Skip to main content
commvault.com commvault.com
Question

Linux commvault client libcurl.so version needs updated

  • August 28, 2024
  • 4 replies
  • 754 views
B
Byte
Forum|alt.badge.img+10

Hello 

We are on Commvault 11.28.122 and our security team notified me that we have a few vulnerabilities on our linux redhat clients.  Its a medium vulnerability but this client requires us to address medium vulnerabilities.

plugin Output: 
  Path              : /opt/commvault/Base64/libcurl.so
  Installed version : 8.4.0
  Fixed version     : 8.9.1

My questions - 

Would this possibly be addressed in a “maintenance release” ?  or

Would we need to upgrade from 11.28.x to say like 11.32.x or 11.36.x to correct this?  I mean how and were can see what versions of libcurl is included in a maintenace fix or version?   Or do I need to just spin open a ticket with Support..

https://www.tenable.com/plugins/nessus/205024

 

Thanks for looking at my post and appreciate any feed back!

Thanks

BC

 

    4 replies

    J
    Vaulter

    Hi,
    This is being worked now for 11.28 as well. There is no target Maintenance Release set yet, but for can use form ID 6283 to check the progress with your account representative.

    B
    Erase4ndReuseMedia
    2 people like this
    • B
      bc1410
    • Erase4ndReuseMedia
      Erase4ndReuseMedia
    B
    Byte
    Forum|alt.badge.img+10
    • bc1410
    • Author
    • Byte
    • 77 replies
    • August 29, 2024

    Thanks @Jacek Piechucki  for the information.  Much appreciated!

     

    BC

    Ralph
    Vaulter
    Forum|alt.badge.img+8
    • RalphVaulter
    • Vaulter
    • 53 replies
    • September 11, 2024

    @bc1410 Have you seen this:
    https://documentation.commvault.com/securityadvisories/CV_2024_08_2.html  

    B
    Byte
    Forum|alt.badge.img+10
    • bc1410
    • Author
    • Byte
    • 77 replies
    • September 11, 2024

    Thank you @Ralph 

     

     

    Commvault products do not use any of these modules and are not affected by this vulnerability.

     

    Impacted Products

    This vulnerability does not affect Commvault products.

    Resolution

     

    Commvault uses openSSL which is not affected by this vulnerability.

    Reply


    Most helpful members this week

    Terms & ConditionsCookie settings

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings