Installation Steps:


ArcGIS Data Store 10.6.1 must be installed before installing this patch. All command utilities must be run on the ArcGIS Data Store machine.

Complete the following installation steps as the owner of the arcgis folder (also referred to as the ArcGIS installation owner).

  1. Use the backupdatastore command utility to make a backup of the tile cache data store.

  2. Download the appropriate file to a location other than your ArcGIS installation location.


    ArcGIS Data Store 10.6.1   Checksum (Md5)
         
    ArcGIS Data Store ArcGIS-1061-DS-SECU1-Patch-linux.tar 15B82AD855E9B45C566F2F8C1E9298D7
         

  3. Make sure you have write access to your ArcGIS installation location, and that no one is using ArcGIS.

  4. For highly available ArcGIS Data Store installations that contain primary and standby tile cache data store machines follow these instructions:

    1. Stop the ArcGIS Data Store service on the standby data store machine.

    2. Stop the ArcGIS Data Store service on the primary data store machine.

    3. On the primary data store machine, extract the specified tar file by typing:

      % tar -xvf ArcGIS-1061-DS-SECU1-Patch-linux.tar

    4. Start the installation by typing:

      % ./applypatch

      This will start the dialog for the menu-driven installation procedure. Default selections are noted in parentheses ( ). To quit the installation procedure, type 'q' at any time.

    5. Once the setup process finishes on the primary data store, repeat the process to install and run ./applypatch on the standby machine.

  5. For single-machine tile cache ArcGIS Data Stores, start the installation by typing:


    % ./applypatch

    This will start the dialog for the menu-driven installation procedure. Default selections are noted in parentheses ( ). To quit the installation procedure, type 'q' at any time.

Uninstalling this patch on Windows


The ArcGIS Data Store 10.6.1 Security Update 1 Patch cannot be uninstalled from the tile cache data store using the patch remove utility. If you want to reset the tile cache data store to its state before the installation of this patch, follow the instructions for one of the following options:

Option 1: Restore the tile cache to a new machine. Choose this option if you have both the relational and tile cache data store on the same machine, and want to reset the tile cache data store to its state before the installation of the patch without affecting the relational data store.

  1. If you have not already done so, take a backup of both the relational and tile cache data stores.

    backupdatastore

  2. If the data store is configured to be highly available, use the removemachine utility to remove the standby tile cache data store.

    Next, use the unregisterdatastore utility to unregister the tile cache data store from the hosting server.

  3. Use the restoredatastore utility to restore the tile cache data store from the backup on a new machine.

Option 2: Restore the tile cache data store on the same machine. Choose this option if the tile cache data store is required to be reinstalled on the same machine.

  1. If you have not already done so, take a backup of both the relational and tile cache data stores.

    backupdatastore

  2. If the data stores are configured to be highly available, use the removemachine utility to remove the standby tile cache data store. If the relational data store is installed on the same machine as the tile cache data store, repeat for the relational standby data store.

  3. Uninstall and reinstall ArcGIS Data Store but do not configure it with an ArcGIS Server site.

  4. Stop the ArcGIS Data Store service and rename the arcgisdatastore folder to another name such as 'old_arcgisdatastore'.

  5. Start the ArcGIS Data Store service.

  6. Use the restoredatastore utility to restore the tile cache data store, and relational data store if it is also installed on the same machine, from the backups created in step 1 for this option.

Uninstalling this patch on Linux


The ArcGIS Data Store 10.6.1 Security Update 1 Patch cannot be uninstalled from the tile cache data store using the patch remove utility. If you want to reset the tile cache data store to its state before the installation of this patch, follow the instructions for one of the following options:

Option 1: Restore the tile cache to a new machine. Choose this option if you have both the relational and tile cache data store on the same machine, and want to reset the tile cache data store to its state before the installation of the patch without affecting the relational data store.

  1. If you have not already done so, take a backup of both the relational and tile cache data stores.

    backupdatastore

  2. If the data stores are configured to be highly available, use the removemachine utility to remove the standby tile cache data store.

    Next, use the unregisterdatastore to unregister the tile cache data store from the hosting server.

  3. Use the restoredatastore utility to restore the tile cache data store from the backup on a new machine.

Option 2: Restore the tile cache data store on the same machine. Choose this option if the tile cache data store is required to be reinstalled on the same machine.

  1. If you have not already done so, take a backup of both the relational and tile cache data stores.

    backupdatastore

  2. If the data stores are configured to be highly available, use the removemachine utility to remove the standby tile cache data store. If the relational data store is installed on the same machine as the tile cache data store, repeat for the relational standby data store.

  3. Uninstall and reinstall ArcGIS Data Store but do not configure it with an ArcGIS Server site.

  4. Stop the ArcGIS Data Store service and rename the arcgisdatastore folder to another name such as 'old_arcgisdatastore'.

    ./stopdatastore.sh

  5. Start the ArcGIS Data Store service.

    ./startdatastore.sh

  6. Use the restoredatastore utility to restore the tile cache data store, and relational data store if it is also installed on the same machine, from the backups created in step 1 for this option.

Patch Updates

Check the Patches and Service Packs page periodically for the availability of additional patches. New information about this patch will be posted here.

How to identify which ArcGIS products are installed

To determine which ArcGIS products are installed, choose the appropriate version of the PatchFinder utility for your environment and run it from your local machine. PatchFinder will list all products, hot fixes, and patches installed on your local machine.

Getting Help

Domestic sites, please contact Esri Technical Support at 1-888-377-4575, if you have any difficulty installing this patch. International sites, please contact your local Esri software distributor.