Problem
The 8.0.2 VRTSfsadv package was flagged for a libcurl vulnerability (CVE-2024-7264). This issue was identified by a third-party security scanner, which raised concerns about the security of the package due to the outdated version of libcurl being used.
Error Message
There was no explicit error message generated by the system. However, a third-party security scanner detected the vulnerability and flagged it for further investigation.
Cause
The root cause of the vulnerability issue was traced to the libcurl version used in the VRTSfsadv package. The version in use was 7.59, which is known to have security vulnerabilities that could potentially be exploited.
Solution
A hotfix is now available for this issue in the current version(s) of the product(s) mentioned. Refer to the Hotfix link under Related Articles to obtain the hotfix needed to resolve the issue.
To address the vulnerability, the VRTSfsadv package has been updated to include libcurl version 8.12, which resolves the security concern.
Patches to address can be found here:
RHEL 8: https://www.veritas.com/support/en_US/downloads/update.UPD182831
RHEL 9: https://www.veritas.com/support/en_US/downloads/update.UPD641575
SLES 15: https://www.veritas.com/support/en_US/downloads/update.UPD542098
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.