Impact of OpenSSL "Heartbleed" Vulnerability to NetBackup & NetBackup Appliances

Article:TECH216555  |  Created: 2014-04-09  |  Updated: 2014-04-11  |  Article URL http://www.symantec.com/docs/TECH216555
NOTE: If you are experiencing this particular known issue, we recommend that you Subscribe to receive email notification each time this article is updated. Subscribers will be the first to learn about any releases, status changes, workarounds or decisions made.
Article Type
Technical Solution

Product(s)

Issue



NetBackup and NetBackup Appliances both utilize the OpenSSL module that has been identified recently as containing the "Heartbleed" vulnerability.  Additional details on this vulnerability can be found at heartbleed.com. This document outlines the impact of this vulnerability to NetBackup and NetBackup Appliances.

Disclaimer:
Any information regarding pre-release Symantec offerings, future updates or other planned modifications are subject to on-­going evaluation by Symantec and therefore subject to change. This information is provided without warranty of any kind, express or implied. Customers who purchase Symantec offerings should make their purchase decision based upon features that are currently available.

Some information contained in this document is forward looking and as such does not represent a commitment.


Solution



1. Which versions of OpenSSL does this vulnerability affect?

  • OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable

Versions of OpenSSL that are NOT impacted include:

  • OpenSSL 1.0.0 branch is NOT vulnerable
  • OpenSSL 0.9.8 branch is NOT vulnerable

Note: This vulnerability is fixed in OpenSSL 1.0.1g.

2. Is there an impact to NetBackup?

Yes, the NetBackup 7.6 / 7.6.0.1 release is affected.

3. Is there an impact to NetBackup Appliances?

Although the NetBackup Appliance hardware, firmware, and operating system are not affected, the NetBackup 7.6 / 7.6.0.1 software on the appliance is affected.

4. Which versions of NetBackup & NetBackup Appliances are impacted by this vulnerability?

Component Version Impacted?
NetBackup 7.6 / 7.6.0.1 Yes
NetBackup Versions prior to 7.6 No
NetBackup Appliances 2.6 / 2.6.0.1 Yes
NetBackup Appliances Versions prior to 2.6 No

5. Which release will the fix be introduced in?

The fix for this vulnerability will be targeted for the following releases:

  • NetBackup 7.6 Maintenance Release 2 (7.6.0.2)
  • NetBackup Appliances 2.6.0.2

When these releases are available, please access the following links for download and readme information:
 NetBackup: http://go.symantec.com/nb
 NetBackup Appliances: http://go.symantec.com/nba

You may Subscribe to this TechNote to be notified when the update is available.

6.  If I have additional concerns, who can I contact?

You may contact your Symantec authorized reseller/partner or Symantec technical support.

 

 




Article URL http://www.symantec.com/docs/TECH216555


Terms of use for this information are found in Legal Notices