Zip Slip Hotfix Install Instructions

[NathanNSB]

I'm not sure where to extract the patched files. I have veeam.backup.common.dll under 'C:\Program Files\Veeam' in 10 different paths for instance with slightly different sizes and date stamps on some. Ionic.Zip.dll is in 15 locations. Do I copy over all of them and hope for the best? Is it also just for the server or does the client with a remote console need patched as well?

I've looked at the KB article, https://www.veeam.com/kb2662, and don't see this info unless I'm being completely dense. If I'm missing something obvious just smack me upside the head and point me in the right direction.

[Gostev]

Hello, our support engineers are currently updating the KB article to reflect this. Thanks!

[sfbi]

Hello, our support engineers are currently updating the KB article to reflect this. Thanks!

Hello Gostev,
after 10 days the KB is not yet updated!
I must say that it is in perfect Veeam style
Or is it correct? (skip other folders as C:\Program Files\Veeam\Backup and Replication\OracleExplorer, SharePointExplorer, etc...)

Regards

[Gostev]

Judging on the Last Modified date on the article being the next day after my previous post, they did update it promptly. And yes, the current text seems correct given that:

The only known angle of attack for leveraging these vulnerabilities against Veeam Backup & Replication involves Window and Linux guest file system indexing functionality. As such, you don’t have to install this hotfix unless you have guest file system indexing enabled in any of your Veeam backup jobs.

[sfbi]

Thank you very much Gostev,
I had noticed the update date (the day after this), but I wanted to be sure
Regards