Latest Fixes for Current Release: 11.38.25
https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/464/626/098/201/251/original/1e08cf8bfc350eb5.png
https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/464/626/098/201/251/original/1e08cf8bfc350eb5.png
Notices where this attachment appears
-
Embed this notice
Will Dormann (wdormann@infosec.exchange)'s status on Thursday, 08-May-2025 13:25:43 JST 
Will Dormann
I'll admit that even with the updated explicit instructions on how to get Commvault updates, I fail to see how one can get these mythical SP38-CU25-434 and SP38-CU25-438 optional updates.
When I first go to "Download or copy software", Commvault tells me that I'm Up-to-date
If I manually force a download of Latest Fixes for Current Release: 11.38.25, I get an installer that specifies:
[Image Information]
Version=11.80.380.0
ServicePack=38
SPTranID=6988515
UnixTime=1732240991
RevisionNumber=1352
Tip=1
ReducedMedia=1And if I run this installer and even reboot for good measure, the system is still vulnerable. And the jar that contains the vulnerable code, cv-ac-common.jar has not changed from my original 11.38.25 vulnerable system.
I'm not particularly good with computers, so hopefully Commvault sysadmins in the real world are better at this than I am. But I'll admit that even with explicit instructions, I have no idea how to get the updates that protect me against CVE-2025-34028.🤷♂️
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.