For all Axcient employees that support x360Recover Partners:
x360Recover will be releasing an enhanced version of the software (v2016.10.31) the evening of Wednesday, November 2, 2016. Here is a summary of the updates and improvements you should see in the new version:
Important Security Updates:
Due to a recently discovered security vulnerability in the Linux kernel, it is highly recommended that all x360Recover partners update the Linux kernel on all of their devices as soon as possible. To simplify this process Axcient has included a script to perform this task. The below steps should be performed on each Appliance, Vault, and Global Management Portal within a partner’s organization.
Instructions for applying the Dirty Cow fix after the update has been installed on Wednesday evening:
For queries about the Vaults:
Axcient is aware of, and has assessed the risk, to x360Recover Vaults, pertaining to Dirty Cow (aka CVE-2016-5195). The current risk to the x360Recover Vaults themselves are deemed as a low risk because all logical Vault users are privileged accounts currently; therefore, escalation of privileges provides no benefit to a would-be attacker. Axcient is committed to remediating all security risks and vulnerabilities - the x360Recover Vaults are no exception to that rule. Vaults will be updated with the x360Recover software once the patch is released Wednesday, November 2, 2016.
For queries about the software:
Dirty Cow (aka CVE-2016-5195) is a recently discovered vulnerability pertaining to the Linux Kernel and found in all versions of Linux for the past nine years. This particular vulnerability could allow access to privilege functions for non-privileged users. After the public announcement of this vulnerability Ubuntu (the version of Linux bundled with x360Recover Software) patched the kernel in all currently supported versions of the operating system.
x360Recover software has been developed to utilize specific features within the Linux Kernel and is tightly integrated into the operating system it is bundled with. As such, an update to the Kernel could have performance, security, and reliability impacts to x360Recover users. Axcient has remediated any risks to the x360Recover software and has tested the software to ensure the patch does not provide any such impacts. Axcient will handle any hosted Vaults or Management Portals for you.
Further, an updated ISO has been posted to https://axcient.com/products/replibit. It is important to always download a new ISO before deploying a new device.