Change report Grolar

From SEPsesam
Jump to: navigation, search

Fixed Vulnerability: Paramiko vulnerability (CVE-2018-1000805)

SEP sesam uses Paramiko for the SM_SSH access mode. Paramiko contains an incorrect access control vulnerability in SSH server that can result in Remote Code Execution (RCE).
Paramiko versions 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6. contain an incorrect access control vulnerability in SSH server that can result in RCE. This attack appears to be exploitable via network connectivity. The vendor has confirmed the vulnerability and fixed the security flaw. This issue is listed as CVE-2018-1000805 in the MITRE CVE dictionary and in the NIST NVD.


  • BUGFIX: (#24586) Problem: GUI package on Windows 32 Bit system fails due to Java 64 Bit check. Solution: On a Windows 32 Bit system Java 32 Bit is now accepted.


  • BUGFIX: (#24158) RHEV task type isn't shown by client source browser any more.
  • BUGFIX: (#24384) Changing the saveset EOL of the source of a migrated saveset doesn't work right. Problem: When changing the saveset-EOL of the migrated saveset, the saveset-EOL of the original saveset will also be changed.


  • BUGFIX: (#24388) Micro Focus restore of a migrated DIFF backup could fail with 'System detected error, operation aborted'.


  • BUGFIX: (#24443) Restore fails if no data from first tape is read.
  • BUGFIX: (#24434) Positioning the tape takes too long - restore timed out after 1 hour.
  • BUGFIX: (#19267) XEN: restore does not work if original VM exists and is renamed
  • BUGFIX: (#19889) Backup of Citrix XEN can fail, but is reported as successful.
  • BUGFIX: (#24580) CBT restore of Citrix XEN host gets stuck in queue when stream limit is set to 1
  • BUGFIX: (#23416) Selective Restore from migrated NDMP saveset failed with 'Cannot find matching LIS line for item'.
  • BUGFIX: (#24367) The BSR PRO backup-log is partially decoded incorrectly. Problem: Since version 3.3.185 (12.3.185) the output is not longer UTF16 encoded.

Fixed Vulnerability: Paramiko authentication bypass in the SSH Server (CVE-2018-7750)

SEP sesam uses the SSH implementation Paramiko for the SM_SSH access mode. A vulnerability in Paramiko could allow unauthorized access to SEP sesam.
Cause in the SSH server implementation of Paramiko does not properly check whether authentication is completed before processing other requests. By using a customized SSH client, an attacker can skip the authentication step and gain unauthorized access to resources on the SEP sesam system. The vendor has confirmed the vulnerability and fixed the security flaw in Paramiko. This issue is listed as CVE-2018-7750 in the MITRE CVE dictionary and in the NIST NVD.


  • BUGFIX: (#24265) NetApp NDMP restore to volume different than backup Note 1
  • BUGFIX: (#24251) GUI uses wrong backup source for RHV Note 1
  • BUGFIX: (#24158) RHV task type not shown by client source browser Note 1
  • BUGFIX: (#24245) Special character '&' in backup source or password field is saved as '=' Note 1
  • CHANGE: (#24225) Allow mount options for Hyper-V FULL Note 1
  • BUGFIX: (#24205) Browsing folders with umlaut characters not possible Note 1
  • BUGFIX: (#24197) After update, master server GUI does not start Note 1
  • BUGFIX: (#24156) The task dialog takes up to 10 seconds to open Note 1
Note 1

Fixed with sm_ui.jar.


  • BUGFIX: (#24166) Program execution may get stuck with SEP sesam ONE. Problem: The overall resource limit was not set properly. Note 2
  • BUGFIX: (#24201) Media read check starts two jobs. Note 3
  • BUGFIX: (#24174) Migration does not find any savesets, if the number of copies value is set. Select statement for PostgreSQL does not work for NULL values in 'DB:results.saveset_exist' column. Note 4
Note 2

Fixed with sm_config_drives. Download the required Linux or Windows version.

Note 3

Fixed with sm_sepul_event_sm_arch. Download the required Linux or Windows version.

Note 4

Fixed with sm_copy. Download the required Linux or Windows version.

Citrix XenServer

  • BUGFIX: (#24257) Citrix XenServer does not handle correctly the master/slave configuration Note 5
  • BUGFIX: (#24214) FULL backup of XenServer 7.1 CU1 throws unhandled exception while enabling NBD on network interfaces Note 5
  • BUGFIX: (#24275) Copy backup fails with "TypeError: 'int' object is not iterable" Note 5
  • BUGFIX: (#24216) Incremental backup fails with VDI_IN_USE Note 5
  • BUGFIX: (#24194) XenServer restore renames the original VM and does not recover the imported template Note 5
  • BUGFIX: (#24185) Citrix XenServer restore in v. Grolar does not find imported template if backup was done in SEP sesam v. Tigon or earlier Note 5


  • NEW: sbc_one: allow restore of NFS based VM volumes Note 5
  • BUGFIX: (#24299) If VM has context options set then restore fails with 'Error initiating VM creation' Note 5
  • NEW: (#24301) OpenNebula: Search for virtual disk saveset, like for vSphere or KVM Note 6
  • BUGFIX: Citrix Xen restore: Check for running main task correctly and do not try to get a queue resource Note 6
  • BUGFIX: (#24247) sm_sshd could not execute commands including Unicode characters. Problem: High ASCII characters are encoded to current locale. If charset does not provide similar character then it is substituted with '?'. Note 6
  • BUGFIX: (#24180) No BSR backup is available for restore in BSR quick start if at least one BSR backup of a group has failed. Problem: The session must not be checked for Windows BSR Pro. Note 6
Note 5

Fixed with sbc_proxy. Download the required Linux or Windows version.

Note 6

Fixed with sm_sbc_com. Download the required Linux or Windows version.


  • BUGFIX: (#23982) Restore of a file with alternate data streams fails to restore the file content (here: ADS stream, Finder tags)
  • BUGFIX: (#19582) Incremental backup of MSSQL DB stuck sporadically. Problem: The SQL command CHECKPOINT is truncated.
  • BUGFIX: (#23887) Restore of files 'C:\Windows\System32\LogFiles\Sum\' in Windows 10 or Windows Server 2016 failed due to UTF-8 conversion


  • BUGFIX: (#24124) Java NullPointerException (NPE) when starting Immediate Command Event. Problem: Server connection is not initialized, when set start time.


  • BUGFIX: (#23998) sm_update_client shows wrong SEP sesam Server version info directly after SEP sesam Server update.


  • BUGFIX: (#23780) Update of SEP sesam Server is successful, but the MSI Installer crashes.


  • BUGFIX: (#24131) DB update fails, because of invalid entries in DB:result_lbls. Problem: The customer had very old (2011) invalid label entries with "Woche00" which could not be treated as pool + label with 5 digits!