6.5.1 Release Update

Article:TECH67771  |  Created: 2009-01-11  |  Updated: 2011-04-11  |  Article URL http://www.symantec.com/docs/TECH67771
Article Type
Technical Solution


Environment

Issue



Release Update NB_PDE_6.5.1.tar provides cumulative fixes to Symantec Veritas NetBackup (tm) PureDisk 6.5.


Solution



Name: NB_PDE_6.5.1
Date: February 05, 2009

==============================================================================
This release update provides features and fixes to the Veritas NetBackup
PureDisk Remote Office Edition 6.5 software.

WARNING: When you apply this release update, all PureDisk services stop and
start. This can cause running jobs to abort.
==============================================================================

* PACK DEPENDENCIES

* PRODUCT FIXES

* PRODUCT ENHANCEMENTS

* KNOWN ISSUES

* DATALOSS ISSUES - RESOLVED

* SECURITY VULNERABILITIES - RESOLVED

* DOWNLOAD INSTRUCTIONS

* EXTRA STEPS TO PERFORM WHEN UPGRADING FROM PUREDISK 6.2.2

* INSTALLATION INSTRUCTIONS

* UPGRADING PDDO AGENTS ON MEDIA SERVER CLIENTS


=================
PACK DEPENDENCIES
=================


Install PureDisk 6.2.2 or 6.5.0, before you install this release update.

This release update can also be installed on 6.5.0.1.

Please review the "Known Issues" section for further dependencies and
other information prior to installing this release update.

IMPORTANT: To ensure that critical updates and fixes are applied to the
PureDisk environment, upgrade to the most current release of PureDisk
after installing 6.5.1.  Subsequent releases include critical updates,
including fixes for potential data loss conditions.  See the Related
Documents section at the end of this document for links to these updates.


=============
PRODUCT FIXES
=============


The following known issues are resolved in PureDisk 6.5.1:

* ET1145489 - The password is incorrectly shown in clear text when
running the disaster recovery script.

* ET1215648 - The default PDDO segment sizes do not dynamically match the
classic PureDisk agent for a file within an image.

* ET1237031 - A random libcurl segmentation fault occurs because the curl
library is out of date. This results in a spoold crash. Titan Case
281-414-058.

* ET1249106 - After rerunning the UNIX installer, unable to browse the
file system unless the client agent is restarted manually.

* ET1252536 - The content router garbage collection database query fails.

* ET1254114 - A performance bottleneck exists in the content router
storage cache.

* ET1255719 - After a disaster recovery restore, the storage pool is in a
hold status, and no data dereferencing can be done until the mode changes.

* ET1256339 - The system presents a default of 1 for the storage pool ID
during the disaster recovery process, which does not encourage the user
to seek out the appropriate ID for their PureDisk environment.

* ET1257472 - Data cannot always be restored if the data was backed up
immediately before the restore.

* ET1261075, ET1261078 - After a disaster recovery restore or after a
SPAR restore, PureDisk fails to update the agent configuration files.

* ET1261114 - Replicated PDDO data can never be removed.

* ET1261829 - On storage pool authority replication, the entryUUIDs for
LDAP objects are not backed up correctly, causing system account IDs in
the agent table to be out of sync after a restore.

* ET1266914 - The UNIX installer does not allow you to change a malformed
hostname. It enters a loop.

* ET1269694 - The restore of a file that uses a 4-byte unicode file name
fails.

* ET1280067 - Backups fail on HP-UX and on Solaris SPARC agents due to
time zone problems.

* ET1282450 - Content router cache memory is not freed after objects are
removed from the storage cache.

* ET1282774 - Data mining and replication operations fail when they
encounter integers that are displayed as scientific floating-point values.

* ET1287876 - Imports fail with a "FileSetIterator exception occurred
while evaluating data selection" error.

* ET1289914 - The workflow engine generates a message erroneously when
the agent runs a "setStatus" on a job step that has been deleted.

* ET1293219 - The pdagent.exe binary is leaking handles when client has
no network access to the storage pool authority.

* ET1299865 - A disaster recovery restore fails to restore a functioning
LDAP database.

* ET1303495 - There is a redundant question about encryption in the
disaster recovery restore script.

* ET1303820 - The vss_cmd_server_DB process hangs and crashes during the
backup of a Microsoft SQL data selection when the default instance of the
database has been added or removed.

* ET1316688, ET1383699 - A disaster recovery backup fails if /Storage
resides on an NFS-mounted partition.

* ET1319290 - After a user terminates a job for a UNIX or Linux client,
PureDisk continues to start workflows for the job.

