Overview

NetBackup Appliance Maintenance Release 1 Security Patch 2 (henceforth also referred as 5.3.0.1 MR1 SP2) is a package of security fixes for 5.3.0.1 Maintenance Release 1 (5.3.0.1 MR1) and 5.3.0.1 Maintenance Release 1 Security Patch 1 (5.3.0.1 MR1 SP1). It is strongly recommended to install 5.3.0.1 MR1 SP2 on NetBackup Appliance 5.3.0.1 MR1 and 5.3.0.1 MR1 SP1 as quickly as possible to keep the NetBackup Appliances secure and operating efficiently.

Description

NetBackup Appliance 5.3.0.1 MR1 SP2 is a package of security fixes for NetBackup Appliance 5.3.0.1 MR1 and 5.3.0.1 MR1 SP1.

5.3.0.1 MR1 SP2 can be installed only on NetBackup Appliance 5.3.0.1 MR1 and 5.3.0.1 MR1 SP1.

5.3.0.1 MR1 SP2 includes all fixes included in NetBackup Appliance 5.3.0.1 MR1 SP1.

By installing 5.3.0.1 MR1 SP2 on NetBackup Appliance 5.3.0.1 MR1, the appliance is upgraded directly to 5.3.0.1 MR1 SP2 in a single upgrade step, without first upgrading to 5.3.0.1 MR1 SP1.

5.3.0.1 MR1 SP2 includes fix for the critical vulnerability affecting the crewjam/saml Go library. (CVE-2022-41912).

5.3.0.1 MR1 SP2 is supported on NetBackup 5240, 5250, 5340, 5340HA, 5350, 5350HA appliances.

A media server appliance with 5.3.0.1 MR1 SP2 installed is compatible with the primary server running NetBackup 10.3 or later release.

Customers can download 5.3.0.1 MR1 SP2 (VRTS_NBAPP_update-MR1-SP2-5.3.0.1-20240513020202.x86_64.rpm) from the following Veritas Download Center link:  https://www.veritas.com/content/support/en_US/downloads/update.UPD824573

Appliance Management Server (AMS) Support

5.3.0.1 MR1 SP2 installation is supported with AMS 2.2.

Note:

• High Availability (HA) upgrade is not supported via AMS 2.2

NetInsights / System Health Insights (NI/SHI) Support

Upgrade via NetInsights / System Health Insights (NI/SHI) is not supported for 5.3.0.1 MR1 SP2.

Installation Time

Upgrading to 5.3.0.1 MR1 SP2 takes about 50 minutes per node including rebooting.

Pre-Installation steps

For installation on primary server

• Confirm that no backup jobs are scheduled during the upgrade period.
• Deactivate all policies to ensure no backups will target the appliance being upgraded.
• Cancel all active jobs from the NetBackup Java Administration Console or log in to the appliance as a NetBackupCLI user and run the following command: bpdbjobs –cancel
• Disable all reporting and monitoring tools using this server (OpsCenter, Aptare / NetBackup IT Analytics or other 3rd party tool).

For installation on media server

• Deactivate all policies to ensure no backups will target the appliance being upgraded.
• Cancel all active jobs running on the target appliance.
• Disable all Storage Life Cycle Policies that duplicate to/from the appliance on which 5.3.0.1 MR1 SP2 is being installed.

If there are SAN devices connected to the appliance, it is recommended to disable the SAN switch port before starting the upgrade to avoid potential long reboot times.

Installation Instructions

Before installing 5.3.0.1 MR1 SP2, note the following:

• Refer to the following article for installation instructions: https://www.veritas.com/support/en_US/article.100023444
• A reboot occurs automatically after installation.
• Installation requires IPMI connectivity to the appliance.
• If the installation is successful, an email notification is sent (if email notifications are configured) and the following message is broadcasted:

NetBackup Appliance has upgraded successfully!

Additional instructions for installing in a NetBackup Appliance 5340/5350 High Availability (HA) setup

Before installing 5.3.0.1 MR1 SP2 on both nodes, ensure that the two-node HA setup is fully configured. The HA status can be checked by using the following command:

Manage > HighAvailability > Status

If the status of HA services is not as follows, contact Veritas Support for assistance.

For configuring a two-node HA setup, see the Veritas NetBackup Appliance High Availability Reference Guide.

Ensure that 5.3.0.1 MR1 SP2 is installed on a node only if it is offline. Refer to the following article for more information about how a node can be put in offline status:

Switching the services over | Managing NetBackup appliance using the NetBackup Appliance Shell Menu | Veritas NetBackup™ Appliance Administrator's Guide | Veritas™

1. Install 5.3.0.1 MR1 SP2 on the partner node where the virtual IP is offline.
2. Perform a switchover operation as per instructions given in the appliance prompt using the Manage > HighAvailability > Switchover command to bring the Virtual IP online on the node installed with 5.3.0.1 MR1 SP2.
3. After the switchover, install 5.3.0.1 MR1 SP2 on the other node, where the virtual IP is now offline.
4. Test the switchover to the original node to ensure correct functionality.

Post-Installation Instructions

The new installed version can be checked using either of the following commands.

(The expected output of each command is also listed)

Manage > Software > UpgradeStatus

The appliance version is 5.3.0.1 MR 1 SP 2 and not in upgrade state.

Manage > Software > List Version

Appliance Version: 5.3.0.1

NetBackup Version: 10.3.0.1

Build Date: 20240513020202

Maintenance Release Version: 1

Security Patch Version: 2

Appliance > Status

Appliance Model is NetBackup Appliance 5xxx.

Appliance Version is 5.3.0.1 MR 1 SP 2.

Vulnerabilities Fixed

5.3.0.1 MR1 SP2 fixes the following security vulnerabilities: