Translation Notice
Please note that this content includes text that has been machine-translated from English. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.
vom-Patch-8.0.2.540
Patch
Abstract
vom-Patch-8.0.2.540
Description
* * * READ ME * * *
* * * Veritas Operations Manager 8.0.2 * * *
* * * Patch 540 * * *
Patch Date: 2024-12-31
This document provides the following information:
* PATCH NAME
* OPERATING SYSTEMS SUPPORTED BY THE PATCH
* PACKAGES AFFECTED BY THE PATCH
* BASE PRODUCT VERSIONS FOR THE PATCH
* SUMMARY OF INCIDENTS FIXED BY THE PATCH
* DETAILS OF INCIDENTS FIXED BY THE PATCH
* INSTALLATION PRE-REQUISITES
* INSTALLING THE PATCH
* REMOVING THE PATCH
PATCH NAME
----------
Veritas Operations Manager 8.0.2 Patch 540
OPERATING SYSTEMS SUPPORTED BY THE PATCH
----------------------------------------
AIX 7.1
AIX 7.2
RHEL7 x86-64
RHEL8 x86-64
RHEL9 x86-64
SLES12 x86-64
SLES15 x86-64
Solaris 11 SPARC
Solaris 11 X64
Windows 2016 X64
Windows 2019 X64
BASE PRODUCT VERSIONS FOR THE PATCH
-----------------------------------
* Veritas Operations Manager 8.0.2.0
SUMMARY OF INCIDENTS FIXED BY THE PATCH
---------------------------------------
Patch ID: vom-HF0802540
* 4187570 (4187569) Session timeout issue.
* 4187590 (4187589) Can not create Service Group, Resources and can not start/stop VBS on Windows Cluster nodes.
* 4187601 (4187599) Faults are not getting cleared for VCS Clusters.
* 4187608 (4187607) Disk Group utilization chart shows negative value for spare size for some DG.
* 4187632 (4187631) Security Vulnerabilities fixes
* 4187685 (4187684) Product Enhancement - New Global reports can be created for VVR SRL Mismatch and VVR Tunables.
* 4187688 (4187687) Scheduled email reports are showing blank or incorrect data in both csv and html format.
* 4187691 (4187690) /var/log/messages is showing large number of path messages when VIOM discovers disks.
Patch ID: vom-HF0802530
* 4182108 (4182106) Session timeout issue.
* 4182111 (4182110) Security Vulnerabilities fixes
* 4182187 (4182185) Product Enhancement - Disabling non-single sign on (SSO) authentication in VIOM UI login page.
Patch ID: vom-HF0802520
* 4178179 (4178176) Security Vulnerabilities fixes
* 4178184 (4178182) Product Enhancement - Software Verification - Built in Language protection/stripping symbol(Checksec fix for mh(linux))
Patch ID: vom-HF0802510
* 4167484 (4167478) Product Enhancement - EO logging- key value pair changes
* 4167872 (4167871) VIOM dcli plugin tool was not able to copy plugins and deploy script to target MHs.
* 4167876 (4167875) VIOM db is not updating due to linking issue of psqlodbcw.so binary.
* 4167879 (4167878) Product Enhancement - Support added to configure SSO using Azure IDP in VIOM.
* 4167882 (4167881) Product Enhancement - Support added to configure SSO using IBM IDP in VIOM.
* 4168130 (4168129) Security Vulnerabilities fixes
Patch ID: vom-HF0802500
* 4157862 (4157861) SFM_Services_XPRTLDD and SFM_Services_XPRTLDS resources showing intermediate failure log messages in engine_A.log
* 4157871 (4157870) Patch or addon upload fails with socketTimeoutException.
* 4157875 (4157874) Host refresh wizard showing two entries for selected host/s.
* 4157878 (4157873) Security Vulnerabilities fixes
* 4157881 (4157880) Failed to configure GCO and Firedrill on Windows VCS cluster.
* 4157887 (4157886) Product Enhancement - Added support of Azure and IBM IDP for SSO in VIOM.
Patch ID: vom-HF0802400
* 4143304 (4143302) (Security Fix ) Tomcat directory has ownership root:root instead of tomcat:tomcat
* 4152236 (4152233) Product Enhancement- immutable checkpoints(SecureFS).
* 4152380 (4152379) Security Vulnerabilities fixes
* 4152397 (4152396) VIOM does not report remote cluster status as faulted and no fault is raised on the cluster in case of abrupt shut down.
* 4152412 (4152411) Product Enhancement - A new fault of type warning is implemented for Veritas Volume Replicator to identify when SRL and data volumes are on the same disk.
* 4152418 (4152417) VIOM dcli plugin tool was not able to copy plugins and deploy script to target MHs.
* 4152915 (4152914) Log rotation for agentlet is not working.
* 4153317 (4153315) VIOM CMS/MH(AWS deployment)) discovery fails due to error in executing AWS meta APIs.
Patch ID: vom-HF0802320
* 4143301 (4143298) Security Vulnerabilities fixes
* 4143304 (4143302) (Security Fix ) Tomcat directory has ownership root:root instead of tomcat:tomcat
Patch ID: vom-HF0802310
* 4137424 (4137422) Security Vulnerabilities fixes
Patch ID: vom-HF0802300
* 4136201 (4136200) Potential data corruption while configuring VVR with Veritas InfoScale Operations Manager 8.0.2.