* ET1320182 - Backups of MacOS X 10.3 clients fail with "Error: 65: Could
not convert PO to a string (no data available)".

* ET1321034 - The content router crashes if too many clients are
connected.

* ET1321577 - Installation of a Windows agent on a Windows Server 2003
client with an Intel EM64T processor fails and generates an MSI Utility
error 2755/1601. Titan Case 290-913-940 and 290-976-112.

* ET1322581 - In some instances, a replicated data selection failed when
exported to NetBackup using PureDisk 6.2.2.

* ET1363384 - VSS snapshots of Microsoft SQL and Microsoft Exchange
backups fail when Backup Exec System Recovery 8 and PureDisk are
installed on the same client. Titan Case 311-930-343.

* ET1364306 - PureDisk generates false data corruption messages.

* ET1365780 - There are performance concerns with compression on clients.

* ET1374598 - PureDisk generates the following message during a disaster
recovery restore: "database 'ca' does not exist".

* ET1376259 - Content router API functions return false positives for
checks for corrupt segments.

* ET1383641 - Backups of Microsoft SQL databases with a named instance
fail with "unable to locate resource" and "unexpectedly terminated with
exit status 6006" error messages.

* ET1383645 - The content router API function cd_filerefdel fails with a
segmentation fault.

* ET1383651 - Web UI performance degrades when a large number of
departments are configured.

* ET1383652 - If the Data Selections tab is not viewed when a user
creates a new policy, PureDisk applies previously saved data selections
to the new backup policy.

* ET1383672 - Jobs and parameters older than 14 days are not being
correctly cleaned by system maintenance.

* ET1383674 - Maintenance does not clean out old policy runs.

* ET1383677 - An export to NetBackup always incorrectly logs at trace log
level.

* ET1383680 - Removing all data selections from a policy causes PureDisk
to include all data selections when the policy runs again.

* ET1383683 - Restores do not merge All Files and Folders data selections
correctly for a single agent.

* ET1383688 - The Job steps report only shows the first page.

* ET1383712 - In several instances, the free disk space is being
incorrectly displayed for disks greater in size than 4TB.

* ET1383780 - PureDisk was failing to replicate a data selection if the
replication policy's metadata folder filter ends in a slash (/) character.

* ET1383787 - Replication fails with the error message "Error: 2 : Could
not load route table /Storage/tmp/<n>.recommended".

* ET1384127 - NetBackup optimized Storage Lifecycle Policy duplications
from one PureDisk disk pool to another time out after 6 hours and revert
to standard duplication.

* ET1384132 - An attempt to install a NetBackup Export Engine service on
a node with no other PureDisk services fails.

* ET1384134 - Multistreamed backup jobs cause the PureDisk Solaris SPARC
agent to create core dumps.

* ET1384144 - In the web UI, the Microsoft SQL data selection does not
show selected database objects correctly on re-edit. It shows all objects
are deselected.

* ET1384958 - Attempts to browse files from the "Restore File" window
fail for directory names that contain comma (,) characters. Titan Case
311-985-193.

* ET1384976 - Cannot download a backup file from the "Find Files" window
when the file name contains an apostrophe (') character. Titan Case
311-985-202.

* ET1388897, ET1432799 - Include LDAP mapping and web UI changes made to
PureDisk 6.2.2 in the PureDisk 6.5.1 software.

* ET1388917 - Data removal, garbage collection, and content router queue
processing operations fail to make reclaimed physical disk space
available to PureDisk.

* ET1390108 - The queued jobs threshold is exceeded for PDDO Maintenance
work flow.

* ET1391485, ET1421250 - The cluster_add_node script is broken for
PureDisk on a VCS cluster. Titan Case 220-370-516.

* ET1392121 - On REL3 Update 9 clients, the php.bin continues to start
jobs after the job is terminated on the storage pool authority.

* ET1395665 - It is unclear what policy produces the "Policyrun 36 found
with no Jobs End Policyrun." error message from PureDisk WorkFlow Engine.

*ET1396425 - Links to the PureDisk documentation incorrectly go to a
placeholder pdf.

* ET1401108 - PDDO fingerprint cache not is working correctly for inline
tape copy.

* ET1401576 - The support script ChangeBatches.sh hangs and does not exit.

* ET1404174 - Replication performance speed over high latency connections
is excessively slow without fingerprint cache to avoid lookups.

* ET1404180 - PDDO replication does not allow file multistreaming, and
the result is poor performance.

* ET1404809 - Imports fail with a "FileSetIterator exception occurred
while evaluating dataselection" error.

