Jamf Pro 10.34.1 Release Now Available

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-10-2021 07:00 PM - edited 12-12-2021 11:51 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-11-2021 05:38 AM
What's the status of the Jamf Pro Server Tools in this release? Do we need to reinstall a non-broken version?
"You do not rise to the level of your goals; you fall to the level of your systems." James Clear
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-11-2021 07:53 AM
@bethjohnson No, 10.34.1 contains Jamf Pro Server Tools 2.7.11, so you do not need to reinstall anything.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-11-2021 08:30 AM
Just an idea.. Maybe throw the link to download the release here as well.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-11-2021 11:21 AM - edited 12-11-2021 11:22 AM
https://account.jamf.com/products/jamf-pro
PS, read the update FYI regarding Server Tools version 2.7.11.
https://donmontalvo.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-11-2021 11:15 AM
Thanks for the fast zero-day mitigation. Plus, its raining here, so. 🙂
https://donmontalvo.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-11-2021 11:36 AM
Jamf...please preserve our session timeout in session.properties file...it gets reverted to default on every update. 🙂
https://donmontalvo.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-11-2021 07:39 PM
Note that contrary to the comment in the release notes: "This vulnerability poses a risk to private data. It does not have the potential to impact managed devices or the integrity and availability of your web server." - this does appear to allow RCE as the "jamftomcat" user.
Between looking for this update/remediation and deploying it, we discovered a Monero-miner bot dropped in /tmp, running as the jamftomcat user.
Given that the jamftomcat user has access to the DB, and is the owner of most of the executable files in a JSS deployment, I'd say that this absolutely DOES have "the potential to impact managed devices or the integrity and availability of your web server".
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-12-2021 11:05 AM - edited 12-12-2021 11:09 AM
Thanks you @iviemeister, we will update our release notes.
If you experience any issues with your Jamf Pro server please report it to technical support as soon as possible. Cloud instances sit behind a web application firewall that actively is filtering out malicious traffic. Anomaly detection tools are implemented and tested to verify that it catches and alerts on any concern that are raised. As always if you see an issue with an on premise Jamf Pro installation or Jamf Cloud please immediately reach out to support@jamf.com
Aaron Kiemele
Chief Information Security Officer, Jamf
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-12-2021 11:18 AM
Hi @Aaron_Kiemele - the full details of what we found are in Case #: JAMF-3302240, opened last night.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-12-2021 02:46 PM - edited 12-12-2021 02:47 PM
Hey is WAF implementation safe or are there ways to bypass, or Should we also update our Cloud Instance to 10.34.1 if possible?
https://twitter.com/bountyoverflow/status/1470001858873802754?s=21
Best Regards
colorenz
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-12-2021 03:04 PM
While I cannot speak to individual cases, WAF is not sufficient alone, it should be used in conjunction with other layered security controls, proper configuration of the log4j2.formatMsgNoLookups parameter and/or a fully patched version such as 10.34.1. I would encourage you to reach out to support to discuss your individual case or refer to details described in primary thread for the issue.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-12-2021 03:23 PM
Thanks for you response.
We are in the Jamf Premium Cloud.
The question was: Is jamf detecting every attack ? Or is it possible to bypass your security Systems?
And should we schedule a update with the support to update to 10.34.1 as soon as possible?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-13-2021 07:46 AM
log4shell
^^^Just adding so it comes up in a search.
https://donmontalvo.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-17-2021 01:27 AM
I updated our Jamf Pro on premise server yesterday to 10.34.1. Was surprised, that still log4j version 2.15 will be installed, which is not 100% safe. Version 2.16 should be installed. (I manually installed it from the apache page after the Jamf update.)
Hopefully Jamf will include log4j 2.16 in their 10.34.1 package as soon as possible!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-17-2021 06:46 AM - edited 12-17-2021 06:48 AM
Jamf confirmed the product isn’t affected by CVE-2021-45046, so 2.16 isn’t needed.
https://donmontalvo.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-17-2021 06:51 AM
Thanks for the quick release but seeing some GUI navigation issues with the on-prem version of 10.34.1. Specifically some back buttons in the GUI are not working and/or returning to other screens. Most notably viewing devices attached to a smart/group or an inventory report, the back button is not working in the GUI.
