Sign In
Forgot Password

Don’t have an account? Create One.

Security Advisory VTS17-003 issue #6 CVE-2017-6401 (article 100000480)

HotFix Critical

Abstract

VTS17-003: HotFix for Issue #6 CVE-2017-6401 affecting NetBackup and NetBackup Appliances. (article 100000480)

Description

Severity

Security Vulnerability Description


Veritas Technologies LLC has updated Security Advisory VTS17-003, which includes issues affecting all versions of NetBackup and NetBackup Appliances.

A security hotfix which includes a resolution for Issue #6 (CVE-2017-6401) listed in this Advisory is now available for the following versions of NetBackup and NetBackup Appliances:

NetBackup:

  • 7.7.2
  • 7.7.3

NetBackup Appliances:

  • 2.7.3


Action Required

All NetBackup tiers deploy with client binaries bpcd and bpnbat. Installation of this Hotfix must be done on all NetBackup master servers, media servers and clients.


Although this issue affects previous versions of NetBackup and NetBackup Appliances, hotfixes and/or EEB bundles are not available for these versions.


The Security Advisory is available at the following link:

 https://www.veritas.com/support/en_US/security/VTS17-003.html

Severity

Security Vulnerability Description


Document History:

April 26, 2017: Initial publication

May 11, 2017: Hotfixes attached

Veritas Technologies LLC has updated Security Advisory VTS17-003, which includes issues affecting all versions of NetBackup and NetBackup Appliances.

A security hotfix which includes a resolution for Issue #6 (CVE-2017-6401) listed in this Advisory is now available for the following versions of NetBackup and NetBackup Appliances:

NetBackup:

  • 7.7.2
  • 7.7.3

NetBackup Appliances:

  • 2.7.2
  • 2.7.3


Action Required

All NetBackup tiers deploy with client binaries bpcd and bpnbat. Installation of this Hotfix must be done on all NetBackup master servers, media servers and clients.


Although this issue affects previous versions of NetBackup and NetBackup Appliances, hotfixes and/or EEB bundles are not available for these versions.


The formal resolution for this issue (Etrack 3912677) is included in the following releases:

  • NetBackup 8.0
  • NetBackup Appliances 3.0


If the environment has already been upgraded to this version or above, installation of an EEB is not required. Veritas recommends upgrading to the latest version of NetBackup/NetBackup Appliances. Instructions on installing a hotfix or EEB can be found by accessing the Related Articles link.


Hotfix information/README:

NetBackup 7.7.2 & 7.7.3:

Bug ID: ET 3912678 (7.7.2), 3912679 (7.7.3)

Installation Location: client

Installation Instructions: Please follow the EEB installer instructions available in the linked Related Article

Package Contents: Please choose the appropriate platform after download:


7.7.3:

eebinstaller_3912679_6_hpia11_31            HP-UX Itanium Installation

eebinstaller_3912679_6_linuxR_x86_2_6_18    RedHat x64 Installation

eebinstaller_3912679_6_linuxS_x86_3_0_76    Suse x64 Installation

eebinstaller_3912679_6_rs6000_61            AIX Installation

eebinstaller_3912679_6_solaris10            Solaris SPARC Installation

eebinstaller_3912679_6_solaris_x86_10_64    Solaris x64 Installation

eebinstaller_3912679_6_AMD64.exe            Windows x64 Installation

eebinstaller_3912679_6_x86.exe              Windows x86 Installation

eebinstaller_3912679_6_zlinuxR_2_6_18       RedHat System z Installation

eebinstaller_3912679_6_zlinuxS_3_0_76       Suse System z Installation

7.7.2:

eebinstaller_3912678_6_hpia11_31            HP-UX Itanium Installation

eebinstaller_3912678_6_linuxR_x86_2_6_18    RedHat x64 Installation

eebinstaller_3912678_6_linuxS_x86_3_0_76    Suse x64 Installation

eebinstaller_3912678_6_rs6000_61            AIX Installation

eebinstaller_3912678_6_solaris10            Solaris SPARC Installation

eebinstaller_3912678_6_solaris_x86_10_64    Solaris x64 Installation

eebinstaller_3912678_6_AMD64.exe            Windows x64 Installation

eebinstaller_3912678_6_x86.exe              Windows x86 Installation

eebinstaller_3912678_6_zlinuxR_2_6_18       RedHat System z Installation

eebinstaller_3912678_6_zlinuxS_3_0_76       Suse System z Installation


Checksums:

7.7.3:

2189296671 557625 zlinuxR_2.6.18/bpcd

3057486263 67925 zlinuxR_2.6.18/bpnbat

1796872410 542283 zlinuxS_3.0.76/bpcd

3191150927 73888 zlinuxS_3.0.76/bpnbat

2166487485 1244024 solaris_x86_10_64/bpcd

328195087 113864 solaris_x86_10_64/bpnbat

572482574 538624 x86/bpcd.exe

4111780846 43520 x86/bpnbat.exe

184104929 843704 linuxR_x86_2.6.18/bpcd

2370619339 68220 linuxR_x86_2.6.18/bpnbat

3161040523 1227650 rs6000_61/bpcd

3769663290 102853 rs6000_61/bpnbat

1115079102 813715 linuxS_x86_3.0.76/bpcd

667470645 70566 linuxS_x86_3.0.76/bpnbat

3851053964 2663480 hpia11.31/bpcd

395805498 179808 hpia11.31/bpnbat

1519032279 756736 AMD64/bpcd.exe

1325727066 51712 AMD64/bpnbat.exe

1770317240 1258096 solaris10/bpcd

4154479653 76840 solaris10/bpnbat

7.7.2:

3259314164 554549 zlinuxR_2.6.18/bpcd

2755427368 67853 zlinuxR_2.6.18/bpnbat

3914213099 537479 zlinuxS_3.0.76/bpcd

29847574 69736 zlinuxS_3.0.76/bpnbat

2847489734 1240320 solaris_x86_10_64/bpcd

754213617 111776 solaris_x86_10_64/bpnbat

828127815 399872 x86/bpcd.exe

3643246590 43008 x86/bpnbat.exe

2497251671 1226787 rs6000_61/bpcd

2242323545 100751 rs6000_61/bpnbat

1773588206 840534 linuxR_x86_2.6.18/bpcd

4245920247 64036 linuxR_x86_2.6.18/bpnbat

2236744046 809108 linuxS_x86_3.0.76/bpcd

4255004312 66414 linuxS_x86_3.0.76/bpnbat

4105956715 2662984 hpia11.31/bpcd

2009535810 179232 hpia11.31/bpnbat

3668156862 605184 AMD64/bpcd.exe

1372485538 48128 AMD64/bpnbat.exe

4068020571 1254648 solaris10/bpcd

3603896174 74768 solaris10/bpnbat


Recommended service state: Stop all NetBackup services before applying this hotfix.


NetBackup Appliances 2.7.2 & 2.7.3:

Please use the Download Attachment link to find and download the RPM and access the linked Related Article for instructions on applying the hotfix on an Appliance.

The Security Advisory is available at the following link:

 https://www.veritas.com/support/en_US/security/VTS17-003.html


Contact Support

 https://www.veritas.com/support/en_US/contact-us.html




Applies to the following product releases

Update files

File name Description Version Platform Size