After Upgrade to Veeam Backup & Replication 12.1, Backup of Linux VM Fails With: "Failed to check fingerprint"

Challenge After upgrading to Veeam Backup & Replication 12.1, Backup jobs for Linux VMs that operated successfully before the upgrade now fail with: Unable to connect to guest OS for guess process. Failed to check fingerprint. Cause During the upgrade to Veeam Backup & Replication 12.1, the forma...

Vulnerability Scanner Detection Related to CVE-2023-38545

Veeam Backup & Replication 12.1.2 Release - Article Update With the release of Veeam Backup & Replication 12.1.2, the VDDK libraries, which contained the libcurl library, are no longer included with the Veeam Transport package. After upgrading, the Veeam Transport Package on remote components wil...

Design/Logic Flaw

A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would...

CVE-2023-5870

Summary (CVE-2023-5870) : PostgreSQL vulnerability where the pg_cancel_backend role can signal background workers (including the autovacuum launcher and logical replication launcher). The underlying issue is that signaling is possible for non-core extensions with less-resilient background workers...

Security Bulletin: A vulnerability in cryptography-3.3.2-cp36-abi3-manylinux2010_x86_64.whl affects Data Replication on Cloud Pak for Data

Summary A vulnerability in cryptography-3.3.2-cp36-abi3-manylinux2010x8664.whl has been addressed. Vulnerability Details CVEID:CVE-2023-0286 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a type confusion error related to X.400 address processing inside an X.509 GeneralName...

Security Bulletin: A vulnerability in github.com/golang/text/language-v0.3.0 affects Data Replication on Cloud Pak for Data

Summary A vulnerability in the package github.com/golang/text/language-v0.3.0 has been addressed. Vulnerability Details CVEID:CVE-2022-32149 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by improper input validation by the golang.org/x/text/language package. By sending a...

postgresql: Role pg_signal_backend can signal certain superuser processes.

A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would...

How to Configure Advanced Syslog Integration Options

Purpose This article documents advanced configuration options for syslog integration with Veeam Backup & Replication, a new feature starting in version 12.1. Solution The following advanced configuration options are available: Add BOM Before MSG Field Add the Unicode byte order mask BOM before th...

Release Information for Veeam Backup & Replication 12.1 and Updates

This update was superseded by Veeam Backup & Replication 12.3. Release Information 12.1.2.172 2024-05-21 Security Vulnerabilities Indicated severity values are CVSS 3.1 scores. Veeam Backup Enterprise Manager VBEM CVE-2024-29849 | Severity: Critical 9.8 This vulnerability in VBEM allows an...

postgresql: Role pg_signal_backend can signal certain superuser processes.

A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would...

MGASA-2023-0327 Updated mariadb packages fix a security vulnerability

Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. Additonally a whole bunch of fixes to InnoDB, Replication, Optimizer, Galera, Spider, Backup,... have been applied. See the official release not...

Updated mariadb packages fix a security vulnerability

Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. Additonally a whole bunch of fixes to InnoDB, Replication, Optimizer, Galera, Spider, Backup,... have been applied. See the official release not...

Fedora: Security Advisory for galera (FEDORA-2023-7fe02ec473)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: galera-26.4.16-1.fc37

Galera is a fast synchronous multimaster wsrep provider replication engine for transactional databases and similar applications. For more information about wsrep API see https://github.com/codership/wsrep-API repository. For a description of Galera replication engine see...

[SECURITY] Fedora 38 Update: galera-26.4.16-1.fc38

Galera is a fast synchronous multimaster wsrep provider replication engine for transactional databases and similar applications. For more information about wsrep API see https://github.com/codership/wsrep-API repository. For a description of Galera replication engine see...

[SECURITY] Fedora 39 Update: galera-26.4.16-1.fc39

Galera is a fast synchronous multimaster wsrep provider replication engine for transactional databases and similar applications. For more information about wsrep API see https://github.com/codership/wsrep-API repository. For a description of Galera replication engine see...

CVE-2023-5870

A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would...

The vulnerability of the replication function of Docker, a tool for automating the deployment and management of applications in containerized environments, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the replication function of Docker’s containerization and application deployment/management tools is related to improper storage of permissions. Exploiting this vulnerability can allow attackers to access confidential data, compromise its integrity, and cause service failures...

postgresql-server -- Role pg_cancel_backend can signal certain superuser processes

PostgreSQL Project reports: Documentation says the pgcancelbackend role cannot signal "a backend owned by a superuser". On the contrary, it can signal background workers, including the logical replication launcher. It can signal autovacuum workers and the autovacuum launcher. Signaling autovacuum...

Security Bulletin: Data Replication on Cloud Pak for Data vulnerabile to Apache James MIME4J vulnerability

Summary A vulnerability in Apache James MIME4J is addressed. Vulnerability Details CVEID:CVE-2022-45787 DESCRIPTION: Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information, caused by improper laxist permissions on the temporary files. By sending a...