Patch ID: vom-HF0802200
* 4134499 (4134498) Configure VVR with VCS configuration using VIOM.
* 4134503 (4134502) Product Enhancement - Protecting against brute force attack
* 4134521 (4134520) Product Enhancement - Create encrypted Volume on InfoScale Windows platform using VIOM.
* 4134524 (4134523) Product Enhancement - Downloading the InfoScale configuration files
* 4134530 (4134529) Security Vulnerabilities fixes
Patch ID: vom-HF0802110
* 4131151 (4131150) Security Vulnerabilities fixes
Patch ID: vom-HF0802100
* 4125903 (4125897) In clustered configuration, VIOM does not show VVR link for Secondary RVG.
* 4125920 (4125916) Storage Migration plan does not get executed.
* 4125924 (4125922) Registered policy signature scan may not work properly.
* 4125928 (4125926) Some VIOM GUI related fixes.
* 4126011 (4126009) Security Vulnerabilities fixes
* 4126016 (4126015) AWS cloud attributes are not getting detected in VIOM for Amazon EC2 instance.
DETAILS OF INCIDENTS FIXED BY THE PATCH
---------------------------------------
This patch fixes the following incidents:
Patch ID: vom-HF0802540
* 4187570 (Tracking ID: 4187569)
SYMPTOM:
Session timeout value on GUI is shown 24 instead of -1.
DESCRIPTION:
For session timeout value -1 post logout and login, session timeout value on GUI is shown 24 instead of -1.
RESOLUTION:
Fixed the value being displayed on GUI.
* 4187590 (Tracking ID: 4187589)
SYMPTOM:
Can not create Service Group, Resources and can not start/stop VBS on Windows Cluster nodes.
DESCRIPTION:
While creating VCS Service Group and Resources, you may not see correct information in Wizard. You can also not start/stop VBS.
RESOLUTION:
Fixed the PATH environment value for Windows.
* 4187601 (Tracking ID: 4187599)
SYMPTOM:
After reboot of VCS cluster nodes, faults are not getting cleared.
DESCRIPTION:
After reboot of a cluster node, you may notice that VIOM UI still shows faults on cluster and nodes related to cluster system down, no failover etc.
To fix the problem, apply 8.0.2.540 patch on all nodes having VRTSsfmh package version 8.0.2.500 to 8.0.2.530.
After applying the patch on applicable nodes, run below commands on VIOM Management Server to clean the stale faults entries from Database.
1) On Linux Management Server -
/opt/VRTSsfmcs/pgsql/bin/psql -U habdbsync -p 5636 SFMdb3
2) On Windows Management Server -
"C:Program FilesVeritasVRTSsfmcspgsqlbinpsql.exe" -U habdbsync -p 5636 SFMdb3
3) delete from p_host_to_fault where fid in ('LOCAL_CLUSTER_GROUP_NO_FAILOVER', 'CLUSTER_SYSTEM_DOWN', 'VCS_SERVICEGROUP_FAULTED');
4) delete from p_fault_obj where fid in ('LOCAL_CLUSTER_GROUP_NO_FAILOVER', 'CLUSTER_SYSTEM_DOWN', 'VCS_SERVICEGROUP_FAULTED');
5) Ctrl+Z to exit from the psql command prompt.
Confirm in VIOM GUI that faults have gone.
RESOLUTION:
Fixed the cluster faults cleanup in VRTSsfmh.
* 4187608 (Tracking ID: 4187607)
SYMPTOM:
Disk Group utilization chart shows negative value for spare size for some DG.
DESCRIPTION:
Spare size is being calculated based on LUN_SIZE which is not always showing updated value after increasing LUN size.
RESOLUTION:
Picking LUN_SIZE from correctly updated table to calculate spare size.
* 4187632 (Tracking ID: 4187631)
SYMPTOM:
Third party component vulnerability reported.
DESCRIPTION:
Following third party component has been upgraded:
--------------------------------------------------------------------------------------------------------------------------------------------------
Component Name Upgraded Version(8.0.2.540) COMMENTS
--------------------------------------------------------------------------------------------------------------------------------------------------
tomcat 9.0.98 APPLICABLE FOR VIOM MANAGEMENT SERVER ONLY.
java 11.0.25.9.1 APPLICABLE FOR VIOM MANAGEMENT SERVER ONLY.
--------------------------------------------------------------------------------------------------------------------------------------------------
RESOLUTION:
Fixed the affected endpoint.
* 4187685 (Tracking ID: 4187684)
SYMPTOM:
N/A
DESCRIPTION:
Two new reports 'VVR SRL mismatch' and 'VVR tunables' can be created under Global reports.
