|
Note November, 2008: Security Problem Forces Client Updates
We have been informed of a security exposure in the Tivoli Storage
Manager client software, in a part called the Client Acceptor Daemon.
Because this security hole exists in the client software, rather than
the server software, we cannot fix it. Instead you have to fix it -- you must update to the newest versions of the TSM client for your platform.
The CAD exists in the TSM client on all modern platforms, including
Windows, Macintosh, and all Unix including Linux. This
vulnerability directly applies to all UIC Mac OS X TSM users, and
it could possibly affect any other platforms as well.
The CAD is the way that you run automatic TSM backups on Macintoshes. And in addition to the CAD problem, there is a another problem with case-sensitive file systems on Macs that needs to be fixed.
We have uploaded the new version of the Mac OS TSM clients that fix both problems to ADSM Download and
ftp.uic.edu.
It was previously thought that the versions for obsolete operating systems were immune to this bug, but that appears not to be the case, and there are no patched versions for some of those O/Ss. See the list on the ADSM Download page.
We strongly urge everyone to install the new client version for their platform
right away. In most cases, the new version can simply be installed on top of the
previous version, and all your settings will be saved. You will need to
reboot after upgrading, in order for the automatic scheduler to be
restarted with the new fixed code. And even if you can not, the new clients are easy to install and setting up the automatic scheduler is no longer an art.
|