* ET1406197 - A Files and Folders restore of a full system backup causes
a "/WINDOWS/SYSTEM32/CONFIG/SYSTEM corrupt" error message. Titan Case
230-560-490.

* ET1406303 - PDDO cannot cancel replication jobs on the storage pool
authority.

* ET1407606 - Exchange restores fail with a "Path Object list did not
contain a valid end-marker." message.

* ET1407659 - Defining DontSegmentTypes in Agent.cfg or in a policy
causes pdbackup to crash on Solaris. Titan Case 230-590-500.

* ET1409349 - When comparing department and location name for uniqueness,
any leading and trailing space characters in name are not ignored. A
department with name "MyDepartment" is considered a the same as "
MyDepartment ". (Note the leading and trailing spaces in second name.)

* ET1411091 - PDDO is unable to configure small-file batch threshold for
segmentation.

* ET1411512 - Backup policies lose their data selections during edit of
schedules.

* ET1411518 - Backup files are not shown in the Restore Files screen.

* ET1411529 - NetBackup optimized Storage Lifecycle Policy duplications
from one PureDisk storage pool to another timeout after 6 hours and
revert to a normal duplication. Titan Case 281-382-906.

* ET1411840 - If a network connection breaks during a PDDO backup between
media server and content router, cached PDDO data can be lost in the
transfer.

* ET1414779 - Added the "change_password.sh" script which provides a
single script for changing any or all of the following passwords:
PureDisk database, LDAP administrator, and the internal LDAP SAMBA
administrator.

* ET1415069 - The NetBackup "Image Cleanup" jobs fail on PDDO images with
a NetBackup Status Code 174 (media manager - system error occurred).
Titan Case 281-413-992.

* ET1417715 - PDDO Inline Tape Copy backups to two PureDisk 6.5 storage
pool authorities fail with a status 84 "one or more invalid arguments".

* ET1418234 - PureDisk image cleanup is taking an excessive amount of
time.

* ET1423216 - The "NetLookUpHost" stops all PureDisk processes if it
fails to properly fork a process.

* ET1424081 - Spoold fork failure results in job failure.

* ET1426037 - PDDO backup workflows on the storage pool authority
continue to display a running status until the timeout threshold is
reached if the backup crashed.

* ET1427831 - The Replication job Details tab does not display
fingerprint cache hits.

* ET1431109 - The performance of standard PureDisk backups changed
significantly for the same data selection after a PureDisk export to
NetBackup or the failover of a PureDisk server.

* ET1431821 - The spoold process deadlocks after a power failure and a
reboot.

* ET1431881 - The workflow engine is starting too many content router
queue processing jobs.

* ET1432836 - Deleting data selections may result in new virtual data
selections on the replicated storage pool.

* ET1441404 - The storaged.log contains "Transaction log IDs are out of
sequence" message after replacing the hard drives in a storage pool
authority and copying the data back. Titan Case 240-822-803.

* ET1441507 - Metabase Garbage Collection jobs take excessively long
after an upgrade to PureDisk 6.2.2. Titan Case 220-365-270.

* ET1442718 - Replication of unencrypted source data to a storage pool
with a different fingerprint type results in corrupt data.

* ET1442761 - Severe throughput degradation caused by a linear search
through large number of content router containers at backup time.

* ET1442788 - When a single segment file is uploaded to a full content
router, the file is not stored correctly and could potentially result in
lost data.

* ET1442824 - Pdbackup does not deal properly with abort message from the
content router.

* ET1444460 - The path object import method requires a performance
improvement for batched path object imports.

* ET1445000 - Made improvements to the error checking on path objects
during the replication process.

* ET1446850 - Internal test tools can return mangled record data for PDDO
entries. These test tools are available to the PureDisk support
organization to diagnose problems. The mangled output can make diagnosis
harder. Although mangled output is returned, the records are in reality
stored (and can be restored) correctly.

* ET1448069 - The cr_errno variable is not thread safe.

* ET1468440 - Severe performance degradation is observed on content
routers with a large number of empty containers.

* ET1482130 - Added documentation to the Administrator's Guide for
preparing non-failed nodes for disaster recovery. The procedure includes
a step to remove the latest VRTSweb package with the command "rpm -e
VRTSweb*". The correct version of VRTSweb is reinstalled later during the
disaster recovery process on all nodes.


====================
PRODUCT ENHANCEMENTS
====================


The following enhancements are included in PureDisk 6.5.1:

* ET1429519 - Added support for Windows Server 2008.

* ET1414779 - Added a new script, change_password.sh, that allows you to
change the PureDisk database password, the LDAP administrator password,
and the Internal LDAP Samba administrator password.

* ET1505884 - Added a new script that may improve replication performance
on networks with latency. The tcp_tune.sh script is located in the
/opt/pdconfigure/scripts/support directory. If you are experiencing
performance degradation using replication over a high latency network,
running this script may help.

PDDO:

* Enabled fingerprint cache for PDDO backups using NBU Inline Tape Copy *
The pddocfg.bat file is replaced with a pddocfg.exe file that when
launched, generates a configuration wizard. See the PDDO documentation
for instructions on how to use the new wizard. The .bat file is still
included in this patch. Consult the PureDisk 6.5 documentation on how to
use the .bat file.

New configuration options added to pd.conf:

* Optimized duplication (SLP) supports a configurable timeout. Timeout
for optimized duplication was hardcoded 6 hours. This timeout can now be
configured in pd.conf on the NBU Media Server.

* PDDO uses PureDisk segmentation algorithm to benefit global
deduplication.

* Increased performance for NBU Image Cleanup job Optimized database view
for all PDDO operations (dslast_pddo_X).


Note:


Pd.conf.template changes. The new configurations options are included in
pd.conf.template file. The installer writes this file to the media server
when you install this patch. If you want to preserve the PureDisk 6.5
settings, copy the existing pd.conf.template file to an alternate
location before you install this patch.



Note:


Reserved keywords. The keywords PREFETCH, PADALIGN, SEGKSIZE are include
in the pd.conf.template file, but they are reserved for future use.
Please do not adjust these values.



Note:


For more detailed information on the new pd.conf options, please see the
PureDisk Deduplication Option Guide PDF on the PureDisk SPA landing page.


PDDO replication:

* Previous releases of the PureDisk documentation included a procedure
for replicating a PDDO data selection. The final step in the procedure
was to create a replication policy to copy the PDDO data selection from
the source storage pool to the target storage pool. This step is no
longer necessary after applying this patch. Optimized duplication
replication now duplicates the entire NetBackup image when it receives
the first fragment for replication. (NetBackup replicates each fragment).
All subsequent fragment requests from NetBackup will be quickly returned
as the data already resides on the destination storage unit. This is
identical to the behavior of running PDDO policy based replication prior
to NetBackup duplicating an image. This enhancement allows the
replication to be fully controlled by NetBackup.

* Multiple replication copies of the same image, while possible, are
performed using NetBackup's normal duplication process. If there is
already one duplicate copy that was created by optimized duplication,
subsequent attempts to replicate the same image will revert to the
previous, slower duplication process. If all copies of an image are
expired except for the primary copy, then the optimized duplication of
the primary copy is again performed using the newer process. It is not
necessary to run data removal before running the optimized duplication on
the single primary copy.

* Increased concurrency of PDDO replication. Concurrency for PDDO
replication jobstep "ForwardData" is increased from 1 to 5 processes.

* PDDO replication support for compression and encryption of replicated
data.

* PDDO replication support for multistreaming.

* PDDO replication support for fingerprint caching.

* PDDO replication support for segment batch messaging limits the
overhead and increases performance during replication by doing existence
checks in batches rather than one by one in sequence.

* Query optimization for PDDO replication.


Note:


Statistics for replication jobs are in the job log, not under the
Statistics tab.


Content router:

* Eliminated CR reply messages. Client no longer wait for reply message
from CR and can continue its operations.

* Implementation of CR message sequence ID. Client and CR are always
synchronized on communication.

Client agents:

* Improved compression algorithm for all client agents.


============
KNOWN ISSUES
============


This following known issues exist in PureDisk 6.5.1:

* ET1524685 - The upgrade to PureDisk 6.5.1 resets the default Java
maxheap size to 128 MB. If this results in poor performance of the webui,
see TechNote 289413 at http://support.veritas.com/docs/289413 to change
the setting.

* ET1282681 - Various directories on all PureDisk servers are world
writable with a sticky bit.

* ET1373583 - As implemented by PureDisk, the Java Runtime Environment
(JRE) does not allow external input, Applets, or Web Start to run. As a
result, it is not affected by Sun JRE untrusted Applet and Web Start
security issues. See TechNote 287311 at
http://entsupport.symantec.com/docs/287311.

* ET1438305 - After backing up HP-UX agents with the "Include network
shares" options, the permissions for the shared files are missing.

* ET1445330 - While Windows 2008 backups and restores are supported in
PureDisk 6.5.1, the Windows Event Logs on Windows 2008 are not backed up
in a Shadow Copy Components backup. This is the result of changes in the
Microsoft API and will be addressed in a future version of PureDisk.