SQL query for SRL mismatch report:
SELECT RVG_NAME , SOURCE_SYSTEM, TARGET_SYSTEM, VOM_VIEW_SRL.SRL_VOLUME,VOM_VIEW_SRL.PRIMARY_SRL_SIZE AS PRIMARY_SRL_SIZE_MB,VOM_VIEW_SRL.SECONDARY_SRL_SIZE AS SECONDARY_SRL_SIZE_MB, CASE WHEN VOM_VIEW_SRL.PRIMARY_SRL_SIZE = VOM_VIEW_SRL.SECONDARY_SRL_SIZE THEN 'NO' ELSE 'YES' END AS SRL_VOLUME_MISMATCH FROM VOM_VIEW_SRL GROUP BY RVG_NAME , SOURCE_SYSTEM, TARGET_SYSTEM, VOM_VIEW_SRL.SRL_VOLUME, VOM_VIEW_SRL.PRIMARY_SRL_SIZE, VOM_VIEW_SRL.SECONDARY_SRL_SIZE
SQL query for VVR tunable report:
SELECT NAME, VOL_MAX_NMPOOL_SZ, VOL_MAX_RDBACK_SZ, VOL_MAX_WRSPOOL_SZ, VOL_MIN_LOWMEM_SZ, VOL_RVIO_MAXPOOL_SZ FROM VOM_VIEW_SYSTEM_HOST HOST INNER JOIN SF_VXTUNE_VVR_OBJECT VXTUNE ON VXTUNE.OBJECT_ID=HOST.ID
RESOLUTION:
N/A
* 4187688 (Tracking ID: 4187687)
SYMPTOM:
Scheduled email reports does not contain correct information.
DESCRIPTION:
If there are more than one scheduled global reports then user may get blank or incorrect reports in their email inbox.
RESOLUTION:
Fixed scheduled report generation flow.
* 4187691 (Tracking ID: 4187690)
SYMPTOM:
/var/log/messages is showing large number of path messages when VIOM discovers disks.
DESCRIPTION:
/var/log/messages logs are flooded with path messages. i.e.. These disks are part of deported disk groups.
Nov 12 07:54:40 server101 kernel: sdk: sdk3 sdk8
Nov 12 07:54:40 server101 kernel: sdad: sdad3 sdad8
Nov 12 07:54:40 server101 kernel: sdai: sdai3 sdai8
Nov 12 07:54:40 server101 kernel: sdi: sdi3 sdi8
Nov 12 07:54:40 server101 kernel: sdaj: sdaj3 sdaj8
Nov 12 07:54:40 server101 kernel: sdao: sdao3 sdao8
Nov 12 07:54:40 server101 kernel: sdl: sdl3 sdl8
RESOLUTION:
Skipping disks of deported disk groups while getting data.
Patch ID: vom-HF0802530
* 4182108 (Tracking ID: 4182106)
SYMPTOM:
Session expires after every thirty minutes.
DESCRIPTION:
GUI session expiring and returning to login screen after 30mins inactivity irrespective of webserver timeout value.
RESOLUTION:
Updated configurations, to logout after 30 mins of inactivity.
* 4182111 (Tracking ID: 4182110)
SYMPTOM:
Third party component vulnerability reported.
DESCRIPTION:
Following third party component has been reverted to latest available GA :
RESOLUTION:
Updated below jars.
--------------------------------------------------------------------------------------------------------------------------------------------------
Component Name Upgraded Version(8.0.2.530) CVE FIXED COMMENTS
--------------------------------------------------------------------------------------------------------------------------------------------------
Quartz Enterprise 2.3.2 APPLICABLE FOR VIOM
Job Scheduler MANAGEMENT SERVER ONLY.
* 4182187 (Tracking ID: 4182185)
SYMPTOM:
N/A
DESCRIPTION:
VIOM UI allows user to login with System, LDAP and IDP (Single Sign-On) credentials. In case if you have configure SSO to login in VIOM UI and do not wish any user to login with System or LDAP credentials, then use below method to disable the non-SSO authentication.
Steps:
Linux Management Server -
Open /var/opt/VRTSsfmcs/conf/esmweb.cfg.
Windows Management Server -
Open C:\ProgramData\Symantec\VRTSsfmcs\conf\esmweb.cfg
Set DISABLE_NON_SSO_AUTH=1 flag to disable non-SSO authentication.
Restart the VIOM Web server.
RESOLUTION:
N/A
Patch ID: vom-HF0802520
* 4178179 (Tracking ID: 4178176)
SYMPTOM:
Third party component vulnerability reported.
DESCRIPTION:
Following third party component has been upgraded:
--------------------------------------------------------------------------------------------------------------------------------------------------
Component Name Upgraded Version(8.0.2.520) CVE FIXED COMMENTS
--------------------------------------------------------------------------------------------------------------------------------------------------
commons-lang.jar 3.15.0 APPLICABLE FOR VIOM
MANAGEMENT SERVER ONLY.
httpclient 4.5.14 APPLICABLE FOR VIOM
MANAGEMENT SERVER ONLY.
httpcore 4.4.16 APPLICABLE FOR VIOM
MANAGEMENT SERVER ONLY.
mail 1.6.7 APPLICABLE FOR VIOM
MANAGEMENT SERVER ONLY.
jfreechart 1.5.5 APPLICABLE FOR VIOM
MANAGEMENT SERVER ONLY.
axis2.jar 1.8.2 APPLICABLE FOR VIOM
MANAGEMENT SERVER ONLY.
tomcat 9.0.91 APPLICABLE FOR VIOM
MANAGEMENT SERVER ONLY.
java 11.0.24.8.1 APPLICABLE FOR VIOM
MANAGEMENT SERVER ONLY.
spring framework 5.3.37 APPLICABLE FOR VIOM
MANAGEMENT SERVER ONLY.
--------------------------------------------------------------------------------------------------------------------------------------------------
RESOLUTION:
Fixed the affected endpoint.
* 4178184 (Tracking ID: 4178182)
SYMPTOM:
Checksec tool showing vulnerability in properties of binary.
DESCRIPTION:
Checksec tool showing vulnerability in properties of binary.
