cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Is there a upgrade for the Deduplication Agent.

Go to solution
cyberninja
Level 6

‎10-21-2013 11:57 AM

Hello,

I was doing some security checks on my server and found out that the Symantec Deduplication Agent is using a old version of the OpenSSL. Is there a patch I can apply?

Info
package used on Solaris 10 for the Deduplication Agent - SYMCpddea - Version - 7.0.0.0
Netbackup master server - Solaris 10 - 7.5.0.4
Netbackup Media server -Solaris 10 - 7.5.0.4
Netbackup clients - Solaris 10 - 7.5.0.4

 

Symantec has a way to fix Java security issues by redirecting the Java to the system Java. http://www.symantec.com/business/support/index?page=content&id=TECH148257

Is there a work around like this for OpenSSL as well?

Thanks.

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
CRZ
Level 6
Employee Accredited Certified

‎10-23-2013 03:16 PM

The 7.5.0.6 Release Notes mention that 0.9.8.y is included.  Check out page 67:

NetBackup 7.5.0.6 Release Notes
 http://symantec.com/docs/DOC6396

As well, 7.6 should definitely contain one of the versions you mention above.

View solution in original post

0 Kudos
6 REPLIES 6

Go to solution
Nicolai
Moderator
Moderator
Partner    VIP   

‎10-21-2013 12:28 PM

The only patch as such is a newer version of Netbackup software. NBU 7.5.0.6 is on the street  - But I don't know if Symantec has upgraded OpenSSL.

A openssl vulnerability as reported for NBU 7.0.1 to 7.1 see  http://www.symantec.com/docs/TECH159456

0 Kudos

Go to solution
PeteWall
Level 4
Employee

‎10-21-2013 02:10 PM

Unlike Java, it's not as simple as using the system OpenSSL libraries rather than the ones in the NetBackup package.

The version of OpenSSL used by Dedupe was updated in the NetBackup 7.5.0.6 patch release.  That is the best course of action in this case.

0 Kudos

Go to solution
cyberninja
Level 6

‎10-22-2013 06:02 AM

Nice info. I don't think I can just remove the PDDE/OpenSSL. I will have to check to see if we are using dedupe on the client side.

I didn't use a scanner I used the find command.

find / -name openssl -type 2>/dev/null
<result> version -a

 

0 Kudos

Go to solution
cyberninja
Level 6

‎10-22-2013 06:11 AM

Before I recommend that we upgrade. I need to know if the ugrade will fix the issue.

The security people say I need one of the following: 0.9.8y, 1.0.0k or 1.0.1e.

The netbackup version is 0.9.8.r. Does the upgrade get me to the level I need?

0 Kudos

Go to solution
CRZ
Level 6
Employee Accredited Certified

‎10-23-2013 03:16 PM

The 7.5.0.6 Release Notes mention that 0.9.8.y is included.  Check out page 67:

NetBackup 7.5.0.6 Release Notes
 http://symantec.com/docs/DOC6396

As well, 7.6 should definitely contain one of the versions you mention above.

0 Kudos

Go to solution
cyberninja
Level 6

‎10-24-2013 01:47 PM

The update fixes the issue. It updates OpenSSL to version 0.9.8.y.

0 Kudos