* ET1449315 - When upgrading a Windows machine from PureDisk 6.5 to
PureDisk 6.5.1, the PureDisk services are reset to start with the
LocalSystem account. This is an issue for universal naming convention
(UNC) data selections. You will need to restart the service on all
affected machines under their desired account after the upgrade completes
or you will be unable to backup or restore UNC data selections.

* ET1453133 - PDDO capacity cannot be counted correctly and should be
eliminated from the capacity report.

* ET1458228 Specifying a replication bandwidth limiter using the
OPDUP_BANDWIDTH setting only works correctly for values up to 5 MB/s.
Values higher than that result in a bandwidth much lower than the
requested value. See Technote 318482
(http://entsupport.symantec.com/docs/318482).

* ET1461016 - No statistics are available on the on Statistics Tab in the
Web UI for PDDO replication jobs. To see the statistics, view them in the
job step log for update statistics step.

* ET1469667 - If the data selection removal process does not complete in
the normal timeframe, all data selection removal workflow jobs need to be
killed, and the workflow engine needs to be restarted.

* ET1470288 - Fail to establish a connection from the media server to the
storage pool for PDDO setup for NetBackup with NetBackup Access Control
enabled.

* ET1470308 - When opening the Statistics tab of an export job, the list
of exported files is displayed, thereby rendering the other statistics
unreadable.

* ET1479169 - After a backup, the access time on a file can be different
from what the access time was before the backup occurred. This has been
observed on Windows and HP-UX platforms. This change occurs regardless of
whether the "Preserve access time" box is checked or not.

* ET1481158 - The script used to setup CIFS for Active Directory works
intermittently. If the script fails, it has to be rerun. Timing issues in
the Samba tool kit are the cause of the failures.

* ET1499416 - When users navigate away from the source page in the
PureDisk Web UI, any open pop-up pages launched from the source page lose
their reference and no longer operate correctly. Please complete all
actions initiated in the pop-up windows and close them before navigating
away from the source page in the PureDisk Web UI.

* ET1502214 - After assigning a client agent configuration file template,
the clients don't show up as members when pushing the template out to
agents. This is only an issue with the Web UI, and the client is actually
a member. Pressing the assign template link again allows you to confirm
the names of agents and departments that are checked. These are the
agents and departments receive the configuration file when pushed.

* ET1506759 - Alternate client restores of Microsoft Exchange and SQL
databases fail if the PureDisk agent isn't installed in the same location
on both the source and the destination servers. The workaround for this
issue is to install the PureDisk agent in the same directory on both
servers.

* ET1514990 - Under certain conditions if a content router is stopped
during rerouting, the content router can fail to start up. See TechNote
318528 (http://entsupport.symantec.com/docs/318528).

* ET1515691 - Cannot perform metabase engine rerouting on PDDO
dataselections, because PDDO dataselections cannot be deactivated in the
Web UI.


==========================
DATALOSS ISSUES - RESOLVED
==========================


The following dataloss issues are resolved in PureDisk 6.5.1

* ET1411840 - When using both TIR (True Image Restore) and PDDO
(NetBackup PureDisk Duplication Option). Network connection issues
between the NBU Media Server and the PureDisk Content Router may result
in TIR data not being written. See TechNote 311609 at
http://entsupport.symantec.com/docs/311609.

* ET1429791 - A rare data loss scenario has been discovered in NetBackup
PureDisk when the content router simultaneously experiences disk write
errors and a network connectivity failure. Jobs may appear to complete
successfully, but the data may not be in tact for restore. See TechNote
311507 at http://entsupport.symantec.com/docs/311507.

* ET1432836 - In NetBackup PureDisk, deleting data selections may result
in new "virtual" data selections on the replicated storage pool. This may
created unexpected behavior when attempting to restore data from the
replicated storage pool. See TechNote 314568 at
http://entsupport.symantec.com/docs/314568.

* ET1442718 - Replication of unencrypted source data to a storage pool
with a different fingerprint type than the source storage pool may result
in replicated data which is unrecoverable. See TechNote 314573 at
http://entsupport.symantec.com/docs/314573.

* ET1442788, ET1442824 - A potential for data loss has been discovered in
cases where a PureDisk content router meets or exceeds its "Low Space
Threshold" and remains beyond this threshold. In some cases, the backup
job can complete successfully even though data was not completely written
due to the content router being in this state. See TechNote 313465 at
http://entsupport.symantec.com/docs/313465.