RESOLUTION:
Compiler flag changes to resolve checksec vulnerabilities.
Patch ID: vom-HF0802510
* 4167484 (Tracking ID: 4167478)
SYMPTOM:
N/A
DESCRIPTION:
This enhancement is done to display all(syslogs, feature logs, audit logs,
debug logs,etc.)logs in key-value format. Key values- Timestamp, Hostname, Component,
UMI, Message, Severity, PID, CID, UID, <Generic>. It helps to make logs more readable
and understandable to end user. This log formatting is done as per EO guidelines and requirement.
RESOLUTION:
N/A
* 4167872 (Tracking ID: 4167871)
SYMPTOM:
VIOM dcli plugin tool was not able to copy plugins and deploy script to target MHs.
DESCRIPTION:
VIOM is blocking the upload of large files.
RESOLUTION:
Allowing specific file to upload.
* 4167876 (Tracking ID: 4167875)
SYMPTOM:
VIOM db is not updating due to linking issue of psqlodbcw.so binary.
DESCRIPTION:
Symlink of libnbssl.so is pointing to /user/openv/lib instead of /opt/VRTSsfmcs/pgsql/lib/ so facing issue to update VIOM db.
RESOLUTION:
Fixed the psqlodbcw.so binary so symlink will always point to /opt/VRTSsfmcs/pgsql/lib/.
* 4167879 (Tracking ID: 4167878)
SYMPTOM:
N/A
DESCRIPTION:
Azure IDP metadata file can be uploaded in VIOM to configure Single sign-on.
RESOLUTION:
N/A
* 4167882 (Tracking ID: 4167881)
SYMPTOM:
N/A
DESCRIPTION:
IBM IDP metadata file can be uploaded in VIOM to configure Single sign-on.
RESOLUTION:
N/A
* 4168130 (Tracking ID: 4168129)
SYMPTOM:
Third party component vulnerability reported.
DESCRIPTION:
Following third party component has been upgraded:
--------------------------------------------------------------------------------------------------------------------------------------------------
Component Name Upgraded Version(8.0.2.510) CVE FIXED COMMENTS
--------------------------------------------------------------------------------------------------------------------------------------------------
ICU4J 75.1 APPLICABLE FOR VIOM
MANAGEMENT SERVER ONLY.
Quartz Enterprise 2.4.0-rc1 APPLICABLE FOR VIOM
Job Scheduler MANAGEMENT SERVER ONLY.
PostgreSQL JDBC 42.7.3 APPLICABLE FOR VIOM
Driver (pgjdbc) MANAGEMENT SERVER ONLY.
--------------------------------------------------------------------------------------------------------------------------------------------------
RESOLUTION:
Fixed the affected endpoint.
Patch ID: vom-HF0802500
* 4157862 (Tracking ID: 4157861)
SYMPTOM:
SFM_Services_XPRTLDD and SFM_Services_XPRTLDS resources showing intermediate failure log messages in engine_A.log
DESCRIPTION:
SFM_Services_XPRTLDD and SFM_Services_XPRTLDS resources showing intermediate failure log messages in engine_A.log
RESOLUTION:
Added 3 retries to check xprtld service status for SFM_Services_XPRTLDD and SFM_Services_XPRTLDS resources before sending return code status to vcs engine.
* 4157871 (Tracking ID: 4157870)
SYMPTOM:
Patch or addon upload fails with socketTimeoutException.
DESCRIPTION:
When uploading patch or addon its taking longer than the timeout value which is 1 min by default.
RESOLUTION:
Increased default connectionTimeout to 5 min to avoid socketTimeoutException while uploading patch or addons.
* 4157875 (Tracking ID: 4157874)
SYMPTOM:
Host refresh wizard showing two entries for selected host/s.
DESCRIPTION:
Host refresh wizard showing two entries for selected host/s.
RESOLUTION:
Modified DB view to show correct/single entry for selected host/s.
* 4157878 (Tracking ID: 4157873)
SYMPTOM:
Third party component vulnerability reported.
DESCRIPTION:
Following third party component has been upgraded:
--------------------------------------------------------------------------------------------------------------------------------------------------
Component Name Upgraded Version(8.0.2.500) CVE FIXED COMMENTS
--------------------------------------------------------------------------------------------------------------------------------------------------
Java 11.0.22.7.1 APPLICABLE FOR VIOM
MANAGEMENT SERVER ONLY.
Apache Tomcat 9.0.86 APPLICABLE FOR VIOM
MANAGEMENT SERVER ONLY.
Spring 5.3.32 CVE-2016-1000027, APPLICABLE FOR VIOM
Framework CVE-2023-20863 (BDSA-2023-0847) MANAGEMENT SERVER ONLY.
OpenSSL 1.0.2zi APPLICABLE FOR LINUX and WINDOWS VIOM
MANAGEMENT SERVER and AGENTS.
--------------------------------------------------------------------------------------------------------------------------------------------------
RESOLUTION:
Fixed the affected endpoint.
* 4157881 (Tracking ID: 4157880)
SYMPTOM:
Failed to configure GCO and Firedrill on Windows VCS cluster.
DESCRIPTION:
Failed to configure GCO and Firedrill on Windows VCS cluster due to blank clusterUUID.
RESOLUTION:
Modified and updated clusterUUID in case got blank from haclus command.
