NetBackup and NetBackup Appliances both utilize the OpenSSL module that has been identified recently as containing the "Heartbleed" vulnerability. Additional details on this vulnerability can be found at heartbleed.com. This document outlines the impact of this vulnerability to NetBackup and NetBackup Appliances.
Any information regarding pre-release Symantec offerings, future updates or other planned modifications are subject to on-going evaluation by Symantec and therefore subject to change. This information is provided without warranty of any kind, express or implied. Customers who purchase Symantec offerings should make their purchase decision based upon features that are currently available.
Some information contained in this document is forward looking and as such does not represent a commitment.
1. Which versions of OpenSSL does this vulnerability affect?
- OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
Versions of OpenSSL that are NOT impacted include:
- OpenSSL 1.0.0 branch is NOT vulnerable
- OpenSSL 0.9.8 branch is NOT vulnerable
Note: This vulnerability is fixed in OpenSSL 1.0.1g.
2. Is there an impact to NetBackup?
Yes, the NetBackup 7.6 / 22.214.171.124 release is affected.
3. Is there an impact to NetBackup Appliances?
Although the NetBackup Appliance hardware, firmware, and operating system are not affected, the NetBackup 7.6 / 126.96.36.199 software on the appliance is affected.
4. Which versions of NetBackup & NetBackup Appliances are impacted by this vulnerability?
|NetBackup||7.6 / 188.8.131.52||Yes|
|NetBackup||Versions prior to 7.6||No|
|NetBackup Appliances||2.6 / 184.108.40.206||Yes|
|NetBackup Appliances||Versions prior to 2.6||No|
5. Which release will the fix be introduced in?
The fix for this vulnerability will be targeted for the following releases:
- NetBackup 7.6 Maintenance Release 2 (220.127.116.11)
- NetBackup Appliances 18.104.22.168
You may Subscribe to this TechNote to be notified when the update is available.
6. If I have additional concerns, who can I contact?
You may contact your Symantec authorized reseller/partner or Symantec technical support.