DSA-2024-198: Security update for Dell Avamar, NetWorker Virtual Edition and PowerProtect DP Series Appliance / Dell Integrated Data Protection Appliance for Multiple Vulnerabilities

摘要: Dell Avamar, Dell NetWorker Virtual Edition (NVE) and Dell PowerProtect DP Series Appliance /Integrated Data Protection Appliance (IDPA) remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system. ...

受影响的产品

本文适用于本文不适用于本文并非针对某种特定的产品。本文并非包含所有产品版本。

影响

Critical

详情

Third-party Component	CVEs	More Information
Oracle JRE 8u401	CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20922, CVE-2024-20923, CVE-2024-20925, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/, cpujan2024
kernel-default	CVE-2019-25162, CVE-2020-36777, CVE-2020-36784, CVE-2021-33631, CVE-2021-46906, CVE-2021-46915, CVE-2021-46921, CVE-2021-46924, CVE-2021-46929, CVE-2021-46932, CVE-2021-46953, CVE-2021-46974, CVE-2021-46991, CVE-2021-46992, CVE-2021-47013, CVE-2021-47054, CVE-2021-47076, CVE-2021-47077, CVE-2021-47078, CVE-2022-48627, CVE-2023-28746, CVE-2023-35827, CVE-2023-46343, CVE-2023-46838, CVE-2023-47233, CVE-2023-51042, CVE-2023-51043, CVE-2023-51780, CVE-2023-51782, CVE-2023-52340, CVE-2023-52429, CVE-2023-52443, CVE-2023-52445, CVE-2023-52449, CVE-2023-52451, CVE-2023-52464, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52502, CVE-2023-52530, CVE-2023-52531, CVE-2023-52532, CVE-2023-52574, CVE-2023-52597, CVE-2023-52605, CVE-2023-6040, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2024-0340, CVE-2024-0607, CVE-2024-0775, CVE-2024-1086, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26595, CVE-2024-26600, CVE-2024-26622, CVE-2022-2586, CVE-2023-6121, CVE-2023-6606, CVE-2023-6610, CVE-2023-6931, CVE-2023-6932, CVE-2023-0461, CVE-2023-31083, CVE-2023-39197, CVE-2023-39198, CVE-2023-45863, CVE-2023-45871, CVE-2023-5717	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
Avahi	CVE-2023-38469, CVE-2023-38471	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
Bluetooth	CVE-2020-26555, CVE-2023-51779	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
GNU Emacs	CVE-2022-48337, CVE-2022-48339	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
GitHub repository usememos/memos	CVE-2022-4806	https://nvd.nist.gov/vuln/detail/CVE-2022-4806
Artifex Ghostscript	CVE-2020-36773	https://nvd.nist.gov/vuln/detail/CVE-2020-36773
ImageMagick	CVE-2019-17540, CVE-2020-21679, CVE-2021-20224, CVE-2022-32545, CVE-2022-32546, CVE-2022-32547, CVE-2022-44267, CVE-2022-44268, CVE-2023-1289, CVE-2023-3195, CVE-2023-34151, CVE-2023-3745, CVE-2023-5341	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
3rd Gen Intel® Xeon® Scalable processor family	CVE-2023-22655, CVE-2023-38575, CVE-2023-39368, CVE-2023-43490	INTEL-SA-00960 , INTEL-SA-00982 , INTEL-SA-00972 , INTEL-SA-01045
Mozilla-NSS	CVE-2023-5388	https://nvd.nist.gov/vuln/detail/CVE-2023-5388
OpenSSL	CVE-2024-0727	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
Python3	CVE-2023-40217, CVE-2023-6597, CVE-2023-27043, CVE-2023-5752, CVE-2007-4559, CVE-2015-20107, CVE-2020-10735, CVE-2021-28861, CVE-2022-40899, CVE-2022-45061, CVE-2022-48564, CVE-2022-48565, CVE-2022-48566, CVE-2023-24329, CVE-2020-27783, CVE-2021-28957, CVE-2023-45322	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
OpenSSH	CVE-2020-16135, CVE-2021-3634, CVE-2023-1667, CVE-2023-2283, CVE-2023-48795, CVE-2023-6004, CVE-2023-6918, CVE-2012-4559, CVE-2012-4560, CVE-2012-4561, CVE-2013-0176, CVE-2014-0017, CVE-2014-8132, CVE-2015-3146, CVE-2016-0739, CVE-2018-10933, CVE-2019-14889, CVE-2020-1730, CVE-2015-8325, CVE-2016-0777, CVE-2016-0778, CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012, CVE-2016-6210, CVE-2016-6515, CVE-2016-8858, CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2021-28041, CVE-2021-41617, CVE-2023-38408, CVE-2023-51385	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
libtiff	CVE-2015-8668, CVE-2023-40745, CVE-2023-41175, CVE-2023-52356, CVE-2017-5849	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
libvirt	CVE-2024-1441, CVE-2024-2496	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
libxml2	CVE-2024-25062	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
postgresql14	CVE-2024-0985	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/
Sudo	CVE-2023-42465	https://nvd.nist.gov/vuln/detail/CVE-2023-42465
vim-data-common	CVE-2023-4750, CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2024-22667	See NVD link below for individual scores for each CVE. https://nvd.nist.gov/