* 4157887 (Tracking ID: 4157886)
SYMPTOM:
N/A
DESCRIPTION:
Azure and IBM IDP can be used for SSO in VIOM.
RESOLUTION:
N/A
Patch ID: vom-HF0802400
* 4143304 (Tracking ID: 4143302)
SYMPTOM:
At present ownership of /opt/VRTSsfmcs/webgui/tomcat/ dir is root:root.
DESCRIPTION:
Changing the ownership of /opt/VRTSsfmcs/webgui/tomcat/ dir to tomcat:tomcat. Along with this, we are changing the permissions of below files.
/opt/VRTSsfmcs/webgui/tomcat/conf/context.xml 600
/opt/VRTSsfmcs/webgui/tomcat/conf/catalina.properties 600
/opt/VRTSsfmcs/webgui/tomcat/conf/catalina.policy 600
/opt/VRTSsfmcs/webgui/tomcat/webapps 750
/opt/VRTSsfmcs/webgui/tomcat/bin 750
RESOLUTION:
Changing ownership and permissions of dirs and files.
* 4152236 (Tracking ID: 4152233)
SYMPTOM:
N/A
DESCRIPTION:
The secure file system feature is enhanced to identify the underlying application(Oracle) and then secure the file system accordingly. In the earlier version, SecureFS feature was available only for General Applications. When you install the 8.0.2.400 patch and InfoScale 8.0.2 Update2, you can configure immutable checkpoint on a file system that is mounted on a InfoScale volume. Immutable checkpoints are supported only on VxFS. Hence all directories including the sub directories should be VxFS mountpoints. The feature supports General Applications, Oracle19C, and Oracle21C. Compliance(WORM) and Enterprise(SoftWORM) can be configured for all the listed applications.
For more details, check technote https://www.veritas.com/support/en_US/doc/viom_technote_8.0.2.400
RESOLUTION:
N/A
* 4152380 (Tracking ID: 4152379)
SYMPTOM:
Third party component vulnerability reported.
DESCRIPTION:
Following third party component has been upgraded:
--------------------------------------------------------------------------------------------------------------------------------------------------
Component Name Upgraded Version(8.0.2.400) CVE FIXED COMMENTS
--------------------------------------------------------------------------------------------------------------------------------------------------
PostgreSQL 14.10 CVE-2023-5869 (BDSA-2023-3047) APPLICABLE FOR VIOM
Database CVE-2023-39417 (BDSA-2023-2076) MANAGEMENT SERVER ONLY.
Server CVE-2023-2454 (BDSA-2023-1119)
CVE-2023-2455 (BDSA-2023-1117)
CVE-2023-5870 (BDSA-2023-3043)
CVE-2023-5868 (BDSA-2023-3045)
Spring 5.8.7 APPLICABLE FOR VIOM
Security MANAGEMENT SERVER ONLY.
Java 11.0.21.9.1 APPLICABLE FOR VIOM
MANAGEMENT SERVER ONLY.
Apache Tomcat 9.0.85 APPLICABLE FOR VIOM
MANAGEMENT SERVER ONLY.
Jackson 2.16.0 APPLICABLE FOR VIOM
Databind MANAGEMENT SERVER ONLY.
JSON-Java 20231013
Apache 4.0.0 APPLICABLE FOR VIOM
Santurio MANAGEMENT SERVER ONLY.
Batik XML 1.17 APPLICABLE FOR VIOM
Utility MANAGEMENT SERVER ONLY.
Library
--------------------------------------------------------------------------------------------------------------------------------------------------
RESOLUTION:
Fixed the affected endpoint.
* 4152397 (Tracking ID: 4152396)
SYMPTOM:
N/A
DESCRIPTION:
A new fault 'Cluster is down. Administrative action is required.' of type error is implemented for VCS remote cluster. VIOM is now reporting the remote cluster status as faulted. For more details, check technote https://www.veritas.com/support/en_US/doc/viom_technote_8.0.2.400
RESOLUTION:
N/A
* 4152412 (Tracking ID: 4152411)
SYMPTOM:
N/A
DESCRIPTION:
This fault will get raised on the RVG consisting of such SRL and data volume and it will propagate to the respective host. Fault message is 'SRL and data volumes are on the same disk'. For more details, check technote https://www.veritas.com/support/en_US/doc/viom_technote_8.0.2.400
RESOLUTION:
N/A
* 4152418 (Tracking ID: 4152417)
SYMPTOM:
VIOM dcli plugin tool was not able to copy plugins and deploy script to target MHs.
DESCRIPTION:
VIOM is now blocking the upload of any files on CMS & MH to avoid malicious uploads unless we are explicitly allowing a specific file to upload in code.
RESOLUTION:
Added dcli plugin files and deploy script to allowed list so now it can be uploaded and copied from CMS to targeted MHs.
* 4152915 (Tracking ID: 4152914)
SYMPTOM:
Log rotation for agentlet is not working and agentlet log files are increasing above 1 MB.
DESCRIPTION:
Log rotation for agentlet is not working and agentlet log files are increasing above 1 MB.
RESOLUTION:
Fixed the perl module for log rotation and locking.
* 4153317 (Tracking ID: 4153315)
SYMPTOM:
You may see that host discovery is not working and not seeing updated information in GUI including version.
DESCRIPTION:
If VIOM Management Server or Managed Hosts are running on AWS then VIOM could fail to detect the cloud vendor as well as Host discovery may not work.
Recently, AWS has changed the way of collecting Meta data.
