DELL Technologies 2023R3 Avamar Platform OS Security Patch Rollup User Guide

DELL Technologies 2023R3 Avamar Platform OS Security Patch Rollup

Specifications

• Product Name: Dell Avamar Platform OS Security Patch Rollup
• Version: 2023R3
• Manufacturer: Dell Inc.
• Supported Products:
  • Avamar server
  • Avamar combined proxy
  • Avamar Virtual Edition (AVE)
  • Avamar Data Store (ADS)
  • Avamar NDMP accelerator node
  • NetWorker Virtual Edition (NVE)
  • PowerProtect DP Series Appliance/Integrated Data Protection Appliance (IDPA)
• Third-Party Components Updated:
  • Java Runtime Environment (JRE)
  • Apache Tomcat
  • BSAFE OwB FIPS package

Revision history

The following table presents the revision history of this document. Table 1. Revision history

Table 1. Revision history

Avamar platform OS security patch rollup
The Avamar platform OS security patch rollup automates the steps that are required to apply security and operating system updates that are periodically released between scheduled Avamar server software releases.
These release notes provide lists of the common vulnerabilities and exposures (CVEs) addressed by each security patch.

The security patches that are listed in this document apply to the following products:

• Avamar server
• Avamar combined proxy
• Avamar Virtual Edition (AVE)
• Avamar Data Store (ADS)
• Avamar NDMP accelerator node
• NetWorker Virtual Edition (NVE)
• PowerProtect DP Series Appliance/Integrated Data Protection Appliance (IDPA)

The latest Dell Security Advisory (DSA) KB article for these products on the Support site provides the support matrix.
This Avamar platform OS security patch rollup updates the following third- party components also, if present:

• Java Runtime Environment (JRE)
• Apache Tomcat
• BSAFE OwB FIPS package

Clean /boot volume
If required, perform this procedure to free space on the server’s /boot volume when you apply the OS security patch rollup on ADS.

About this task

NOTE : To ensure all the nodes in a multi-node server have the required free space on the /boot volume, perform this procedure on utility node, all storage nodes, spare nodes, and accelerator nodes (if applicable).
NOTE: When you manually apply the Security Rollup, the required amount of free space on the /boot volume is 80MB.

When you apply rollup via avinstaller, the required amount of free space on the /boot volume differs between rollup releases. The following table determines how much free space the rollup requires. Compare this value to the observed free space. When
the rollup is applied manually, the required amount of free space on the /boot volume is 80MB for every release.

Table 2. Free space targets

Steps

1.  Open a command shell and log in by using one of the following methods:

2. For a single-node server, log in to the server as admin, and then switch user to root by running su -.

3. For a multi-node server, log in to the utility node as admin, and then switch user to root by running su -.

4. Check the size and free space on the /boot volume by typing the following command:
   df -h /boot/

5. Filesystem Size Used Avail Use% Mounted on

6. /dev/sda1 98M 13M 81M 14% /boot
   Verify whether the volume meets the free space target for this rollup version.

7. Check for -kdump files on the /boot volume by typing the following command:
   ls -l /boot/kdump
   Information similar to the following is displayed in the command shell:

8. – rw-r–r– 1 root root 10517730 Aug 1 13:14 /boot/vmlinux-KERNEL_VERSION-kdump

9. Remove kdump files on the/boot volume by typing the following command:
   rm /boot/*kdump

10. List the installed kernels by typing the following command:
    rpm -qa |grep kernel-default

11. kernel-default-base-VERSION_NEW

12. kernel-default-base-VERSION_OLD

13. kernel-default-VERSION_NEW

14. kernel-default-VERSION_OLD

15. Display the running kernel version by typing the following command:
    uname -a
    Linux test VERSION_NEW #1 SMP Thu Aug 1 15:34:33 UTC 2019 (47e48a4) x86_64 x86_64 x86_64 GNU/Linux

16. Identify any old kernels from the list of installed kernels. Exclude the running kernel version.

17. If present, remove any old kernels by typing the following command on one line:
    rpm -ev kernel-default-VERSION_OLD kernel-default-base-VERSION_OLD

