DELLTechnologies Avamar Server Avamar Platform OS Security Patch Rollup User Guide

DELLTechnologies Avamar Server Avamar Platform OS Security Patch Rollup

Product Information

Specifications

• Product Name: Dell Avamar Platform OS Security Patch
  Rollup

• Version: 2024R1

• Manufacturer: Dell Inc.

• Supported Products:

  • Avamar server
  • Avamar combined proxy
  • Avamar Virtual Edition (AVE)
  • Avamar Data Store (ADS)
  • Avamar NDMP accelerator node
  • NetWorker Virtual Edition (NVE)
  • PowerProtect DP Series Appliance/Integrated Data Protection
    Appliance (IDPA)

• Third-party Components Updated:

  • Java Runtime Environment (JRE)
  • Apache Tomcat
  • BSAFE OwB FIPS package

Product Usage Instructions

• If required, follow these steps to free space on the server’s /boot volume when applying the OS security patch rollup on ADS.

NOTE: Ensure all nodes in a multi-node server have the required free space on the /boot volume.

FAQ

• Q: How much free space is required on the /boot volume when applying the Security Rollup?
• A: The required free space on the /boot volume is 80MB when manually applying the Security Rollup. When applying via Avinstaller, the required amount may differ based on the rollup version. Refer to the documentation for specific requirements.
• Q: Which products are supported by this OS Security Patch Rollup?
• A: This rollup applies to Avamar server, Avamar combined proxy, Avamar Virtual Edition (AVE), Avamar Data Store (ADS), Avamar NDMP accelerator node, NetWorker Virtual Edition (NVE), PowerProtect DP Series Appliance/Integrated Data Protection Appliance (IDPA).

These release notes contain supplemental information about the Avamar OS security patch rollup and list the common vulnerabilities and exposures (CVEs) that are addressed in 2024R1. For the list of CVEs that pertain to 2019R4 and earlier OS security patch rollups, see Avamar Platform OS Security Patch Rollup Release Notes.
These release notes include the following sections:

Revision history

The following table presents the revision history of this document.
Table 1. Revision history

Avamar platform OS security patch rollup

The Avamar platform OS security patch rollup automates the steps that are required to apply security and operating system updates that are periodically released between scheduled Avamar server software releases.
These release notes provide lists of the common vulnerabilities and exposures (CVEs) addressed by each security patch.
The security patches that are listed in this document apply to the following products:

• Avamar server
• Avamar combined proxy
• Avamar Virtual Edition (AVE)
• Avamar Data Store (ADS)
• Avamar NDMP accelerator node
• NetWorker Virtual Edition (NVE)
• PowerProtect DP Series Appliance/Integrated Data Protection Appliance (IDPA)

The latest Dell Security Advisory (DSA) KB article for these products on the Support site provides the support matrix.
This Avamar platform OS security patch rollup updates the following third- party components also, if present:

• Java Runtime Environment (JRE)
• Apache Tomcat
• BSAFE OwB FIPS package

Clean /boot volume

• If required, perform this procedure to free space on the server’s /boot volume when you apply the OS security patch rollup on ADS.

About this task

NOTE: To ensure all the nodes in a multi-node server have the required free space on the /boot volume, perform this procedure on the utility node, all storage nodes, spare nodes, and accelerator nodes (if applicable).
NOTE: When you manually apply the Security Rollup, the required amount of free space on the /boot volume is 80MB.

When you apply rollup via the installer, the required amount of free space on the /boot volume differs between rollup releases.
The following table determines how much free space the rollup requires. Compare this value to the observed free space. When the rollup is applied manually, the required amount of free space on the /boot volume is 80MB for every release.

Table 2. Free space targets

Steps

Open a command shell and log in by using one of the following methods:

• For a single-node server, log in to the server as admin, and then switch user to root by running su -.
• For a multi-node server, log in to the utility node as admin, and then switch user to root by running su -.
• Check the size and free space on the /boot volume by typing the following command: df -h /boot/

• Verify whether the volume meets the free space target for this rollup version.
• Check for -dump files on the /boot volume by typing the following command: ls -l /boot/kdump
• Information similar to the following is displayed in the command shell:

• Remove kdump files on the/boot volume by typing the following command: rm /boot/*kdump
• List the installed kernels by typing the following command: rpm -qa |grep kernel-default

• Display the running kernel version by typing the following command: uname -a

• Identify any old kernels from the list of installed kernels. Exclude the running kernel version.
• If present, remove any old kernels by typing the following command on one line: rpm -ev kernel-default-VERSION_OLD kernel-default-base-VERSION_OLD
• Check the installed and running kernel again for any old kernel files in /boot. If present, remove them manually.
• Check for archived .gz files on the /boot volume by typing the following command: ls -l /boot/*.gz

• If necessary, remove any archived .gz files on the /boot volume by typing the following command: rm /boot/*.gz
• If the space on the /boot volume is still not enough(less than 80MB)(for manual installation), backup and remove the running kernel: mkdir /usr/local/avamar/var/rollup_bak mv /boot/VERSION_NEW /usr/local/avamar/var/rollup_bak

NOTE: After the security rollup installation is complete, do not forget to restore the running kernel files by following step 14.

• Check the size and free space on the /boot volume by typing the following command: df -h /boot/
• For manual installation, after rollup installation is complete, restore the running kernel (if backup up is done in step 12) by typing the following command: mv /usr/local/avamar/var/rollup_bak/*-default /boot rm -r /usr/local/avamar/var/rollup_bak

2024R1 CVEs
This release contains patches for the following CVEs, as indicated by the platform. See the spreadsheet included with each release for CVE details, including applicable packages and RPM files.

SUSE Linux Enterprise Server 12 SP5 CVE list for an Avamar server
The CVEs in this section apply to SLES 12 SP5 on an Avamar server.
Table 3. 2024R1 CVEs for SLES 12 SP5 on an Avamar server

SUSE Linux Enterprise Server 12 SP5 CVE list for an Avamar combined proxy
The CVEs in this section apply to SLES 12 SP5 on an Avamar combined proxy.
Table 4. 2024R1 CVEs for SLES 12 SP5 on an Avamar combined proxy

SUSE Linux Enterprise Server 12 SP5 CVE list for an NVE
The CVEs in this section apply to SLES 12 SP5 on an NVE.

Table 5. 2024R1 CVEs for SLES 12 SP5 on an NVE

SUSE Linux Enterprise Server 12 SP5 CVE list for an NDMP accelerator node
The CVEs in this section apply to SLES 12 SP5 on an NDMP accelerator node.
Table 6. 2024R1 CVEs for SLES 12 SP5 on an NDMP accelerator node

SUSE Linux Enterprise Server 12 SP5 CVE list for an ADS Gen5A NDMP accelerator node
The CVEs in this section apply to SLES 12 SP5 on an ADS Gen5A NDMP accelerator node.
Table 7. 2024R1 CVEs for SLES 12 SP5 on an ADS Gen5A NDMP accelerator node

Notes, cautions, and warnings

NOTE: A NOTE indicates important information that helps you make better use of your product.
CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem.
WARNING: A WARNING indicates a potential for property damage, personal injury, or death.

© 2017 – 2024 Dell Inc. or its subsidiaries. All rights reserved. Dell Technologies, Dell, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners.

Read User Manual Online (PDF format)

Download This Manual (PDF format)

Download this manual  >>