Impact of OpenSSL "Heartbleed" Vulnerability to NetBackup & NetBackup Appliances
|Article:TECH216555|||||Created: 2014-04-09|||||Updated: 2014-04-11|||||Article URL http://www.symantec.com/docs/TECH216555|
|NOTE: If you are experiencing this particular known issue, we recommend that you Subscribe to receive email notification each time this article is updated. Subscribers will be the first to learn about any releases, status changes, workarounds or decisions made.|
NetBackup and NetBackup Appliances both utilize the OpenSSL module that has been identified recently as containing the "Heartbleed" vulnerability. Additional details on this vulnerability can be found at heartbleed.com. This document outlines the impact of this vulnerability to NetBackup and NetBackup Appliances.
Any information regarding pre-release Symantec offerings, future updates or other planned modifications are subject to on-going evaluation by Symantec and therefore subject to change. This information is provided without warranty of any kind, express or implied. Customers who purchase Symantec offerings should make their purchase decision based upon features that are currently available.
Some information contained in this document is forward looking and as such does not represent a commitment.
1. Which versions of OpenSSL does this vulnerability affect?
- OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
Versions of OpenSSL that are NOT impacted include:
- OpenSSL 1.0.0 branch is NOT vulnerable
- OpenSSL 0.9.8 branch is NOT vulnerable
Note: This vulnerability is fixed in OpenSSL 1.0.1g.
2. Is there an impact to NetBackup?
Yes, the NetBackup 7.6 / 126.96.36.199 release is affected.
3. Is there an impact to NetBackup Appliances?
Although the NetBackup Appliance hardware, firmware, and operating system are not affected, the NetBackup 7.6 / 188.8.131.52 software on the appliance is affected.
4. Which versions of NetBackup & NetBackup Appliances are impacted by this vulnerability?
|NetBackup||7.6 / 184.108.40.206||Yes|
|NetBackup||Versions prior to 7.6||No|
|NetBackup Appliances||2.6 / 220.127.116.11||Yes|
|NetBackup Appliances||Versions prior to 2.6||No|
5. Which release will the fix be introduced in?
The fix for this vulnerability will be targeted for the following releases:
- NetBackup 7.6 Maintenance Release 2 (18.104.22.168)
- NetBackup Appliances 22.214.171.124
You may Subscribe to this TechNote to be notified when the update is available.
6. If I have additional concerns, who can I contact?
You may contact your Symantec authorized reseller/partner or Symantec technical support.
Article URL http://www.symantec.com/docs/TECH216555