DSA-2024-198: Security update for Dell Avamar, NetWorker Virtual Edition and PowerProtect DP Series Appliance / Dell Integrated Data Protection Appliance for Multiple Vulnerabilities
Resumen: Dell Avamar, Dell NetWorker Virtual Edition (NVE) and Dell PowerProtect DP Series Appliance /Integrated Data Protection Appliance (IDPA) remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system. ...
Este artículo se aplica a
Este artículo no se aplica a
Este artículo no está vinculado a ningún producto específico.
No se identifican todas las versiones del producto en este artículo.
Impacto
Critical
Detalles
| Third-party Component | CVEs | More Information |
|---|---|---|
| Oracle JRE 8u401 | CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20922, CVE-2024-20923, CVE-2024-20925, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/, cpujan2024 |
| kernel-default |
CVE-2019-25162, CVE-2020-36777, CVE-2020-36784, CVE-2021-33631, CVE-2021-46906, CVE-2021-46915, CVE-2021-46921, CVE-2021-46924, CVE-2021-46929, CVE-2021-46932, CVE-2021-46953, CVE-2021-46974, CVE-2021-46991, CVE-2021-46992, CVE-2021-47013, CVE-2021-47054, CVE-2021-47076, CVE-2021-47077, CVE-2021-47078, CVE-2022-48627, CVE-2023-28746, CVE-2023-35827, CVE-2023-46343, CVE-2023-46838, CVE-2023-47233, CVE-2023-51042, CVE-2023-51043, CVE-2023-51780, CVE-2023-51782, CVE-2023-52340, CVE-2023-52429, CVE-2023-52443, CVE-2023-52445, CVE-2023-52449, CVE-2023-52451, CVE-2023-52464, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52502, CVE-2023-52530, CVE-2023-52531, CVE-2023-52532, CVE-2023-52574, CVE-2023-52597, CVE-2023-52605, CVE-2023-6040, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2024-0340, CVE-2024-0607, CVE-2024-0775, CVE-2024-1086, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26595, CVE-2024-26600, CVE-2024-26622, CVE-2022-2586, CVE-2023-6121, CVE-2023-6606, CVE-2023-6610, CVE-2023-6931, CVE-2023-6932, CVE-2023-0461, CVE-2023-31083, CVE-2023-39197, CVE-2023-39198, CVE-2023-45863, CVE-2023-45871, CVE-2023-5717 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Avahi | CVE-2023-38469, CVE-2023-38471 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Bluetooth | CVE-2020-26555, CVE-2023-51779 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| GNU Emacs | CVE-2022-48337, CVE-2022-48339 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| GitHub repository usememos/memos | CVE-2022-4806 | https://nvd.nist.gov/vuln/detail/CVE-2022-4806 |
| Artifex Ghostscript | CVE-2020-36773 | https://nvd.nist.gov/vuln/detail/CVE-2020-36773 |
| ImageMagick | CVE-2019-17540, CVE-2020-21679, CVE-2021-20224, CVE-2022-32545, CVE-2022-32546, CVE-2022-32547, CVE-2022-44267, CVE-2022-44268, CVE-2023-1289, CVE-2023-3195, CVE-2023-34151, CVE-2023-3745, CVE-2023-5341 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| 3rd Gen Intel® Xeon® Scalable processor family | CVE-2023-22655, CVE-2023-38575, CVE-2023-39368, CVE-2023-43490 | INTEL-SA-00960 |
| Mozilla-NSS | CVE-2023-5388 | https://nvd.nist.gov/vuln/detail/CVE-2023-5388 |
| OpenSSL | CVE-2024-0727 |
See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Python3 | CVE-2023-40217, CVE-2023-6597, CVE-2023-27043, CVE-2023-5752, CVE-2007-4559, CVE-2015-20107, CVE-2020-10735, CVE-2021-28861, CVE-2022-40899, CVE-2022-45061, CVE-2022-48564, CVE-2022-48565, CVE-2022-48566, CVE-2023-24329, CVE-2020-27783, CVE-2021-28957, CVE-2023-45322 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| OpenSSH | CVE-2020-16135, CVE-2021-3634, CVE-2023-1667, CVE-2023-2283, CVE-2023-48795, CVE-2023-6004, CVE-2023-6918, CVE-2012-4559, CVE-2012-4560, CVE-2012-4561, CVE-2013-0176, CVE-2014-0017, CVE-2014-8132, CVE-2015-3146, CVE-2016-0739, CVE-2018-10933, CVE-2019-14889, CVE-2020-1730, CVE-2015-8325, CVE-2016-0777, CVE-2016-0778, CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012, CVE-2016-6210, CVE-2016-6515, CVE-2016-8858, CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2021-28041, CVE-2021-41617, CVE-2023-38408, CVE-2023-51385 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libtiff | CVE-2015-8668, CVE-2023-40745, CVE-2023-41175, CVE-2023-52356, CVE-2017-5849 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libvirt | CVE-2024-1441, CVE-2024-2496 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libxml2 | CVE-2024-25062 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| postgresql14 | CVE-2024-0985 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Sudo | CVE-2023-42465 | https://nvd.nist.gov/vuln/detail/CVE-2023-42465 |
| vim-data-common | CVE-2023-4750, CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2024-22667 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
Corrección y productos afectados
| CVE(s) Addressed | Product | Affected Version(s) | Updated Version(s) | Link to Update |
|---|---|---|---|---|
| Multiple Third-Party Components See Release Notes |