RESOLUTION:
Fixed the Meta data discovery issue by using new method.
Patch ID: vom-HF0802320
* 4143301 (Tracking ID: 4143298)
SYMPTOM:
Third party component vulnerability reported.
DESCRIPTION:
Following third party component has been upgraded:
---------------------------------------------------------------------------------------------------------------------------------------------------------
Component Name Upgraded Version(8.0.2.310) CVE FIXED COMMENTS
---------------------------------------------------------------------------------------------------------------------------------------------------------
Apache Santuario 4.0.0 CVE-2023-44483 (BDSA-2023-2874) APPLICABLE FOR VIOM MANAGEMENT SERVER ONLY
(Java)
jackson-databind 2.16.0 CVE-2023-35116(BDSA-2023-1491) APPLICABLE FOR VIOM MANAGEMENT SERVER ONLY
JSON-java 20231013 CVE-2023-5072 (BDSA-2023-2760) APPLICABLE FOR VIOM MANAGEMENT SERVER ONLY
Apache Tomcat 9.0.83 BDSA-2023-3298 (CVE-2023-46589) APPLICABLE FOR VIOM MANAGEMENT SERVER ONLY
---------------------------------------------------------------------------------------------------------------------------------------------------------
RESOLUTION:
Fixed the affected endpoint.
* 4143304 (Tracking ID: 4143302)
SYMPTOM:
At present ownership of /opt/VRTSsfmcs/webgui/tomcat/ dir is root:root.
DESCRIPTION:
Changing the ownership of /opt/VRTSsfmcs/webgui/tomcat/ dir to tomcat:tomcat. Along with this, we are changing the permissions of below files.
/opt/VRTSsfmcs/webgui/tomcat/conf/context.xml 600
/opt/VRTSsfmcs/webgui/tomcat/conf/catalina.properties 600
/opt/VRTSsfmcs/webgui/tomcat/conf/catalina.policy 600
/opt/VRTSsfmcs/webgui/tomcat/webapps 750
/opt/VRTSsfmcs/webgui/tomcat/bin 750
RESOLUTION:
Changing ownership and permissions of dirs and files.
Patch ID: vom-HF0802310
* 4137424 (Tracking ID: 4137422)
SYMPTOM:
Third party component vulnerability reported.
DESCRIPTION:
Following third party component has been upgraded:
--------------------------------------------------------------------------------------------------------------------------------------------------
Component Name Upgraded Version(8.0.2.310) CVE FIXED COMMENTS
--------------------------------------------------------------------------------------------------------------------------------------------------
Apache tomcat 9.0.82 CVE-2023-45648 (BDSA-2023-2726), APPLICABLE FOR VIOM MANAGEMENT SERVER ONLY.
CVE-2023-42794 (BDSA-2023-2728),
CVE-2023-44487 (BDSA-2023-2732),
CVE-2023-42795 (BDSA-2023-2736),
CVE-2023-41080 (BDSA-2023-2250).
Spring Security 5.8.7 BDSA-2023-2481. APPLICABLE FOR VIOM MANAGEMENT SERVER ONLY.
Batik XML utility library 1.17 CVE-2022-44729 (BDSA-2023-2562), APPLICABLE FOR VIOM MANAGEMENT SERVER ONLY.
CVE-2022-44730 (BDSA-2023-2563).
PostgreSQL Database Server 14.7 CVE-2023-2455 (BDSA-2023-1117), APPLICABLE FOR VIOM MANAGEMENT SERVER ONLY.
CVE-2023-39417 (BDSA-2023-2076),
CVE-2023-2454 (BDSA-2023-1119).
--------------------------------------------------------------------------------------------------------------------------------------------------
RESOLUTION:
Fixed the affected endpoint.
Patch ID: vom-HF0802300
* 4136201 (Tracking ID: 4136200)
SYMPTOM:
Using VIOM Management Server versions mentioned below, you may see that Replication does not perform automatic synchronization and may cause data corruption on the VVR secondary.
Affected versions 8.0.2 GA, 8.0.2.100, 8.0.2.110, 8.0.2.200
DESCRIPTION:
While configuring VVR on already existing volumes and file systems which have application data, there is a possibility of data corruption on VVR secondary. Replication does not perform automatic synchronization and hence causes data corruption on VVR secondary.
This is observed on Veritas InfoScale Operations Manager version 8.0.2 and subsequent patches mentioned above.
RESOLUTION:
Apply minimum VIOM patch 8.0.2.300 level to resume VVR configuring using the VIOM Management Server console.
Patch ID: vom-HF0802200
* 4134499 (Tracking ID: 4134498)
SYMPTOM:
In version 8.0.2 GA to version 8.0.2.110, VVR with VCS configuration does not work.
DESCRIPTION:
Added VVR VCS configuration in version 8.0.2.200. User can select VCS configuration checkbox in VVR configuration wizard.
RESOLUTION:
Added VVR VCS configuration in version 8.0.2.200.
* 4134503 (Tracking ID: 4134502)
SYMPTOM:
N/A
DESCRIPTION:
To protect against brute force attack, after every three consecutive unsuccessful
log on attempts the Management Server console disables further attempts for the
next five minutes. During this period when you enter the user credentials, the
following warning message is displayed.
You have reached the maximum login attempts, please wait for some time.
