Problem

Security scanners that are run on NetBackup appliances with software version 3.1.1 are reporting the following vulnerabilities for the described packages:

• HIGH - 7.9 109839 RHEL 7 : dhcp (RHSA-2018:1453)
• Includes CVE-2018-1111.
• HIGH - 7.9 109841 RHEL 7 : dhcp (RHSA-2018:1455)
• Includes CVE-2018-1111.
• HIGH - N/A 108274 RHEL 7 : dhcp (RHSA-2018:0483)
• Includes CVE-2018-5732 and CVE-2018-5733.
• HIGH - 7.8 108985 RHEL 7 : glibc (RHSA-2018:0805)
• Includes CVE-2014-9402, CVE-2015-5180, CVE-2017-12132, CVE-2017-15670, CVE-2017-15804, and CVE-2018-1000001.
• HIGH - 7.5 108643 RHEL 7 : python-paramiko (RHSA-2018:0591)
• Includes CVE-2018-7750.
• HIGH - 7.5 108982 RHEL 7 : python-paramiko (RHSA-2018:0646)
• Includes CVE-2018-7750.
• HIGH - 7.5 109387 RHEL 7 : python-paramiko (RHSA-2018:1213)
• Includes CVE-2018-7750.
• HIGH - 7.5 110082 RHEL 7 : procps-ng (RHSA-2018:1700)
• Includes CVE-2018-1124 and CVE-2018-1126.
• HIGH - N/A 111034 RHEL 7 : gnupg2 (RHSA-2018:2181)
• Includes CVE-2018-12020.
• MEDIUM - 5.0 108992 RHEL 7 : openssh (RHSA-2018:0980)
• Includes CVE-2017-15906.
• MEDIUM - 5.0 110919 RHEL 7 : python (RHSA-2018:2123)
• Includes CVE-2016-2183.
• MEDIU - 4.6 108989 RHEL 7 : ntp (RHSA-2018:0855)
• Includes CVE-2017-6462, CVE-2017-6463, and CVE-2017-6464.
• MEDIUM - 4.3 108993 RHEL 7 : openssl (RHSA-2018:0998)
• Includes CVE-2017-3736, CVE-2017-3737, and CVE-2017-3738.
• MEDIUM - 4.0 108983 RHEL 7 : krb5 (RHSA-2018:0666)
• Includes CVE-2017-7562 and CVE-2017-11368.
• LOW - 3.3 108991 RHEL 7 : policycoreutils (RHSA-2018:0913)
• Includes CVE-2018-1063.
• LOW - 2.1 108988 RHEL 7 : gcc (RHSA-2018:0849)
• Includes CVE-2017-11671.

Error Message

There are no appliance error messages associated with the described vulnerabilities.

Cause

NetBackup Appliance software version 3.1.1 uses the software packages that are affected by these security vulnerabilities.

Solution

Emergency Engineering Binaries (EEBs) are available to fix these vulnerabilities on NetBackup appliances with software version 3.1.1.

In the Download Attachments section on this page, click on the attached EEB file to download NBAPP_EEB_ET3954967-3.1.1.0-1.x86_64.rpm for NetBackup Appliance release 3.1.1, and then install it on your appliance.

Carefully read the following before you install the EEB:

• To avoid an EEB installation failure, you must stop or cancel all running NetBackup jobs and services before you start the installation.
• A manual reboot is required after the EEB installation.
• Rolling back this EEB does not revert the package updates. The updated packages remain on the appliance unless you roll back the appliance to a checkpoint before the EEB installation, or perform a factory reset.
• If you upgrade the appliance to a version later than 3.1.1 after installing this EEB, you do not need to re-install the EEB.
• Customers may experience EEB installation problems if any running services are accessing or holding files that require updating during the installation. This is especially true for SDCS. To resolve this type of problem, override the appliance Intrusion Prevention System (IPS) policy for some time.

Note: The vulnerabilities described in this document will be addressed and resolved in the next NetBackup Appliance software release.

For information on how to install an EEB, click the link:

https://www.veritas.com/support/en_US/article.100023444

If you have any problems with the EEB installation, contact Veritas Technical Support.

Veritas Technologies LLC is aware that the above-mentioned issue is present in the current version(s) of the product(s) mentioned in this article. Veritas is committed to product quality and satisfied customers.