* ET1442803 - An extremely rare potential for data loss has been observed
in cases where two clients attempt to write the exact same data to the
same content router simultaneously and an error occurs while one client
is writing the data. In this case, the other client may lose data it
stored to the content router and may not be aware of the loss.See
TechNote 313463 at http://entsupport.symantec.com/docs/313463.


===================================
SECURITY VULNERABILITIES - RESOLVED
===================================


The following security vulnerability issues are resolved in PureDisk
6.5.1:

* ET1258575 - Authenticated users could crash the LDAP server's slapd
process using the "NOOP" command.

* ET1263651 - Multiple PHP and Perl Compatible Regular Expressions (PCRE)
vulnerabilities, the most serious vulnerabilities allow unauthenticated
users to trigger a buffer overflow and potentially execute arbitrary code.

* ET1279547 - The PureDisk configuration of apache allows the discovery
of the available system users.

* ET1279550 - The PureDisk storage pool authority and metabase server
expose that they are running PHP.

* ET1283905 - If OpenSSL has been compiled using the non-default
Transport Layer Security server name extensions, a remote attacker could
send a carefully crafted packet to a server application using OpenSSL and
cause it to crash. Affects OpenSSL 0.9.8f and OpenSSL 0.9.8g.

* ET1294264 - A vulnerability caused by an error in the
"ap_proxy_http_process_response()" function when forwarding interim
responses has been reported in the Apache mod_proxy module, that
potentially can be exploited to cause a Denial of Service attack.

* ET1294262 - Improper quoting in some parts of Vim written in the Vim
Script can lead to arbitrary code execution upon opening a crafted file.

* ET1303860 - It is possible to send SQL commands through the
MetabaseFind interface that could potentially result in the loss of a SQL
database.

* ET1377416 - The net-snmp package has a denial of service vulnerability
(CVE-2008-2292), an authentication bypass (CVE-2008-0960) and other
memory leaks.

* ET1378552 - Multiple heap-based buffer overflows in the encryption and
decryption functions in crypto.c in libexslt in libxslt 1.1.8 through
1.1.24 allow context-dependent attackers to execute arbitrary code via an
XML file containing a long string as "an argument in the XSL input."

* ET1378801 - Two vulnerabilities (CVE-2008-2370 and CVE-2008-1232)
affect tomcat 5.5.26 which is used by VRTSweb.

* ET1379686 - liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote
attackers to cause a denial of service (program termination) via crafted
ASN.1 BER datagrams that trigger an assertion error.

* ET1384621 - Weak passwords are temporarily cached authentication for
MRTws.

* ET1392160 - Multiple heap-based buffer overflows in the Network Data
Representation (NDR) parsing in smbd in Samba 3.0.0 through 3.0.25rc3
allow remote attackers to execute arbitrary code through a crafted MS-RPC
request.

* ET1437524 - Multiple heap-based buffer overflows in the NDR parsing in
smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute
arbitrary code through a crafted MS-RPC request.

* ET1392162 - The MS-RPC functionality in smbd in Samba 3.0.0 through
3.0.25rc3 allows remote attackers to execute arbitrary commands via shell
metacharacters.

* ET1408568 - Unauthorized remote users can list all file systems on this
host that are accessible from a remote system.

* ET1408576 - PureDisk is not using SMB (Server Message Block) signing.
SMB signing adds security to a network using NetBIOS, avoiding
man-in-the-middle attacks.

* ET1408584 - Apache allows web server HTTP Trace/Track cross site
tracing.

* ET1422074 - When data is replicated from one storage pool to another,
although the data is transmitted encrypted, the data's digest and
encryption key are transmitted in plain text before the encrypted data is
transmitted.

* ET1424946 - The password required for the restore of files is logged in
plain text in the storage pool authority's audit trail, where it is
accessible to all PureDisk administrators with shell access.

* ET1433937 - The mod_proxy_ftp module of the Apache HTTP Server is
vulnerable to a cross-site scripting vulnerability when handling requests
with wildcard characters.

* ET1437548 - Secunia research discovered vulnerability in Samba caused
due to a boundary error within the receive_smb_raw() function in
lib/util_sock.c when parsing SMB packets. It can be exploited to cause a
heap-based buffer overflow via an overly large SMB packet received in a
client context.

* ET1437556 - This update fixes a buffer overlow that could be triggered
when displaying Border Gateway Protocol (BGP) packets.

* ET1437573 - Vim allows users to open content through external programs
if the argument contains a "http:" sub-string. It insecurely invoked
external web browsers to fetch the remote content.

