Manualshelf

Release Notes

ManualsBrandsQuantum ManualsStorageQuantum Quantum vmPRO 4000
12345678910
Quantum vmPRO Requirements
Quantum vmPRO Release Notes 3
Security Updates
Like many other companies, Quantum has been effected by POODLE, GHOST, and Samba Vulnerability
bugs as follows:
POODLE Vulnerability
The POODLE vulnerability bug is a moderate vulnerability for applications and systems using Secure
Socket Layer (SSL) 3.0 with cipher-block chaining (CBC) mode ciphers.This vulnerability can expose
sensitive data transmitted during an encrypted web session, such as passwords, cookies, or other
authentication tokens. Attackers can use these tokens to impersonate an authorized user to then gain
complete access to a website. For more information, see https://www.us-cert.gov/ncas/alerts/TA14-290A.
Although vmPRO versions 3.2.1 and earlier include versions of SSL that are vulnerable to POODLE,
attackers would need privileged network access prior to exposing this vulnerability. For enhanced security,
however, vmPRO 3.3 includes the updated OpenSSL version to resolve the POODLE vulnerability bug.
GHOST Vulnerability
The GHOST bug is a vulnerability in the Linux GNU C (glibc) library prior to version 2.18. This vulnerability
allows remote attackers to take control of affected systems by executing remote code calls to the
gethostbyname function. For more information, see https://www.us-cert.gov/ncas/current-
activity/2015/01/27/Linux-Ghost-Remote-Code-Execution-Vulnerability.
vmPRO 3.2.1 and earlier include versions of the Linux glibc library that are vulnerable to GHOST. For
enhanced security, vmPRO 3.3 includes the updated RPM to resolve the glibc vulnerability.
Samba Vulnerability
The Samba daemon (smbd) has an uninitialized pointer that remote attackers can use to send specially
crafted Netlogon packets. These packets allow attackers to execute arbitrary code under the guise of the
user running smbd (by default, the root user). For more information, see https://www.us-
cert.gov/ncas/current-activity/2015/02/24/Samba-Remote-Code-Execution-Vulnerability.
vmPRO 3.2.1 and earlier include versions of Samba that are vulnerable to this remote code execution. For
enhanced security, vmPRO 3.3 includes the updated RPMs to resolve this vulnerability.
Quantum vmPRO Requirements
Before installing your vmPRO appliance, make sure that your environment meets or exceeds the following
system requirements.