Impact of OpenSSL "Heartbleed" Vulnerability to NetBackup & NetBackup Appliances


NetBackup and NetBackup Appliances both utilize the OpenSSL module that has been identified recently as containing the "Heartbleed" vulnerability.  Additional details on this vulnerability can be found at This document outlines the impact of this vulnerability to NetBackup and NetBackup Appliances.

Any information regarding pre-release Symantec offerings, future updates or other planned modifications are subject to on-­going evaluation by Symantec and therefore subject to change. This information is provided without warranty of any kind, express or implied. Customers who purchase Symantec offerings should make their purchase decision based upon features that are currently available.

Some information contained in this document is forward looking and as such does not represent a commitment.


1. Which versions of OpenSSL does this vulnerability affect?

  • OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable

Versions of OpenSSL that are NOT impacted include:

  • OpenSSL 1.0.0 branch is NOT vulnerable
  • OpenSSL 0.9.8 branch is NOT vulnerable

Note: This vulnerability is fixed in OpenSSL 1.0.1g.

2. Is there an impact to NetBackup?

Yes, the NetBackup 7.6 / release is affected.

3. Is there an impact to NetBackup Appliances?

Although the NetBackup Appliance hardware, firmware, and operating system are not affected, the NetBackup 7.6 / software on the appliance is affected.

4. Which versions of NetBackup & NetBackup Appliances are impacted by this vulnerability?

NetBackup7.6 /
NetBackupVersions prior to 7.6No
NetBackup Appliances2.6 /
NetBackup AppliancesVersions prior to 2.6No

5. Which release will the fix be introduced in?

The fix for this vulnerability will be targeted for the following releases:

  • NetBackup 7.6 Maintenance Release 2 (
  • NetBackup Appliances

When these releases are available, please access the following links for download and readme information:
 NetBackup Appliances:

You may Subscribe to this TechNote to be notified when the update is available.

6.  If I have additional concerns, who can I contact?

You may contact your Symantec authorized reseller/partner or Symantec technical support.



Terms of use for this information are found in Legal Notices.



Did this article answer your question or resolve your issue?


Did this article save you the trouble of contacting technical support?


How can we make this article more helpful?

Email Address (Optional)