* ET1437578 - This update fixes a bug in function safer_name_suffix() of
tar which leads to a crashing stack.

* ET1446769 - Smarty has discovered a vulnerability caused due to an
error when processing data with embedded variables. This can be exploited
to potentially execute arbitrary PHP code.

* ET1456363 - A vulnerability has been reported in OpenSSH, which
potentially can be exploited by malicious people to disclose sensitive
information. Plain text recovery vulnerability.

* ET1457385 - This update fixes an integer overflow in libxml2 that could
lead to memory corruption and arbitrary code execution.

* ET1486534 - Multiple vulnerabilities mostly related to session
hijacking and XSS are addressed.


=====================
DOWNLOAD INSTRUCTIONS
=====================


This section describes how to download the software.

Downloading and extracting the patch

1. Use scp to copy the tar file, NB_PDE_6.5.1.tar, to the /root
  directory of the PureDisk node that hosts the storage pool authority.

2. Log on as root to the node that hosts the storage pool authority.

3. Type the following command to verify the integrity of the release
  update:

  md5sum /root/NB_PDE_6.5.1.tar

  This command computes the md5 checksum of the release update. The md5
  checksum of the release update must match
  '577396a7b0f23303881a6635988ac528'.

  If you obtain a different checksum, the release update was corrupted
  during download. Try to download the release update again.

4. Type the following command to extract the README file:

  tar -C / -xf /root/NB_PDE_6.5.1.tar ./NB_PDE_6.5.1.README



=========================================================
EXTRA STEPS TO PERFORM WHEN UPGRADING FROM PUREDISK 6.2.2
=========================================================


Perform the following steps when upgrading from PureDisk 6.2.2

Upgrading from PureDisk 6.2.2

1. Upgrade PureDisk Operating System (PDOS) on all nodes from version
  6.2.0.13 to 6.5.0.343.

  Please see section "Upgrading the operating system software to PDOS
  6.5" (p. 168) in the PureDisk Storage Pool Installation Guide for
  details about the upgrade process.

http://www.symantec.com/business/support/index?page=content&id=DOC2238

2. Use rcp or scp to copy the PureDisk 6.5.0 tgz file,
  puredisk-6.5.0.10534, to the /opt/pdinstall directory of the PureDisk
  node that hosts the storage pool authority.



=========================
INSTALLATION INSTRUCTIONS
=========================


This section describes how to install the software.

Installing the patch

1. Make sure that no PureDisk jobs are currently running or are
  scheduled to be run.

2. Log out from the Web UI.

3. (Conditional) Freeze the PureDisk service groups for the clustered
  PureDisk server.

  Perform this step if the storage pool is installed with VCS cluster
  software. Use the Cluster Manager Java Console, and freeze all the
  service groups.

  For information about how to freeze and unfreeze clustered storage
  pools, see the Veritas NetBackup PureDisk Storage Pool Installation
  Guide.

4. Type the following command to unpack the release update software:

  tar -C / -xf /root/NB_PDE_6.5.1.tar ./opt

5. Type the following command to run and install the release update:

  /opt/pdinstall/apply-NB_PDE_6.5.1.sh

  If the topology.ini file is encrypted, the software prompts you for
  the password to decrypt this file.

  If you are upgrading from PureDisk 6.2.2 you will be prompted for the
  location of the 6.5.0 tgz file. Enter the path which you copied the
  tgz file to in the previous section:

  /opt/pdinstall/puredisk-6.5.0.10534

  The release update automatically pushes the software to all nodes in
  the storage pool and to all clients.

  At the end of a successful installation, the software prompts you to
  encrypt the topology.ini file.

6. (Conditional) If Active Directory is enabled and the Common
  Internet File System (CIFS) PureDisk service is installed, run the
  following command:

  #/opt/pdag/bin/php /opt/pdspa/cli/EnableActiveDirectoryForCIFS.php
  --server=ad_server --realm=kerberos_realm --workgroup ad_wkgrp

7. (Conditional) If "NB_PDE_6.5.0.1_EEB08-iscsi_lvm_boot", was ever
  installed, run the following script on every PureDisk node:

  /opt/pdconfigure/scripts/support/fix_iSCSI_LVM_issues.sh

8. (Conditional) If you use LVM volume groups on top of iSCSI physical
  volumes, run the following script on each PureDisk node after you
  finish configuring you LVM+iSCSI.

  /opt/pdconfigure/scripts/support/fix_iSCSI_LVM_issues.sh

  The script fixes known issue that iSCSI LVM disks are not available
  after reboot.

9. (Conditional) Unfreeze the PureDisk service groups for the
  clustered PureDisk server.