RESOLUTION:
N/A
* 4134521 (Tracking ID: 4134520)
SYMPTOM:
N/A
DESCRIPTION:
Using VIOM 8.0.2.200 and later versions, user can create encrypted Volume on InfoScale Windows platform. Make sure Windows Agents also have VIOM version 8.0.2.200 or later.
While creating new Volume using VIOM, in volume create wizard, select checkbox 'Enable Encryption' to enable encryption while creating volume on Windows hosts. This option is enabled only if KMS is configured on the host.
RESOLUTION:
N/A
* 4134524 (Tracking ID: 4134523)
SYMPTOM:
N/A
DESCRIPTION:
Before you upgrade or reinstall one or more InfoScale servers, you can take a backup of the configuration files using the Veritas InfoScale Operations Manager Management Server console.
For more details, check technote https://www.veritas.com/support/en_US/doc/viom_technote_8.0.2.200
RESOLUTION:
N/A
* 4134530 (Tracking ID: 4134529)
SYMPTOM:
Third party component vulnerability reported.
DESCRIPTION:
Following third party component has been upgraded:
--------------------------------------------------------------------------------------------------------------------------------------------------
Component Name Upgraded Version(8.0.2.200) CVE FIXED COMMENTS
--------------------------------------------------------------------------------------------------------------------------------------------------
PostgreSQL 14.7 CVE-2023-2455 (BDSA-2023-1117), APPLICABLE FOR VIOM
Database CVE-2022-41862 (BDSA-2023-0215), MANAGEMENT SERVER ONLY.
Server CVE-2023-2454 (BDSA-2023-1119)
Spring 5.3.29 CVE-2016-1000027, APPLICABLE FOR VIOM
Framework CVE-2023-20863 (BDSA-2023-0847) MANAGEMENT SERVER ONLY.
Spring 5.8.6 CVE-2023-20862 (BDSA-2023-0873), APPLICABLE FOR VIOM
Security BDSA-2023-1821 (CVE-2023-34035), MANAGEMENT SERVER ONLY.
BDSA-2023-1825
Java 11.20.9.1 APPLICABLE FOR VIOM
MANAGEMENT SERVER ONLY.
Apache Tomcat 9.0.78 APPLICABLE FOR VIOM
MANAGEMENT SERVER ONLY.
Jackson 2.15.2 CVE-2023-35116 (BDSA-2023-1491) APPLICABLE FOR VIOM
Databind MANAGEMENT SERVER ONLY.
OpenSSL 1.0.2.zg CVE-2022-2068 (BDSA-2022-1716), APPLICABLE FOR VIOM
CVE-2022-1292 (BDSA-2022-1242), MANAGEMENT SERVER and VIOM Agents on Windows Platforms.
CVE-2023-0215 (BDSA-2023-0232),
CVE-2023-0464 (BDSA-2023-0610),
CVE-2022-0778 (BDSA-2022-0709),
CVE-2021-23840 (BDSA-2021-0391),
CVE-2021-3712 (BDSA-2021-2579),
CVE-2023-2650 (BDSA-2023-1337),
CVE-2021-4160 (BDSA-2022-0284),
CVE-2021-23841 (BDSA-2021-0390),
CVE-2023-3817 (BDSA-2023-1972),
CVE-2021-23839 (BDSA-2021-0399),
CVE-2023-0286,
CVE-2023-0466,
BDSA-2023-1866,
CVE-2023-0465,
CVE-2022-4304,
CVE-2020-1971
--------------------------------------------------------------------------------------------------------------------------------------------------
RESOLUTION:
Fixed the affected endpoint.
Patch ID: vom-HF0802110
* 4131151 (Tracking ID: 4131150)
SYMPTOM:
Third party component vulnerability reported.
DESCRIPTION:
Following third party component has been upgraded:
--------------------------------------------------------------------------------------------------------------------------------------------------
Component Name Upgraded Version(8.0.2.110) CVE FIXED COMMENTS
--------------------------------------------------------------------------------------------------------------------------------------------------
PostgreSQL 14.7 CVE-2023-2455 (BDSA-2023-1117), APPLICABLE FOR VIOM
Database CVE-2022-41862 (BDSA-2023-0215), MANAGEMENT SERVER ONLY.
Server CVE-2023-2454 (BDSA-2023-1119)
Spring 5.3.29 CVE-2016-1000027, APPLICABLE FOR VIOM
Framework CVE-2023-20863 (BDSA-2023-0847) MANAGEMENT SERVER ONLY.
Spring 5.8.5 CVE-2023-20862 (BDSA-2023-0873), APPLICABLE FOR VIOM
Security BDSA-2023-1821 (CVE-2023-34035), MANAGEMENT SERVER ONLY.
BDSA-2023-1825
Java 11.20.8.1 APPLICABLE FOR VIOM
MANAGEMENT SERVER ONLY.
Apache Tomcat 9.0.76 APPLICABLE FOR VIOM
MANAGEMENT SERVER ONLY.
--------------------------------------------------------------------------------------------------------------------------------------------------
RESOLUTION:
Fixed the affected endpoint.
Patch ID: vom-HF0802100
* 4125903 (Tracking ID: 4125897)
SYMPTOM:
RVG "Links" tab does not show VVR link
DESCRIPTION:
In a VCS clustered configuration, VVR link may not be visible on Secondary RVG.
RESOLUTION:
Fixed the SQL query to show the VVR link
* 4125920 (Tracking ID: 4125916)
SYMPTOM:
Storage Migration plan does not get executed. You may see some errors on push_file.log on targeted VIOM Agent.
