BMR VaultOS, as a Linux package, contains a glibc library that is vulnerable per this defined vulnerability CVE-2015-0235.
However, VaultOS is not intended to be the OS on a running system. It has specific uses within backup and restore and in general there are no other applications running or installed that could attack this machine via this glibc vulnerability.
While the current release of VaultOS contains a vulnerable glibc library, running BMR in a normal operating manner doesn’t expose risk to this vulnerability.
For those customers who are not comfortable running a BMR version that does contain a vulnerability, a version of VaultOS will be made available that does not contain the glibc vulnerability.
In order to resolve this issue in NetVault 9.x and 10.x, customers may request from Customer Support BMR version 10.0.0.8 (or higher).
This BMR version and all subsequent versions include the latest version of glibc built into VaultOS and the BMR Offline Client for Linux plugin.
Updated plug-ins can be found at the below links: