How to apply hot fixes Avamar ESA for CVE-2017-12611


   Article Number:     504735                                   Article Version: 9     Article Type:    Break Fix 




Avamar Server 7.3,Avamar Server 7.4.1-58,Avamar Server 7.5.0-183,Avamar Server 7.3.1-125,Avamar Server 7.3.0-233,Avamar Server 7.3.0-226,Avamar Server 7.3.0-225,Avamar Virtual Edition 7.5.0-183,Avamar Virtual Edition 7.4.1-58





The goal of this KB Article is to provide instructions for customers to download and install hot fixes for their Avamar systems to address the ESA for CVE-2017-12611.  This KB article can be used to install the following hot fixes on the associated Avamar SW versions:   

  •         Avamar Server Version 7.5.0 with Hotfix 288273     
  •         Avamar Server Version 7.4.1 with Hotfix 287942     
  •         Avamar Server Version 7.3.1 with Hotfix 288905     
  •         Avamar Server Version 7.3.0 with Hotfix 288906     







      This procedure describes how to install various AVP hot fixes on an Avamar Server.  The steps for applying the hot fix is consistent for all Avamar Server versions, however the screenshots used in this KB article are for reference only.  The actual screens on your system may appear slightly different.     

       It utilizes an Avamar workflow package (AVP) that automates the software steps needed to complete this activity. While this is an automated process, monitoring progress and response to prompts for user input, including any errors that may occur during the operation is required.   
  •         Valid license installed on the Avamar Server     
  •         Healthy system functioning normally     
  •         No activities running (backups or restores)     
  •         Internet Explorer, FireFox, or Chrome Browser.     
    1. Copy the Installation package to the Avamar Server   

      Before software installation, the Avamar Hot Fix package (AVP file) needs to be downloaded and  copied to the Avamar Server.       
      See Appendix A in the notes section for download and copy instructions.   


      2. Run the Installation Workflow Package (AVP):     
      To run a workflow package, perform the following:   


      In the web browser URL address box , type:     
        Where <AvamarServer> is the hostname or IP address of the Avamar Server


      The EMC Avamar Installation Manager login page appears.       
        NOTE - you may receive a security warning from your browser and be required to add an exception prior to reaching the login screen. 


      Installation Manager Login   




      Type the root user account in the User Name field and the password in the Password field.         
          Click Login.         
          The EMC Avamar Installation Manager page appears (figure below)


      When the Avamar Hot Fix Package appears click the Install button to execute the workflow.         
          Note: If the package is not visible in the GUI verify the package was copied to the correct location.         
          It may also take several (15)  minutes for the package to appear. (click the refresh button top right).          
          Note: Ignore any other packages that may appear.
      After a few moments the Installation Setup screen below will appear:   




      Click on the "Continue" at the bottom of the screen.   


      The installation will run and will display its progress as it runs.   






      Once the installation is complete the progress page will show "Completed hotfix-287942" in the     
      information log at the bottom of the page.     


      Installation Completed   


      The procedure is completed and you may exit or logout of the Installation manager.     







Instructions for downloading and copying  Hotfix AVPs and checksum files to the Avamar system    
    1. Download the AVP hot fix file from  for the appropriate Avamar hot fix for the Avamar SW version.     

        2. Copy the AVP and checksum files to the Avamar Server     
        Using pscp (or equivalent) copy the .avp file to the Avamar Server:     

        pscp -pw <PASSWORD> <FILENAME> admin@<IP _ADDRESS>:<PATH>       
          PASSWORD = the admin password of the  Server         
          FILENAME = the absolute path of the .avp file on the download server         
                                (for example    C:\Users\username\Desktop\v7_4_1_58_HF_287942.avp
        IP_ADDRESS = the IP address of the Server       
        PATH =  /usr/local/avamar/src/       

        3. Move the AVP file to the packages directory       
                    Using PuTTy login in the the Avamar Server as user admin.       

        If you have not done so already, change to the root user using the linux su command:         
          su -
        provide the root user password.           
            Change directories to location of the hot fix:


          cd /usr/local/avamar/src/       


        Note: The AVP file must be moved (not copied) into the packages directory.  This is to prevent the installer from detecting and starting to process an incomplete copy.       
        mv ./v7_4_1_58_HF_287942.avp  /data01/avamar/repo/packages/     


        The hot fix file is now in the proper location for installation.  Proceed with the steps from the resolution section above.