DESCRIPTION:
Storage Migration plan may not be started to run.
RESOLUTION:
Fixed the execution task.
* 4125924 (Tracking ID: 4125922)
SYMPTOM:
Registered policy signature scan may not work properly.
DESCRIPTION:
Registered policy signature fails to detect any violations as they do not get executed. You may see some errors in push_file.log on the VIOM Agent.
RESOLUTION:
Allow the policy signatures to run on agents.
* 4125928 (Tracking ID: 4125926)
SYMPTOM:
You may experience some GUI related issues like page refresh, page data is not being loaded.
DESCRIPTION:
In this patch, we have fixed below GUI related issues.
- Some minor GUI fixes under Availability Perspective
- Some minor GUI fixes under Server Perspective
- GUI fixes for SmartIO feature
- In Recovery plan when click on move up/down button, it skips 2 rows and some other minor GUI fixes
- Minor GUI fixes for SecureFS functionality
RESOLUTION:
Fixed the GUI framework.
* 4126011 (Tracking ID: 4126009)
SYMPTOM:
Third party component vulnerability reported.
DESCRIPTION:
Following third party component has been upgraded:
--------------------------------------------------------------------------------------------------------------------------------------------------
Component Name Upgraded Version(8.0.2.100) CVE FIXED COMMENTS
--------------------------------------------------------------------------------------------------------------------------------------------------
Apache Tomcat 9.0.76 BDSA-2023-0357 APPLICABLE FOR VIOM
CVE-2023-28709 (BDSA-2023-1242) MANAGEMENT SERVER ONLY.
Java 11.0.19.7.1 APPLICABLE FOR VIOM
MANAGEMENT SERVER ONLY.
JSON-java 20230618 CVE-2022-45688 (BDSA-2022-4165) APPLICABLE FOR VIOM
MANAGEMENT SERVER ONLY.
--------------------------------------------------------------------------------------------------------------------------------------------------
RESOLUTION:
Fixed the affected endpoint.
* 4126016 (Tracking ID: 4126015)
SYMPTOM:
Cloud name and other cloud attributes value may show empty for MHs in AWS under server perspective.
DESCRIPTION:
Cloud name and other cloud attributes value may show empty for MHs in AWS under server perspective.
RESOLUTION:
Fixed the AWS cloud detection for AWS EC2 instance.
INSTALLING THE PATCH
--------------------
IMPORTANT NOTE : Please take a backup of the database using the instructions given in the Admin guide before installing this patch.
This Patch is applicable for VIOM 8.0.2 Management Server and Managed Hosts both.
1. Download the file vom-8.0.2.540.sfa
2. Launch a browser and login to the VIOM management server.
3. Navigate to Settings -> Deployment Icon.
4. Upload the patch to the VIOM CMS using the Upload Solutions button.
The patch vom-8.0.2.540 should be visible in the Hot Fixes tree node.
5. Install this patch on Management Server using the following instructions:
- Go to Settings -> Deployment --> Hot Fixes -> Veritas Infoscale Operations Manager Managed Host.
- Click on Hot Fixes Tab. Click on Applicable Hosts Tab.
- Right click on Management Server Name and click on Install
6. After the patch is installed successfully on Management Server, you can follow the same steps to install patch on applicable Managed Hosts.
REMOVING THE PATCH
------------------
NONE
SPECIAL INSTRUCTIONS
--------------------
Known issue
Etrack 4187681 - Blank wizard seen when try to add/remove/refresh hosts from VIOM Management Server UI.
Resolution -
On Linux Management Server -
Open "/opt/VRTSsfmcs/webgui/tomcat/conf/catalina.properties" config file and add below line at the bottom of the file.
org.apache.catalina.connector.RECYCLE_FACADES=false
Restart VIOM Web Service
/opt/VRTSsfmcs/bin/vomsc --restart web
On Windows Management Server -
Open C:\Program Files\Veritas\VRTSsfmcs\webgui\tomcat\conf\catalina.properties" config file and add below line at the bottom of the file.
org.apache.catalina.connector.RECYCLE_FACADES=false
Restart VIOM Web Service
"C:\Program Files\Veritas\VRTSsfmcs\bin\vomsc.bat" --restart web
OTHERS
------
NONE
Applies to the following product releases
Update files
|
|
File name | Description | Version | Platform | Size |
|---|
Knowledge base
1
Multiple vulnerabilities detected in Veritas Operations Manager (VIOM) 8.0.2.520: CVE-2024-52316, CVE-2024-52317, CVE-2024-52318
2025-01-03Problem Multiple vulnerabilities detected in Veritas Operations Manager (VIOM) 8.0.2.520: CVE-2024-52316, CVE-2024-52317, CVE-2024-52318 Error Message No error is seen. However, security scanning software highlights vulnerabilities. Cause VIOM 8....
0
Multiple vulnerabilities detected in VIOM 8.0.2.500 - CVE-2024-21208, CVE-2024-21210, CVE-2024-21217, CVE-2024-21235
2024-11-27Problem Multiple vulnerabilities detected in Veritas Operations Manager (VIOM) 8.0.2.500 - CVE-2024-21208, CVE-2024-21210, CVE-2024-21217, CVE-2024-21235 Error Message No error, as such, seen. However, security scanning software highlights vulner...