Security

I have multiple patches that need to be installed on ClearPass appliances. Can I combine the installation of the following patches to minimize outages, or are some of these prerequisites for other patches? They are currently at 6.3.0.60730 (base with point patch applied).

6.3.0 Vulnerability issues (Feb 2014)

6.3.1 monthly patch

6.3.1 OpenSSL patch

If these should be installed one at a time with reboots in between, when installing these in a cluster, is it recommended to fully patch the Publisher with all patches before updating Subscribers? Or, should each patch be installed on the Publisher, and then Subscribers, before moving on to the next one?

Did you hear anything about this? I am curious about the update procedure too.

I did not. We've been playing it safe and applying each patch separately, to minimize chances of the cluster getting out of sync. 

so lets take a use-case and your on 6.3.2 and then we issue a patch for a SSL vulnerability, let call it 'danny-sql-something'....... and then before you install this patch we release 6.3.3..... we will include the 'danny' patch in 6.3.3.

Does that help you out?

I thought the question was more of this:

I have two patches: Cummulative Update 6 and Vulnerability update for CVE-2014-7169. Both require reboots. Can I apply both patches, then reboot once. Or should I apply each patch and reboot inbetween?