  Perform this step if the storage pool is installed with VCS cluster
  software. The Veritas Cluster Server (VCS) software might detect some
  faults during the upgrade process. If any upgrade actions generate a
  VCS fault, use the Cluster Manager Java Console to clear the fault and
  probe that resource group before you unfreeze the cluster.

10. Monitor the client agent update jobs

   Take the following actions to monitor the client agent upgrade jobs:

   * Invoke the Web UI.

   * Click the Workflows tab.

   * Select the Agent update workflow.


   If one of the upgrade jobs fails, PureDisk deactivates those client
   agents. You will need to activate these agents again and to select
   the client to upgrade to. Follow the steps below:

   * Invoke the Web UI.

   * Click the Data management tab.

   * In the middle pane, select the 'Deactivated client agents by
     storage pool' view, which is the third view from the left.

   * Select the 'storage pool' level in the middle pane and choose
     'Activate Agents' from the left hand pane.

   * Refresh the middle pane.

     It will switch back to the default view with all clients.

   * Select the 'storage pool' level in the middle pane and choose
     'Upgrade Agents' from the left hand pane. Choose the version you
     want to upgrade to.


   Monitor these upgrade jobs again, start over if they fail or time-out.

11. (Conditional) Upgrade the PDDO agent software on PDDO media
   server clients.

   Perform the procedure called "UPGRADING PDDO AGENTS ON MEDIA SERVER
   CLIENTS", which follows. The release update includes upgraded PDDO
   agents for Linux, Solaris, and Windows clients.

12. (Conditional) Reconfigure the PureDisk Agent service for UNC
   backups.

   To reconfigure the PureDisk Agent service for UNC backups, do the
   following:

   * Click Start > Run.

   * At the Open: prompt, type services.msc.

   * Right-click Veritas NetBackup PureDisk Client Agent and
     select Properties on the pull-down menu.

   * Click the Log On tab.

   * Select This Account.

   * Specify the username of the account that has backup operator
     permissions. Either type the domain name for the user name or click
     Browse and follow the browse prompts.

   * Type and retype your password.

   * Click OK when this tab is complete.

   * Click Restart to restart the PureDisk client service.




=============================================
UPGRADING PDDO AGENTS ON MEDIA SERVER CLIENTS
=============================================


This section describes how to upgrade PDDO agents on media server clients.


Note:


The upgrade software removes the old PDDO agent software automatically.
For more information about how to install the PDDO agent, see the Veritas
NetBackup PureDisk Deduplication Option Guide.


Upgrading PDDO

1. Make sure that the storage pool software for the PDDO clients has
  been upgraded.

2. Refresh the PureDisk landing page.

  The landing page can be found on:

  https://<your-puredisk-spa>/

  For <your-puredisk-spa>, type the hostname or the IP address of your
  PureDisk storage pool authority.

  Be aware that this release update includes both the PureDisk 6.5 base
  release agents and revised agents for Linux, Solaris, and Windows
  clients. The revised agents include updates for PDDO agent
  installation only. A later step in this procedure instructs you to
  download the revised agents if you want to upgrade the PDDO agent on a
  client.

3. Log in to each PDDO client.

4. From the PDDO media server client, download the new PDDO agent
  software.

  The landing page includes more than one software version of the PDDO
  agent, so take care to download the most recent agent.

5. (Conditional) Freeze the PureDisk service groups for the clustered
  PDDO server.

6. Stop all NetBackup services on the NetBackup media server.

7. Install the agent software included with this release update.

  * On Windows systems, double-click the PureDisk agent icon. This
    starts the Windows installation Wizard.

  * On Linux or Solaris systems, you can use either the attended or
    the unattended installation method. The installer prompts you to
    confirm the upgrade. For example, type the following command to
    upgrade the Solaris 10 agent:


  # sh pdagent-Solaris_10_sparc-6.5.1.XXXX.run

  For XXXX, type the name of the PureDisk upgrade release number.

8. (Conditional) Unfreeze the PureDisk service groups for the
  clustered PDDO server.

9. Start all the NetBackup services on the NetBackup media server.

==============================================================================
WARNING: As stated above, ensure that servers are upgraded to the
most recent version of PureDisk after installing 6.5.1.  After
downloading this 6.5.1 package, also download and apply the release
updates found in the Related Documents section below.
==============================================================================

 

Attachments

NB_PDE_6.5.1_319370.tar (453.2 MBytes)


Legacy ID



319370


Article URL http://www.symantec.com/docs/TECH67771


Terms of use for this information are found in Legal Notices