Two CVEs for Open SSL were found to be linked to SSL modules used in certain NetBackup and NetBackup Appliance versions.

  • Modified Date:
  • Article ID:000127916

Description

NetBackup and NetBackup Appliance update for SSL CVEs (2106-)

2016-2105            2016-2106            2016-2107
2016-2108            2016-2109            2016-2176
 
Problem:

Two CVEs for Open SSL were found to be linked to SSL modules used in certain NetBackup and NetBackup Appliance versions.
  1.     SSL CVE-2016-2107 & SSL CVE-2016-2108  is applicable to OpenSSL versions used by NetBackup Versions 7.7.2, 7.7.3 & 8.0
  2.     SSL CVE-2016-2107 & SSL CVE-2016-2108  is applicable to OpenSSL versions used by NetBackup Appliance Version: 2.7.2, 2.7.3 and 3.0.
  3.     (SSL CVEs: 2016-2105, 2016 2106, 2016-2109 and 2016-2176 are NOT applicable to NetBackup or NetBackup Appliances of any version)
OpenSSL is an open source project that provides a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library.
NetBackup uses this library in several components for cryptography and TLS\SSL.
 
Solution:
The updated versions of OpenSSL replace the vulnerable versions completely in NetBackup 8.1 and NetBackup Appliance 3.1 (all platforms).
Note: NetBackup 7x and NetBackup Appliance 2.x will NOT have backported hotfixes created for them to replace the OpenSSL versions cited in the aforementioned CVEs. The impacted NetBackup modules would require a more extensive set of revisions to accommodate the newer OpenSSL versions.

Plan for upgrade of NetBackup to version 8.1 when it is released on:
  •     All Master Servers
  •     All Media Servers
  •     All Clients

Plan for upgrade of NetBackup Appliances to version 3.1 when it is released on:
  •     All Master Servers
  •     All Media Servers
  •     All Clients

For further information on upgrading NetBackup server see article 000036173 in the Relates Articles section.
 
For further information on upgrading NetBackup Server see:
https://www.veritas.com/support/en_US/article.000036173
 
For Further information on upgrading NetBackup Appliances see:
https://www.veritas.com/content/support/en_US/58991.html

 

Terms of use for this information are found in Legal Notices.

Search

Survey

Did this article answer your question or resolve your issue?

No
Yes

Did this article save you the trouble of contacting technical support?

No
Yes

How can we make this article more helpful?

Email Address (Optional)