Dell Avamar Server Hardware Appliance Gen4T/ Gen5A |
Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5 | Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2024R1 | AvPlatformOsRollup_2024-R1-v2.avp |
| Multiple Third-Party Components See Release Notes |
Dell Avamar Virtual Edition | Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5 (including Azure and AWS deployments) | Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2024R1 | AvPlatformOsRollup_2024-R1-v2.avp |
| Multiple Third-Party Components See Release Notes |
Dell Avamar NDMP Accelerator | Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5 | Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2024R1 | AvPlatformOsRollup_2024-R1-v2.avp |
| Multiple Third-Party Components See Release Notes |
Dell Avamar VMware Image Proxy | Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5 | Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2024R1 | Avamar Proxy Bundle 2024-R1-v2.avp |
| Multiple Third-Party Components See Release Notes |
Dell Networker Virtual Edition (NVE) | Versions 19.4.x, 19.5.x, 19.6.x, 19.7.x, 19.8.x, 19.9.x, 19.10.x running SUSE Linux Enterprise 12 SP5 | Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2024R1 | NvePlatformOsRollup_2024-R1-v2.avp |
| Multiple Third-Party Components See Release Notes |
Dell Power Protect DP Series Appliance / Dell Integrated Data Protection Appliance (IDPA) | Version 2.7.x running on SLES12SP5 | Version 2.7.6 with latest AV Platform OS Security Rollup 2024R1 | AvPlatformOsRollup_2024-R1-v2.avp |
| CVE(s) Addressed | Product | Affected Version(s) | Updated Version(s) | Link to Update |
|---|---|---|---|---|
| Multiple Third-Party Components See Release Notes |
Dell Avamar Server Hardware Appliance Gen4T/ Gen5A |
Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5 | Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2024R1 | AvPlatformOsRollup_2024-R1-v2.avp |
| Multiple Third-Party Components See Release Notes |
Dell Avamar Virtual Edition | Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5 (including Azure and AWS deployments) | Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2024R1 | AvPlatformOsRollup_2024-R1-v2.avp |
| Multiple Third-Party Components See Release Notes |
Dell Avamar NDMP Accelerator | Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5 | Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2024R1 | AvPlatformOsRollup_2024-R1-v2.avp |
| Multiple Third-Party Components See Release Notes |
Dell Avamar VMware Image Proxy | Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5 | Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2024R1 | Avamar Proxy Bundle 2024-R1-v2.avp |
| Multiple Third-Party Components See Release Notes |
Dell Networker Virtual Edition (NVE) | Versions 19.4.x, 19.5.x, 19.6.x, 19.7.x, 19.8.x, 19.9.x, 19.10.x running SUSE Linux Enterprise 12 SP5 | Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2024R1 | NvePlatformOsRollup_2024-R1-v2.avp |
| Multiple Third-Party Components See Release Notes |
Dell Power Protect DP Series Appliance / Dell Integrated Data Protection Appliance (IDPA) | Version 2.7.x running on SLES12SP5 | Version 2.7.6 with latest AV Platform OS Security Rollup 2024R1 | AvPlatformOsRollup_2024-R1-v2.avp |
- The CVEs remedied by this security update are listed in the Release Notes. The Release Notes list not only the new CVEs remedied by this update, but all the past CVEs included in this cumulative update.
- For Dell Power Protect DP Series Appliance / Dell Integrated Data Protection Appliance (IDPA) Customers, Upgrade to PowerProtect DP 2.7.6 is strongly recommended prior to applying additional security patches. The patches can also be applied to the Appliances running PowerProtect DP 2.7.2 (all models) and PowerProtect DP2.7.4 (DP4400 model only)
- Dell recommends that you always upgrade to the latest release/version for your product
- Please refer KB article: https://www.dell.com/support/kbdoc/en-us/000225020 for any SSH key issues related to OS Rollup 2024 R1.
Historial de revisiones
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-05-07 | Initial Release |
| 2.0 | 2024-05-14 | Updated the AvPlatform links under Affected Products and Remediation section |
| 3.0 | 2024-05-15 | Updated Additional Information section. |
Información relacionada
Descargo de responsabilidad
Productos afectados
Avamar, NetWorker Family, Avamar Data Store, Avamar Data Store Gen4T, Avamar Data Store Gen5A, Avamar Plug-in for NDMP, Avamar Server, Avamar Virtual Edition, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family
, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software, NetWorker, NetWorker Series, vCloud Director Data Protection Extension
...
Propiedades del artículo
Número del artículo: 000224827
Tipo de artículo: Dell Security Advisory
Última modificación: 06 nov 2025
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.