How are fixes to new security vulnerabilities in Veritas Appliances Delivered?
To keep Veritas Appliances secure from new security vulnerabilities, Veritas has the following targets in place today:
- Deliver HotFiixes for critical exploitable vulnerabilities within 30 days or as mandated by CISA (Cybersecurity and Infrastructure Security Agency) for all Veritas appliances.
- Deliver, about every 90 days, Maintenance Releases (MRs) for NetBackup Appliances and NetBackup Flex Appliances that include fixes for medium, high, and critical vulnerabilities.
What delivery mechanism, for Veritas Appliances security vulnerabilities fixes, was recently added?
To provide security fixes, sooner, to our customers, Veritas added another delivery mechanism in the form of (monthly) Security Patches (SPs) for NetBackup Appliances, Flex Appliances and Access Appliances. The SPs do not replace the above targets; the SPs are in addition to the above targets. While the scope of the SPs includes fixes for critical, high, and medium vulnerabilities, the actual content of the security patches will be at Veritas’s discretion and depends on the availability of fixes.
For which releases are the SPs built?
The SPs are built for the latest Maintenance Release (MR) of the latest major release only (or for the latest GA release only in the absence of MR).
Do the SPs have a version scheme?
Not with NetBackup Appliance. On Flex Appliance, starting with 4.1 release, SPs are denoted as A.B.C, where A is the major release number, B is the MR number (if one has been built) and C refers to the SP number, which is a multiple of 10.
What is the cadence of SPs?
SPs are typically delivered about every 30 days.
Which SPs have been delivered?
NetBackup Appliance 5.0.0.1 MR1 SP1 (9/30/2022)
NetBackup Appliance 5.0.0.1 MR1 SP2 (10/26/2022)
NetBackup Appliance 5.0.0.1 MR2 SP1 (1/16/2023)
NetBackup Appliance 5.1.1 SP1 (3/1/2023)
NetBackup Flex Appliance 2.1.2 SP1 (11/10/2022)
NetBackup Flex Appliance 3.0.1 (1/26/2023)
NetBackup Flex Appliance 3.0.2 (3/1/2023)
NetBackup Appliance 5.1.1 SP2 (3/29/2023)
NetBackup Flex Appliance 3.1.1 (4/28/2023)
NetBackup Access Appliance 8.1.001 (6/2/2023)
NetBackup Appliance 5.1.1 MR1SP1 (6/26/2023)
NetBackup Appliance 5.1.1 MR1SP2 (7/31/2023)
NetBackup Flex Appliance 3.2.1 (8/17/2023)
NetBackup Appliance 5.1.1 MR1SP3 (9/8/2023)
NetBackup Flex Appliance 3.2.2 (9/18/2023)
NetBackup Access Appliance 8.1.101 (10/27/2023)
NetBackup Appliance 5.1.1 MR2SP1 (11/17/2023)
NetBackup Flex Appliance 3.3.1 (11/21/2023)
NetBackup Appliance 5.1.1 MR1SP3 (9/8/2023)
NetBackup Access Appliance 8.1.102 (12/15/2023)
Security Patch 1 for NetBackup Appliance 5.3 (12/26/2023)
Security Patch 1 for NetBackup Flex Appliance 4.0 (1/18/2024)
Security Patch 2 for NetBackup Appliance 5.3 (1/24/2024)
Security Patch 2 for NetBackup Flex Appliance 4.0 (2/22/2024)
Security Patch 1 for NetBackup Appliance 5.3.0.1 MR1 (4/17/2024)
Security Patch 1 for NetBackup Access Appliance 8.2 (4/19/2024)
Security Patch 1 for NetBackup Flex Appliance 4.1 (5/10/2024)
Security Patch 2 for NetBackup Appliance 5.3.0.1 MR1 (5/16/2024)
Security Patch 1 for NetBackup Appliance 5.3.0.1 MR2 (8/12/2024)
Security Patch 1 for NetBackup Flex Appliance 5.0 (8/15/2024)
Security Patch 2 for NetBackup Flex Appliance 5.0 (9/12/2024)
Security Patch 2 for NetBackup Appliance 5.3.0.1 MR2 (9/12/2024)
Security Patch 1 for NetBackup Appliance 5.3.0.1 MR3 (11/14/2024)
Security Patch 1 for NetBackup Flex Appliance 5.1 (12/10/2024)
Security Patch 2 for NetBackup Appliance 5.3.0.1 MR3 (12/18/2024)
Security Patch 1 for NetBackup Flex Appliance 6.0 (1/16/2025)
The SPs can be downloaded from the Updates section of the release page in Veritas Download Center.
Are SPs cumulative?
SPs for the same MR of a release are cumulative. Once a new MR is available, no more SPs will be delivered for the previous MR. Therefore, it is very important to stay on the latest MR to continue getting SPs. If possible, the content of the last SP before a new MR is released will be merged into that MR.
Can delivery of SPs be skipped?
SPs may be skipped if a major release or maintenance release is planned to be delivered around the same time or if no critical/high vulnerability fixes are available.
Does Appliance Management Server (AMS) support SPs?
AMS 2.1/2.2 supports the deployment of NetBackup Appliance SPs
AMS does not support deployment of Flex Appliance or Access Appliance SPs
For more information about Veritas Product Lifecycle Policy and Dates see here.
For more Information about Veritas Appliance Maintenance Releases see here.
Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and are subject to change. Any future release of the product or planned modifications to product capability, functionality, or feature are subject to ongoing evaluation by Veritas, and may not be implemented and should not be considered firm commitments by Veritas and should not be relied upon in making decisions.
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.