Dell Technologies 建议所有客户考虑 CVSS 基本分数以及任何相关的时间和环境分数，这可能会影响与特定安全漏洞相关的潜在严重程度。

受影响的产品和补救措施

CVE(s) Addressed	Product	Affected Version(s)	Updated Version(s)	Link to Update
Multiple Third-Party Components See Release Notes	Dell Avamar Server Hardware Appliance Gen4T/ Gen5A	Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5	Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2024R1	AvPlatformOsRollup_2024-R1-v2.avp
Multiple Third-Party Components See Release Notes	Dell Avamar Virtual Edition	Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5 (including Azure and AWS deployments)	Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2024R1	AvPlatformOsRollup_2024-R1-v2.avp
Multiple Third-Party Components See Release Notes	Dell Avamar NDMP Accelerator	Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5	Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2024R1	AvPlatformOsRollup_2024-R1-v2.avp
Multiple Third-Party Components See Release Notes	Dell Avamar VMware Image Proxy	Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5	Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2024R1	Avamar Proxy Bundle 2024-R1-v2.avp
Multiple Third-Party Components See Release Notes	Dell Networker Virtual Edition (NVE)	Versions 19.4.x, 19.5.x, 19.6.x, 19.7.x, 19.8.x, 19.9.x, 19.10.x running SUSE Linux Enterprise 12 SP5	Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2024R1	NvePlatformOsRollup_2024-R1-v2.avp
Multiple Third-Party Components See Release Notes	Dell Power Protect DP Series Appliance / Dell Integrated Data Protection Appliance (IDPA)	Version 2.7.x running on SLES12SP5	Version 2.7.6 with latest AV Platform OS Security Rollup 2024R1	AvPlatformOsRollup_2024-R1-v2.avp

CVE(s) Addressed	Product	Affected Version(s)	Updated Version(s)	Link to Update
Multiple Third-Party Components See Release Notes	Dell Avamar Server Hardware Appliance Gen4T/ Gen5A	Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5	Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2024R1	AvPlatformOsRollup_2024-R1-v2.avp
Multiple Third-Party Components See Release Notes	Dell Avamar Virtual Edition	Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5 (including Azure and AWS deployments)	Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2024R1	AvPlatformOsRollup_2024-R1-v2.avp
Multiple Third-Party Components See Release Notes	Dell Avamar NDMP Accelerator	Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5	Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2024R1	AvPlatformOsRollup_2024-R1-v2.avp
Multiple Third-Party Components See Release Notes	Dell Avamar VMware Image Proxy	Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5	Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2024R1	Avamar Proxy Bundle 2024-R1-v2.avp
Multiple Third-Party Components See Release Notes	Dell Networker Virtual Edition (NVE)	Versions 19.4.x, 19.5.x, 19.6.x, 19.7.x, 19.8.x, 19.9.x, 19.10.x running SUSE Linux Enterprise 12 SP5	Version 19.4, 19.7, 19.8, 19.9, 19.10 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2024R1	NvePlatformOsRollup_2024-R1-v2.avp
Multiple Third-Party Components See Release Notes	Dell Power Protect DP Series Appliance / Dell Integrated Data Protection Appliance (IDPA)	Version 2.7.x running on SLES12SP5	Version 2.7.6 with latest AV Platform OS Security Rollup 2024R1	AvPlatformOsRollup_2024-R1-v2.avp

The CVEs remedied by this security update are listed in the Release Notes. The Release Notes list not only the new CVEs remedied by this update, but all the past CVEs included in this cumulative update.
For Dell Power Protect DP Series Appliance / Dell Integrated Data Protection Appliance (IDPA) Customers, Upgrade to PowerProtect DP 2.7.6 is strongly recommended prior to applying additional security patches. The patches can also be applied to the Appliances running PowerProtect DP 2.7.2 (all models) and PowerProtect DP2.7.4 (DP4400 model only)
Dell recommends that you always upgrade to the latest release/version for your product
Please refer KB article: https://www.dell.com/support/kbdoc/en-us/000225020 for any SSH key issues related to OS Rollup 2024 R1.

To schedule platform security patch installation, or to upgrade your server, contact Dell Customer Support at https://www.dell.com/support/home/product-support/product/avamar/drivers

修订历史记录

Revision	Date	Description
1.0	2024-05-07	Initial Release
2.0	2024-05-14	Updated the AvPlatform links under Affected Products and Remediation section
3.0	2024-05-15	Updated Additional Information section.

法律免责声明

受影响的产品

Avamar, NetWorker Family, Avamar Data Store, Avamar Data Store Gen4T, Avamar Data Store Gen5A, Avamar Plug-in for NDMP, Avamar Server, Avamar Virtual Edition, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family , PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software, NetWorker, NetWorker Series, vCloud Director Data Protection Extension ...

文章编号: 000224827

文章类型: Dell Security Advisory

上次修改时间: 06 11月 2025

DSA-2024-198: Security update for Dell Avamar, NetWorker Virtual Edition and PowerProtect DP Series Appliance / Dell Integrated Data Protection Appliance for Multiple Vulnerabilities

摘要: Dell Avamar, Dell NetWorker Virtual Edition (NVE) and Dell PowerProtect DP Series Appliance /Integrated Data Protection Appliance (IDPA) remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system. ...

影响

详情

受影响的产品和补救措施

修订历史记录

相关信息

法律免责声明

受影响的产品

影响

详情

受影响的产品和补救措施

修订历史记录

相关信息

法律免责声明

受影响的产品

文章属性

从其他戴尔用户那里查找问题的答案

支持服务

文章属性

从其他戴尔用户那里查找问题的答案

支持服务

DSA-2024-198: Security update for Dell Avamar, NetWorker Virtual Edition and PowerProtect DP Series Appliance / Dell Integrated Data Protection Appliance for Multiple Vulnerabilities

详细文章

影响

详情

受影响的产品和补救措施

修订历史记录

相关信息

法律免责声明

受影响的产品

影响

详情

受影响的产品和补救措施

修订历史记录

相关信息

法律免责声明

受影响的产品

文章属性

从其他戴尔用户那里查找问题的答案

支持服务

文章属性

从其他戴尔用户那里查找问题的答案

支持服务