Sign In
Forgot Password

Don’t have an account? Create One.

NetBackup CloudPoint 8.3 Patch - Fix for Apache logging vulnerability for common-objects and IDM

Patch Critical

Abstract

Patch 8.3.0.8874 to Fix Apache logging vulnerability for common-objects and IDM

Description

Bug Fix: Veritas CloudPoint 8.3.0.8877

 

Patch Date: 2022-01-20

 

This document provides the following information:
   * PATCH NAME
   * OPERATING SYSTEMS SUPPORTED BY THE PATCH
   * BASE PRODUCT VERSION FOR THE PATCH
   * SUMMARY OF INCIDENTS FIXED BY THE PATCH
   * DETAILS OF INCIDENTS FIXED BY THE PATCH
   * INSTALLING THE PATCH
   * IMPORTANT NOTES
   * KNOWN ISSUES
   * NOTE

 

PATCH NAME

Veritas CloudPoint 8.3.0.8877

 

OPERATING SYSTEMS SUPPORTED BY THE PATCH
Ubuntu 16.04 x86-64
RHEL 7.7

 

BASE PRODUCT VERSION FOR THE PATCH

Veritas CloudPoint 8.3.0.8860

 

SUMMARY OF INCIDENTS FIXED BY THE PATCH

Patch 8.3.0.8877

ET 4063373: Fix Apache logging vulnerability for common-objects and IDM

 

DETAILS OF INCIDENTS FIXED BY THE PATCH
 

Patch 8.3.0.8877
ET 4063373


SYMPTOM: Fix Apache logging vulnerability(CVE-2021-44228, CVE-2021-45046) for common-objects and IDM

 

DESCRIPTION: IDM and common-objects contains vulnerable apache logging library (Log4j)


RESOLUTION:  Updated vulnerable apache logging library to recommended version 2.17.1

INSTALLING THE BUILD
--------------------------------------
I. Take backup of the complete data of /cloudpoint to a different location

 

    II. Upload the new build
    # docker load -i VRTScloudpoint-docker-8.3.0.8877.img.gz

 

    II. Run the following command as root.
    # docker run --rm -it -v /cloudpoint:/cloudpoint -v /var/run/docker.sock:/var/run/docker.sock veritas/flexsnap-cloudpoint:<installed_cp_version> stop
    # docker run --rm -it -v /cloudpoint:/cloudpoint -v /var/run/docker.sock:/var/run/docker.sock veritas/flexsnap-cloudpoint:8.3.0.8877 install

 

KNOWN ISSUES

None
 

NOTE

 

1. To roll back to the previous version (if needed).

 

  a. Log in to CloudPoint host

 

  b. Run the following commands as root.
      # docker run --rm -it -v /cloudpoint:/cloudpoint -v /var/run/docker.sock:/var/run/docker.sock veritas/flexsnap-cloudpoint:8.3.0.8877 stop

 

    Restore the data that we backed of /cloudpoint in the cloud point host in /cloudpoint
     # docker run --rm -it -v /cloudpoint:/cloudpoint -v /var/run/docker.sock:/var/run/docker.sock veritas/flexsnap-cloudpoint:<previous_cp_version> install

 

2. The previous version(s) of Docker container images are not removed. You can remove them to save your CloudPoint instance disk space.
 

Applies to the following product releases

Update files

File name Description Version Platform Size

Knowledge base

71
2022-12-05

About Apache Log4j Vulnerabilities Apache Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services. Veritas is tracking the recently announced vulnerabilities in Apache’s Log4j. All Veritas Pro...