cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Security Hot Fix! have you done this?

Genericus
Moderator
Moderator
   VIP   

‎04-27-2016 08:30 AM

Just got notified of this - anyone implemented it yet?

https://www.veritas.com/content/support/en_US/security/VTS16-001.html

Veritas Technologies LLC has released Security Advisory VTS16-001 affecting all versions of NetBackup and NetBackup Appliances prior to 7.7.2/2.7.2 and announced hotfix availability for the following versions:


NetBackup and NetBackup OpsCenter:
  • 7.5.0.7
  • 7.6.0.4
  • 7.6.1.2
  • 7.7
  • 7.7.2 (for backwards compatibility)
Note: OpsCenter hotfixes are required for compatibility with monitored NetBackup servers which have the hotfix applied.  OpsCenter itself is not affected by these issues.

NetBackup Appliances:
  • 2.5.4
  • 2.6.0.4
  • 2.6.1.2
  • 2.7.2 (for backwards compatibility)
NetBackup 9.1.0.1 on Solaris 11, writing to Data Domain 9800 7.7.4.0
duplicating via SLP to LTO5 & LTO8 in SL8500 via ACSLS
Labels:
0 Kudos
35 REPLIES 35

D_Flood
Level 6

‎04-27-2016 08:55 AM

I'm still trying to download it.  Looks like it bumps the minor version number of some of the clients...or at least the 7.5 series.

Also this seems to mark a change in how patches were available.  Under Symantec they were out in the open.  Now they're only available via the licenseing portal.

 

0 Kudos

RiaanBadenhorst
Moderator
Moderator
Partner    VIP    Accredited Certified

‎04-27-2016 09:22 AM

What are your thoughts on it. Yes, its a vulnerability but is it worth patching your entire environment including clients? Do see a risk internally?

0 Kudos

Will_Restore
Level 6

‎04-27-2016 09:39 AM

Odd - the CVEs are still not posted to Mitre site. 

0 Kudos

D_Flood
Level 6

‎04-27-2016 10:51 AM

Well..under 7.6.1.2 the patches break the Java Console (which I've been trying to use but still hate).  Good thing the real Admin Console is still available in this version.

 

Java Console 7.6.1.2+patch connecting to 7.6.1.2 Master+patch = "failed to connect to NetBackup Service Layer"...and I've applied both the 7.7.2 KB articles without fix

Same Java Console connecting to different 7.6.1.2 Master without patch = "not trusted connection" that then works

So something at the Master level is broke..

 

0 Kudos

netbackup_sme
Level 3

‎04-27-2016 11:55 AM

Mitre was notified of the publication of the security advisory shortly after it was published Tuesday.  Under the best of circumstances it takes several days once an advisory has been published for the CVE database to be populated.  Unfortunately, slow turnaround of vulnerabilities at Mitre is a well-known problem.

 

0 Kudos

Deb_Wilmot
Level 6
Employee Accredited Certified

‎04-27-2016 02:37 PM

Have you tried the steps in technotes attached to the FAQs document that report a similar error?

FAQ's link:

http://www.veritas.com/docs/000108248

 

Then the particular article:

https://www.veritas.com/support/en_US/article.000108224

 

 

 

 

 

0 Kudos

D_Flood
Level 6

‎04-27-2016 02:50 PM

That second article didn't exist this morning when I was looking for the error.  I guess that's the problem with being an "early adopter" of hotfixes....

Yup, that was the problem...now why the EEB couldn't have run those same commands is anyone's guess.

 

0 Kudos

Deb_Wilmot
Level 6
Employee Accredited Certified

‎04-27-2016 03:03 PM

I checked yesterday and I did see that document published.  I think part of the issue with finding the technotes is that they are referenced in the "Related Documents" area in the HotFix technote and not in any of the other hotfix documents.  They are searchable  in the normal 'fashion' of things of course,  but the only 'one stop shopping' is in that technote.

Hopefully this will help others also as there are a number of technotes linked there to address various issues people may encounter.

Deb

 

0 Kudos

Nicolai
Moderator
Moderator
Partner    VIP   

‎04-28-2016 03:05 AM

Just to cut it out in cardboard to every one else, you really want to patch for this vulnerability.

