Download Information: Version 6.3.2.x Data Protection for VMware

Download Description

Note: IBM Tivoli Storage Manager for Virtual Environments 6.3 reached End-Of-Support (EOS) on April 30, 2017. There will be no support extensions for IBM Tivoli Storage Manager Version 6.3 products. Customers are encouraged to upgrade to a current product release that has not yet reached end of support. See in TSM Family Products with Support Extension contracts available which releases are supported or which are the recommendations for replacement.



Tip: The product now known as IBM Spectrum Protect™ was named IBM Tivoli® Storage Manager in releases earlier than Version 7.1.3. To learn more about the rebranding transition, see technote 1963634.

Download packages for IBM Tivoli Storage Manager Data Protection for VMware versions 6.3.x have been removed from the web as they contain unremediated security vulnerabilities. The latest version of the 6.3 Data Protection for VMware contains fixes for the most recent known security and product issues and can be found below.

Note: About issues and vulnerabilities that have been identified in Data Protection for VMware:

• Because of issues documented in the flash "TSM for VE: DP for VMware may not incrementally back up all data due to VMware issue" http://www.ibm.com/support/docview.wss?uid=swg21689947
  Data Protection for VMware incremental backups may be incomplete as a result of unreliable information returned from a call to one of VMware’s APIs. No indication or error messages are provided to TSM or to the user of this condition. Resolving this problem will require an ESXi fix from VMware. Once the VMware fix becomes available and is applied, use Data Protection for VMware to perform new full backups of all VMs backed up with affected ESXi hosts. Current Data Protection for VMware backup data for those VMs cannot be relied upon.
  
• Data Protection for VMware 6.3.2.1 delivery includes the fix for following security vulnerability. Here the security bulletin:
• "Privilege Escalation Vulnerability in the Data Protection for VMware GUI"http://www.ibm.com/support/docview.wss?uid=swg21673051
  
• Data Protection for VMware 6.3.2.3 delivered because of repackaging to contain the following Linux x86 security vulnerability fixes described in these security bulletins:
• Linux x86 client security vulnerability described in this security bulletin:http://www.ibm.com/support/docview.wss?uid=swg21695715
• UNIX and Linux client security vulnerability, described in this security bulletin:http://www.ibm.com/support/docview.wss?uid=swg21695652
Note: beside the security bulletins above the Linux data mover used with TSM for VE: Data Protection for VMware is also affected by the vulnerability described by this security bulletin:http://www.ibm.com/support/docview.wss?uid=swg21695878.

• Data Protection for VMware 6.3.2.4 delivery includes the fixes for the following security vulnerabilities. Here the security bulletins:
• "Multiple vulnerabilities in IBM Java Runtime affect Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and Tivoli Storage FlashCopy Manager for VMware"http://www.ibm.com/support/docview.wss?uid=swg21882926
• "Multiple vulnerabilities in IBM Java Runtime affect Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and Tivoli Storage FlashCopy Manager for VMware"http://www.ibm.com/support/docview.wss?uid=swg21967498
  
• Data Protection for VMware 6.3.2.5 delivery includes the fixes for the following security vulnerabilities. Here the security bulletins:
• "Cross-site Scripting vulnerability affects IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and IBM Tivoli Storage FlashCopy Manager for VMware"http://www.ibm.com/support/docview.wss?uid=swg21967532
• "Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware and IBM Tivoli Storage FlashCopy Manager for VMware" http://www.ibm.com/support/docview.wss?uid=swg21973085
• "Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and Tivoli Storage FlashCopy Manager for VMware affected by unauthorized access vulnerability"http://www.ibm.com/support/docview.wss?uid=swg21973086
• "Vulnerability in Apache Commons affects IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and IBM Tivoli Storage FlashCopy Manager for VMware" http://www.ibm.com/support/docview.wss?uid=swg21972373
Note: To upgrade to the Data Protection for VMware Linux x86 6.3.2.5 package on RHEL 5 from an earlier Data Protection for VMware version, run the installer (installLinux.bin) from the command line. Launching installLinux.bin from a File Manager will not upgrade all components correctly.

• Data Protection for VMware 6.3.2.6 delivery includes the fixes for the following security vulnerabilities. Here the security bulletins:
• "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and IBM Tivoli Storage FlashCopy Manager for VMware (CVE-2015-4872)". These issues were disclosed as part of the IBM Java SDK updates for October 2015.
  http://www.ibm.com/support/docview.wss?uid=swg21979496
• "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and IBM Tivoli Storage FlashCopy Manager for VMware (CVE-2015-7575)". These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as "SLOTH"http://www.ibm.com/support/docview.wss?uid=swg21978694

• Data Protection for VMware 6.3.2.7 delivery includes the fix for the following security vulnerability. Vulnerability in InstallShield affects IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (CVE-2016-2542) http://www.ibm.com/support/docview.wss?uid=swg21983815
• Data Protection for VMware 6.3.2.8 delivery includes the fixes for the following security vulnerabilities. Here the security bulletins:
• Multiple vulnerabilites in IBM Java Runtime affect IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware on Windows (CVE-2016-3485)
  http://www.ibm.com/support/docview.wss?uid=swg21995792
• Security Bulletin: Vulnerabilities in IBM WebSphere Application Server affect Tivoli Storage Manager (IBM Spectrum Protect) for Virtual Environments: Data Protection for VMware (CVE-2016-5986, CVE-2016-3092)
  http://www.ibm.com/support/docview.wss?uid=swg21995793

Note: About vulnerabilities that have been identified in Tivoli Storage Manager Client/API:

The Tivoli Storage Manager Client/API are used as components of Data Protection for VMware. The Tivoli Storage Manager Backup-Archive Client also known as Data Mover is a separate prerequisite and is not included in the Data Protection for VMware installation package. The Tivoli Storage Manager Client API is also a prerequisite of Data Protection for VMware and is installed as a part of the default Data Protection for VMware installation process. Be aware that all Data Protection for VMware functional components must be at the same Fix Pack level. Within a given Fix Pack level, the interim fix level can differ.

See in the "Flashes, alerts and bulletins for Tivoli Storage Manager for Virtual Environments Support Portal" for vulnerabilities that have been identified in Tivoli Storage Manager affecting beside other Tivoli Storage Manager products also Data Protection for VMware.

Instructions to replace Tivoli Storage Manager Client/API on system where Data Protection for VMware is installed within a Fix Pack level :

• If the Tivoli Storage Manager Client (data mover) is installed on this system, its possible to upgrade the Data Mover by installing the new Tivoli Storage Manager Client package. This will update the Tivoli Storage Manager API as well.
• If the Tivoli Storage Manager Client (data mover) is not installed on this system (for example if only GUI is installed):
• On a Linux system its possible to upgrade the Tivoli Storage Manager API by installing the new API package
• On a Windows system its necessary to install the Tivoli Storage Manager Client package which installs automatically the new API package

Interim fix packages contain no license enablement file. You must already have the 6.3.0.0 or 6.3.1.0 base package to obtain the license enablement file required to use the product. For information about how to download and install the Version 6.3.1 package using the Passport Advantage Online Web site, please refer to the download document: http://www.ibm.com/support/docview.wss?uid=swg24034094