Security package updates for high severity vulnerabilities in NetBackup appliances 2.7.3 and 3.0

Security package updates for high severity vulnerabilities in NetBackup appliances 2.7.3 and 3.0

Article: 100034323
Last Published: 2018-04-17
Ratings: 0 0
Product(s): Appliances

Problem

Security scanners will report these issues as high severity vulnerabilities for the related packages used in the NetBackup Appliance. See the following:
  • Critical (10.0)  RHEL 6 : mysql (RHSA-2017:0184)
           Including CVE-2016-6662, CVE-2016-6663, CVE-2016-5616
  • High (9.3)  RHEL 5 / 6 / 7 : nss and nss-util (RHSA-2016:2779)
           Including CVE-2016-2834, CVE-2016-5285, CVE-2016-8635
  • High (7.5) RHEL 6 / 7 : nss and nss-util (RHSA-2017:1100)
           Including CVE-2017-5461
  • Medium (5.0) RHEL 6 : nss (RHSA-2017:1364)
          Including CVE-2017-7502
  • High (7.8) RHEL 6 : rpcbind (RHSA-2017:1267)
          Including CVE-2017-8779
  • High (7.8) RHEL 6 : libtirpc (RHSA-2017:1268)
          Including CVE-2017-8779
  • High (7.8)  RHEL 6 / 7 : jasper (RHSA-2017:1208)
          Including CVE-2016-8654, CVE-2016-9560, CVE-2016-10249, CVE-2015-5203, CVE-2015-5221, CVE-2016-1577,     CVE-2016-8690, CVE-2016-8693, CVE-2016-8884, CVE-2016-8885, CVE-2016-9262, CVE-2016-9591, CVE-2016-1867, CVE-2016-2089, CVE-2016-2116, CVE-2016-8691, CVE-2016-8692, CVE-2016-8883, CVE-2016-9387, CVE-2016-9388, CVE-2016-9389, CVE-2016-9390, CVE-2016-9391, CVE-2016-9392, CVE-2016-9393, CVE-2016-9394, CVE-2016-9583, CVE-2016-9600, CVE-2016-10248, CVE-2016-10251
  • High (7.8)  RHEL 6 / 7 : vim (RHSA-2016:2972)
          Including CVE-2016-1248
  • High (7.5)  RHEL 6 : bind (RHSA-2017:1105)
          Including CVE-2017-3136, CVE-2017-3137
  • High (7.8) RHEL 6 : bind (RHSA-2017:1202)
         Including CVE-2017-3139
  • High (7.5) RHEL 6 : bind (RHSA-2017:1679)
          Including CVE-2017-3142, CVE-2017-3143
  • High (7.5) RHEL 5 / 6 : bind (RHSA-2017:0063)
          Including CVE-2016-9147
  • High (7.5) RHEL 5 / 6 / 7 : bind (RHSA-2016:1944)
          Including CVE-2016-2776
  • High (7.5) RHEL 5 / 6 : bind (RHSA-2016:2093)
         Including CVE-2016-2848
  • High (7.5) RHEL 5 / 6 : bind (RHSA-2016:2141)
          Including CVE-2016-8864
  • High (7.5) RHEL 6 / 7 : expat (RHSA-2016:2824)
          Including CVE-2016-0718
  • High (7.5) RHEL 6 / 7 : libtiff (RHSA-2017:0225)
           Including CVE-2016-9533, CVE-2016-9534, CVE-2016-9535, CVE-2015-8870, CVE-2016-5652, CVE-2016-9540,      CVE-2016-9537, CVE-2016-9536
  • High (7.5) RHEL 6 : gnutls (RHSA-2017:0574)
          Including CVE-2016-8610, CVE-2017-5335, CVE-2017-5336, CVE-2017-5337
  • High (7.5) RHEL 6 : glibc (RHSA-2017:0680)
         Including CVE-2014-9761, CVE-2015-8776, CVE-2015-8778, CVE-2015-8779
  • High (7.4) RHEL 6 : glibc CVE-2017-1000366
  • High (7.2)  RHEL 6 / 7 : sudo (RHSA-2017:1574)
           Including CVE-2017-1000368
  • Medium (6.9) RHEL 6 / 7 : sudo (RHSA-2016:2872)
          Including CVE-2016-7032, CVE-2016-7076
  • Medium (6.9) RHEL 6 / 7 : sudo (RHSA-2017:1382)
          Including CVE-2017-1000367
  • High (7.2) RHEL 6 / 7 : policycoreutils (RHSA-2016:2702)
         Including CVE-2016-7545
  • High (7.2) RHEL 6 : openssh (RHSA-2017:0641)
          Including CVE-2015-8325, CVE-2016-6210
  • High (7.1) RHEL 6 / 7 : ntp (RHSA-2017:0252)
 Including CVE-2016-7426, CVE-2016-7429, CVE-2016-7433, CVE-2016-9310, CVE-2016-9311

Error Message

N/A

Cause

NetBackup Appliance software version 2.7.3 and 3.0 use the software packages that are affected by these severity vulnerabilities.

Solution

Emergency Engineering Binaries (EEBs) are available to fix these vulnerabilities on NetBackup appliances with software version 2.7.3 and 3.0.

NetBackup Appliance release 3.1 includes fixes for all of these vulnerabilities.

Click Attachments to find the EEB for your software version, and then install it on your appliance.

Carefully read the following before you install the EEB:

  • To avoid an EEB installation failure, you must stop or cancel all running NetBackup jobs and services before you start the installation.

  • A reboot is required after the EEB installation. Veritas recommends that you reboot the appliance immediately after the EEB installation.

  • Rolling back this EEB does not revert the package updates. The updated packages remain on the appliance unless you roll back the appliance to a checkpoint before the EEB installation, or perform a factory reset.

  • If you upgrade the appliance from 2.7.3 to 3.0 after installing this EEB, you do not need to install the EEB for 3.0.


For information on how to install an EEB, refer to the article 000076512.
You need to roll back the EEB Version 1 and install the EEB version 2 if you have the following:
  • Any error is reported during the EEB Version 1 installation process.
  • Any NFS crash happens after you install the EEB Version 1.
If you have any other problems about the EEB, contact Veritas Technical Support.

Veritas Technologies LLC is aware that the above-mentioned issue is present in the current version(s) of the product(s) mentioned in this article. Veritas is committed to product quality and satisfied customers.
  • The fix will be available in the upcoming release of the NetBackup Appliance.

References

JIRA : ET3925628 JIRA : ET3925629

Was this content helpful?