18. Check the installed and running kernel again for any old kernel files in /boot. If present, remove them manually.

19. Check for archived .gz files on the /boot volume by typing the following command:
    ls -l /boot/*.gz

    • – rw-r–r– 1 root root 357826 Oct 31 2018 /boot/symvers-VERSION_OLD-default.gz
    • – rw-r–r– 1 root root 358659 Aug 1 13:14 /boot/symvers-VERSION_NEW-default.gz
    • – rw-r–r– 1 root root 10501442 Oct 31 2018 /boot/vmlinux-VERSION_OLD-default.gz
    • – rw-r–r– 1 root root 10517730 Aug 1 13:14 /boot/vmlinux-VERSION_NEW-default.gz

20. If necessary, remove any archived .gz files on the /boot volume by typing the following command:
    rm /boot/*.gz

21. If the space on the /boot volume is still not enough(less than 80MB)(for manual installation), backup and remove the running kernel:
    mkdir /usr/local/avamar/var/rollup_bak
    mv /boot/VERSION_NEW
    /usr/local/avamar/var/rollup_bak
    NOTE: After the security rollup installation is complete, do not forget to restore the running kernel files by following step 14.

22. Check the size and free space on the /boot volume by typing the following command: df -h /boot/

23. For manual installation, after rollup installation is complete, restore the running kernel (if back up done in step 12) by typing the following command:

24. mv /usr/local/avamar/var/rollup_bak/*-default /boot

25. rm -r /usr/local/avamar/var/rollup_bak

2023R3 CVEs
This release contains patches for the following CVEs, as indicated by platform. See the spreadsheet included with each release for CVE details, including applicable packages and RPM files.

SUSE Linux Enterprise Server 12 SP5 CVE list for an Avamar server
The CVEs in this section apply to SLES 12 SP5 on an Avamar server.

Table 3. 2023R3 CVEs for SLES 12 SP5 on an Avamar server

SUSE Linux Enterprise Server 12 SP5 CVE list for an Avamar combined proxy
The CVEs in this section apply to SLES 12 SP5 on an Avamar combined proxy.

Table 4. 2023R3 CVEs for SLES 12 SP5 on an Avamar combined proxy

SUSE Linux Enterprise Server 12 SP5 CVE list for an NVE
The CVEs in this section apply to SLES 12 SP5 on an NVE.

Table 5. 2023R3 CVEs for SLES 12 SP5 on an NVE

SUSE Linux Enterprise Server 12 SP5 CVE list for an NDMP accelerator node
The CVEs in this section apply to SLES 12 SP5 on an NDMP accelerator node.

Table 6. 2023R3 CVEs for SLES 12 SP5 on an NDMP accelerator node

SUSE Linux Enterprise Server 12 SP5 CVE list for an ADS Gen5A NDMP accelerator node
The CVEs in this section apply to SLES 12 SP5 on an ADS Gen5A NDMP accelerator node.

Table 7. 2023R3 CVEs for SLES 12 SP5 on an ADS Gen5A NDMP accelerator node

Notes, cautions, and warnings

NOTE : A NOTE indicates important information that helps you make better use of your product.
CAUTION : A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem.
WARNING : A WARNING indicates a potential for property damage, personal injury, or death.

© 2017 – 2023 Dell Inc. or its subsidiaries. All rights reserved. Dell Technologies, Dell, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners.

Frequently Asked Questions

• Q: What products are supported by the Avamar platform OS security patch rollup?
  • A: The security patch rollup applies to Avamar server, Avamar combined proxy, Avamar Virtual Edition (AVE), Avamar Data Store (ADS), Avamar NDMP accelerator node, NetWorker Virtual Edition (NVE), and PowerProtect DP Series Appliance/Integrated Data Protection Appliance (IDPA).
• Q: How much free space is required on the /boot volume when applying the Security Rollup?
  • A: When applied manually, 80MB of free space is required on the /boot volume. The required amount may vary when applying the rollup via avinstaller.

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>