Monitoring and reporting for Veeam Backup & Replication, VMware vSphere and Microsoft Hyper-V
Post Reply
wishr
Veeam Software
Posts: 1697
Liked: 187 times
Joined: Aug 07, 2018 3:11 pm
Full Name: Fedor Maslov
Contact:

Hotfixes for RCE vulnerabilities (KB3144)

Post by wishr » 1 person likes this post

Hello everyone,

Please be aware of this KB3144 containing hotfixes for two critical remote code execution (RCE) vulnerabilities. This affects Veeam ONE deployments running versions 10, 9.5 Update 4a and 9.5 Update 4.

It is highly recommended to apply these hotfixes. If you are planning to deploy a new instance of Veeam ONE, please do it using ISO images downloaded after 04.15.2020. All ISOs for Veeam ONE 10, Veeam ONE 9.5 U4a and Veeam Availability Suite 10 have been updated at veeam.com.

Thanks and let me know if you have any questions.

wishr
Veeam Software
Posts: 1697
Liked: 187 times
Joined: Aug 07, 2018 3:11 pm
Full Name: Fedor Maslov
Contact:

Re: Veeam ONE: mandatory hotfixes

Post by wishr » 1 person likes this post

Important!

We've found a connectivity issue between Veeam ONE Agent and Veeam ONE Monitor Client in the updated 9.5 Update 4a ISO package and there are two options to get it resolved:

If you have already installed from the updated ISO:
- Apply the corresponding hotfix from the KB3144

If you have already downloaded the new ISO but not yet installed from it:
- Simply re-download it. We've already published a fixed version.

File name of the new ISO: "VeeamONE_9.5.4.4587.Update4a_20200416.iso"
File name of the old ISO: "VeeamONE_9.5.4.4587.Update4a_20200415.iso

In case of any difficulties, please contact our technical support team.

Thanks!

RolfMueller
Lurker
Posts: 1
Liked: never
Joined: Jul 27, 2016 8:23 am
Full Name: Rolf Mueller
Contact:

Re: Veeam ONE: mandatory hotfixes

Post by RolfMueller »

Installed the hotfix KB3144 for Veeam One 10, but getting after the installation only Version 10.0.0.750, not Version 10.0.1.750 as described in the text.
Also the ZIP-File is named VeeamONE_10.0.0.750_KB3144.zip.
Now what is wrong?

Thanks!

wishr
Veeam Software
Posts: 1697
Liked: 187 times
Joined: Aug 07, 2018 3:11 pm
Full Name: Fedor Maslov
Contact:

Re: Veeam ONE: mandatory hotfixes

Post by wishr » 1 person likes this post

Hi Rolf,

I don't see any discrepancy here.

The version of Veeam ONE itself won't change after the update, but the Veeam ONE Agent version should become 10.0.1.750:
Image

Yes, both patches have the KB postfix in the file name. This is correct.

Thanks

KristyGarrison
Lurker
Posts: 1
Liked: never
Joined: Dec 26, 2019 7:42 pm
Full Name: Kristy Garrison
Contact:

Re: Veeam ONE: mandatory hotfixes

Post by KristyGarrison »

To be clear, version 9.5 u4b is NOT affected?

wishr
Veeam Software
Posts: 1697
Liked: 187 times
Joined: Aug 07, 2018 3:11 pm
Full Name: Fedor Maslov
Contact:

Re: Veeam ONE: mandatory hotfixes

Post by wishr » 1 person likes this post

Hi Kristy,

Veeam ONE v9.5 Update 4b does not exist. The latest Veeam ONE version released before v10 is v9.5 Update 4a.

Only VBR has version 9.5 u4b. And you don't need to update VBR Server.

Thanks

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests