NimbostratusDears, Im doing a security assessment for the F5 device, and I found 2 vulnerabilities on my image which is 10.2.4 hf2 as per f5 documents : one of them can be solved by hf3 and the second can be solved by hf4
so if i installed hf3 then installed hf4 over it, will this fix the two vulnerabilities ?
NimbostratusHello Hamza,
Typically the latest HF will cover roll-up fixes for the previous HF but Its always good to go through the read-me files to ensure that is the case. If your considered a HF upgrade you might want to go with HF5 which covers the bash shell vulnerabilities patches.
Special engineering hot fixes are not covered in typical new HF releases.
EmployeeHi Hamza,
Hotfixes are cumulative or "rollup" hotfixes. This means that everything included in HF3 will also be included in HF4.
https://support.f5.com/kb/en-us/solutions/public/8000/900/sol8986.html
If you are willing I would recommend going to HF-9 as it will have even more fixes included that HF-4.
Regards,
Seth Cooper
Hi Hamza,
the latest hotfix for your v10 is the Hotfix-BIGIP-10.2.4-855.0-HF9.
And I would recommend to upgrade to HF9 as there will probably notices about other known vulnerabilities in both HF3 and HF4.
If your H/W-platform supports it and is under service, I would consider to upgrade to v11.
A v11 upgrade may require a very careful configuration review due to changed behavior.
Thanks,
Stephan
