NetBackup Appliance 3.1.2 HotFix - Resolving JRE security vulnerabilities (article 100045949)

Translation Notice

Please note that this content includes text that has been machine-translated from English. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.

NetBackup Appliance 3.1.2 HotFix - Resolving JRE security vulnerabilities (article 100045949)

HotFix

Update ID: UPD419630

Version: 3.1.2

Platform: Appliance

Release date: 2019-07-15

Abstract

Resolves JRE security vulnerabilities in NetBackup Appliance release 3.1.2 - JRE Update EEB (article 100045949)

Description

With NetBackup Appliance software release 3.1.2, users may notice the following Java security issues reported in Oracle Java SE Critical Patch Update (April 2019 CPU) (Unix):

• CVE-2019-2699

• CVE-2019-2697

• CVE-2019-2698

• CVE-2019-2602

• CVE-2019-2684

Error Message

Security scanners report the range of the described vulnerabilities as low to high severity.

Cause

NetBackup appliance software version 3.1.2 contains older versions of JRE packages which are now vulnerable to the described security issues.

Update files

	File name	Description	Version	Platform	Size

Choose an account to download the files you selected.

Applies to the following product releases

NetBackup Appliance OS 3.1.2

Release date: 2018-09-21

End of standard support: 2022-06-28

Sustaining support starts: 2024-06-28

End of support life: 2025-06-28

NetBackup Virtual Appliance 3.1.2

Release date: 2018-09-21

End of standard support: 2022-06-28

Sustaining support starts: 2024-06-28

End of support life: 2025-03-31

NetBackup Appliance 3.1.2 HotFix - Resolving JRE security vulnerabilities (article 100045949)

HotFix

Update ID: UPD419630

Version: 3.1.2

Platform: Appliance

Release date: 2019-07-15

Abstract

Resolves JRE security vulnerabilities in NetBackup Appliance release 3.1.2 - JRE Update EEB (article 100045949)

Description

With NetBackup Appliance software release 3.1.2, users may notice the following Java security issues reported in Oracle Java SE Critical Patch Update (April 2019 CPU) (Unix):

• CVE-2019-2699

• CVE-2019-2697

• CVE-2019-2698

• CVE-2019-2602

• CVE-2019-2684

Error Message

Security scanners report the range of the described vulnerabilities as low to high severity.

Cause

NetBackup appliance software version 3.1.2 contains older versions of JRE packages which are now vulnerable to the described security issues.

Read me

An Emergency Engineering Binary (EEB) is available to fix the above mentioned vulnerabilities for the following appliance release: 3.1.2.

This EEB makes the following changes:

• Upgrades JRE from version 1.8.0_181-1 to 1.8.0_212-1.

Apply this EEB only on appliances with software version 3.1.2 to resolve the described security vulnerabilities.To ensure that all services get updated with the new JRE version, it is strongly recommended that you reboot this appliance after the EEB installation has completed.

If you experience any problems, contact Veritas Support and provide the following information:

• Screenshots for EEB installation procedure

Note: If you roll back this EEB, the updated JRE version remains on the appliance.

Veritas Technologies LLC is aware that the above-mentioned issue is present in the current version(s) of the product(s) mentioned in this article. These vulnerabilities will be fixed in a future NetBackup Appliance software release.

Update files

NBAPP_EEB_ET3980083-3.1.2.0-1.x86_64.rpm

HotFix installer for NetBackup Appliance 3.1.2

Size: 57003

Version: 3.1.2

Platform: Appliance

Applies to the following product releases

Veritas 5340 3.1.2

Release date: 2018-09-21

End of standard support: 2022-06-28

Sustaining support starts: 2024-06-28

End of support life: 2025-06-28

NetBackup Virtual Appliance 3.1.2

Release date: 2018-09-21

End of standard support: 2022-06-28

Sustaining support starts: 2024-06-28

End of support life: 2025-03-31

Critical

download-documentUnavailable

download-attachments

Related articles

References

Was this content helpful?

Translated Content

NetBackup Appliance 3.1.2 HotFix - Resolving JRE security vulnerabilities (article 100045949)

Read me

Access policy

Oracle service roles

VEMS accounts

Translation Notice

NetBackup Appliance 3.1.2 HotFix - Resolving JRE security vulnerabilities (article 100045949)

Abstract

Description

Update files

Applies to the following product releases

Translation Notice

Critical

download-documentUnavailable

download-attachments

Related articles

References

Was this content helpful?

Translated Content

NetBackup Appliance 3.1.2 HotFix - Resolving JRE security vulnerabilities (article 100045949)

Abstract

Description

Read me

Update files

Applies to the following product releases

Abstract

Description

Access policy