It got a CVSS2 Base Score of 9.7 out of 10 possible.

https://en.wikipedia.org/wiki/CVSS

0 Kudos

Genericus
Moderator
Moderator
   VIP   

‎04-28-2016 05:09 AM

Had to open a case with Veritas due to the Hot Fix not being available for download. As of this morning April 28th, I was able to download the files.

 

NetBackup 9.1.0.1 on Solaris 11, writing to Data Domain 9800 7.7.4.0
duplicating via SLP to LTO5 & LTO8 in SL8500 via ACSLS
0 Kudos

mph999
Level 6
Employee Accredited

‎04-28-2016 10:47 AM

Thanks Debs for assisting.

0 Kudos

Genericus
Moderator
Moderator
   VIP   

‎05-05-2016 10:42 AM

I am having some issues with WIn 8 PC running Java Admin Console - the aptch fails to find the version file.

 

NetBackup 9.1.0.1 on Solaris 11, writing to Data Domain 9800 7.7.4.0
duplicating via SLP to LTO5 & LTO8 in SL8500 via ACSLS
0 Kudos

RLeon
Moderator
Moderator
   VIP   

‎05-05-2016 08:32 PM

Not sure if I should start a new thread, hope this is a simple question.

On the FAQ page for this hotfix, it says:
 

12. If I upgrade to 7.7.2, do I need to install the hotfix on all 7.7.2 systems?

A. No. You only need to apply the 7.7.2 hotfix to 7.7.2 systems that are utilized to connect to back-level systems via the Java interface.

It sounds as if you only need to patch a host on which the Java Console is used to connect to a hotfix-patched-older-version of Netbackup (such as a hotfix-patched 7.6.1.2 media server or client).
Since you can't really launch the Java Console from the Appliance (you can connect to the Appliance with it), what is the 7.7.2 Hotfix for the Appliance file used for?



772_hotfix_files.JPG

0 Kudos

netbackup_sme
Level 3

‎05-06-2016 04:53 AM

> what is the 7.7.2 Hotfix for the Appliance file used for?

Yes, that won't be of any use besides keeping it "identical" to a 7.7.2 patched NB non-appliance master.

 

 

0 Kudos

Deb_W
Level 2

‎05-08-2016 12:21 PM

Actually you CAN run the java console on the appliance by displaying it back to a windows type PC using XMing or something similar.   It isn't very easy to configure (I found a lot of items I had to manually configure) and I can't imagine why anyone would want to do that when it's so easy just to set up the console on a PC, but it is possible.

 

0 Kudos

RLeon
Moderator
Moderator
   VIP   

‎05-08-2016 09:12 PM

That may be the only possible explanation for that 7.7.2 Appliance hotfix.
I used to do the same using Xmanager for Linux Clients running minimum setups (no GUI) just to play with the NetBackup BMR GUI.

I prefer to just say to people "For as long as all your Master servers, Media servers, Clients and Nbu Java Consoles are all on NetBackup 7.7.2, you don't need the hotfix."

 

0 Kudos

Marianne
Level 6
Partner    VIP    Accredited Certified

‎05-09-2016 01:55 AM

Welcome back! After 2 years of silence I thought we have lost you!

Handy NetBackup Links
0 Kudos

Genericus
Moderator
Moderator
   VIP   

‎05-09-2016 06:01 AM

found that on PC installs, you may need to use the -create option, to create needed files.

NetBackup 9.1.0.1 on Solaris 11, writing to Data Domain 9800 7.7.4.0
duplicating via SLP to LTO5 & LTO8 in SL8500 via ACSLS
0 Kudos

Deb_W
Level 2

‎05-09-2016 09:11 AM

RLeon and netbackup.sme:  The Hotfix FAQS document has been updated to help clarify the appliance fix.

 

It now states:

12. If I upgrade to 7.7.2, do I need to install the hotfix on all 7.7.2 systems?

A.   No. You only need to apply the 7.7.2 hotfix to 7.7.2 systems that are utilized to connect to back-level systems via the Java interface.  For 2.7.2 Appliances, the eebinstaller will update the Java console binaries and is only needed if the console is being remotely displayed.

 

Hopefully that helps to clarify.

 

0 Kudos