Overview
Customers may use different tools in their environments to detect vulnerabilities on different servers in their environments. There can be scenarios where customers detect vulnerabilities on the VMware backup proxy. We can ask them to follow the steps below to fix the issue.
Steps
Perform the following steps to fix the vulnerabilities detected for the VMware backup proxy.
Ensure that your backup proxy is upgraded to the latest version. To upgrade a backup proxy to the latest version, see Upgrade backup proxy.
Run the command on the backup proxy to update the backup proxy with all the latest available patches:
yum update
Update the Ubuntu OS Packages:
Your Linux admin can follow the steps below to update Ubuntu:
Refresh the list of available package updates:
apt update && apt list --upgradableInstall the available updates:
apt-get upgrade -y
This command will install all available package updates. If any vulnerabilities are not patched in the current kernel version, you may need to deploy the latest OVA.
📝 Note
It is recommended to upgrade the backup proxy in your lab environment first and verify that all the proxy functionalities work as expected.
Frequently Asked Questions (FAQ)
Can I install only security and critical patches?
Yes. Your Linux administrator can choose to install only security and critical updates by using Ubuntu's unattended-upgrades utility configured for security-only updates, or by selectively upgrading specific packages using:
apt-get install --only-upgrade <package-name>
The apt-get upgrade -y command referenced in this article installs all available package updates. If more granular control is required, use one of the selective patching methods described above.
Can Druva deploy only selected patches on the backup proxy through Console?
No. The console-based selected OS Patch upgrades feature is currently unavailable. Currently patching must be performed manually by your Linux administrator on the proxy VM.
Is a reboot required after patching?
A reboot is required if the Linux kernel is updated, as kernel changes do not take effect until the system restarts.
For non-kernel updates, such as application packages, libraries, or security patches that do not modify the kernel, a reboot is generally not required.
Will patching or rebooting the proxy impact backup operations?
Yes. Rebooting a backup proxy interrupts any active backup or restore jobs running through that specific proxy.
To avoid disruptions, perform patching and any required reboot during a planned maintenance window when no backup or restore activities are in progress.
In environments with multiple backup proxies, other available proxies will continue processing backup and restore jobs while the affected proxy is offline.
