Resolving JRE security vulnerabilities in NetBackup Appliance release 3.1.2 - JRE Update EEB

Problem

With NetBackup Appliance software release 3.1.2, users may notice the following Java security issues reported in Oracle Java SE Critical Patch Update (April 2019 CPU) (Unix):

• CVE-2019-2699
• CVE-2019-2697
• CVE-2019-2698
• CVE-2019-2602
• CVE-2019-2684

Error Message

Security scanners report the range of the described vulnerabilities as low to high severity.

Cause

NetBackup appliance software version 3.1.2 contains older versions of JRE packages which are now vulnerable to the described security issues.

Solution

An Emergency Engineering Binary (EEB) is available to fix the above mentioned vulnerabilities for the following appliance release: 3.1.2.

This EEB makes the following changes:
• Upgrades JRE from version 1.8.0_181-1 to 1.8.0_212-1.

You can download this EEB (NBAPP_EEB_ET3980083-3.1.2.0-1) from the following SORT link:

https://sort.veritas.com/public/appliance/nba/eebs/NBAPP_EEB_ET3980083-3.1.2.0-1.x86_64.rpm

Apply this EEB only on appliances with software version 3.1.2 to resolve the described security vulnerabilities.

To ensure that all services get updated with the new JRE version, it is strongly recommended that you reboot this appliance after the EEB installation has completed.

If you experience any problems, contact Veritas Support and provide the following information:
• Screenshots for EEB installation procedure
Note: If you roll back this EEB, the updated JRE version remains on the appliance.

For instructions on installing EEBs, click on the link in the  Related articles section below.

Veritas Technologies LLC is aware that the above-mentioned issue is present in the current version(s) of the product(s) mentioned in this article. Veritas is committed to product quality and satisfied customers. These vulnerabilities will be fixed in a future NetBackup Appliance software release.