DSA-2023-268 Security Update for Dell Avamar, NetWorker Virtual Edition and PowerProtect DP Series Appliance / Integrated Data Protection Appliance for Multiple Vulnerabilities
Zusammenfassung: Dell Avamar, Dell NetWorker Virtual Edition (NVE) and Dell PowerProtect DP Series Appliance /Integrated Data Protection Appliance (IDPA) remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system. ...
Dieser Artikel gilt für
Dieser Artikel gilt nicht für
Dieser Artikel ist nicht an ein bestimmtes Produkt gebunden.
In diesem Artikel werden nicht alle Produktversionen aufgeführt.
Auswirkungen
Critical
Details
| Third-Party Component | CVEs | More Information |
|---|---|---|
| OpenPrinting CUPS | CVE-2023-32324 | |
| CURL | CVE-2019-15601, CVE-2019-5435, CVE-2020-8169, CVE-2021-22297, CVE-2021-22298, CVE-2021-22890, CVE-2021-22901, CVE-2021-22945, CVE-2022-27774, CVE-2022-27775, CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-30115, CVE-2022-32205, CVE-2022-32207, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916, CVE-2022-43551, CVE-2023-23914, CVE-2023-23915, CVE-2023-27537, CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322 | |
| Dmidecode | CVE-2023-30630 | |
| Dnsmasq | CVE-2023-28450 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/  |
| Linux kernel | CVE-2020-36691, CVE-2021-3923, CVE-2022-20567, CVE-2022-3566, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2023-1076, CVE-2023-1095, CVE-2023-1281, CVE-2023-1380, CVE-2023-1390, CVE-2023-1513, CVE-2023-1611, CVE-2023-1670, CVE-2023-1855, CVE-2023-1989, CVE-2023-1990, CVE-2023-1998, CVE-2023-2124, CVE-2023-2162, CVE-2023-2176, CVE-2023-2194, CVE-2023-2269, CVE-2023-23455, CVE-2023-2483, CVE-2023-2513, CVE-2023-28328, CVE-2023-28464, CVE-2023-28466, CVE-2023-28772, CVE-2023-30772, CVE-2023-31084, CVE-2023-31436, CVE-2023-32269 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| Avahi | CVE-2023-1981 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| Bluetooth3 | CVE-2023-27349 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| c-ares | CVE-2023-31130, CVE-2023-31147, CVE-2023-32067 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| General-Purpose Utility Library -- Library for VFS | CVE-2023-24593, CVE-2023-25180 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| HarfBuzz | CVE-2023-25193 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| Openldap | CVE-2023-2953 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| Ncurses, Terminfo | CVE-2023-29491 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| Openssl | CVE-2023-2650 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| PostgreSQL, Python2 | CVE-2023-2454, CVE-2023-2455 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| Python3, Python36-base, Python36 | CVE-2007-4559 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| Tag Image File Format (TIFF) | CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0799, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| Open VM Tools | CVE-2023-20867 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| Xlib/XCB | CVE-2023-3138 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| XML C library, XML toolkit | CVE-2023-28484, CVE-2023-29469, CVE-2023-31124 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| libwebp5 | CVE-2023-1999 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| NTP 4.2.8p15 | CVE-2023-26551, CVE-2023-26552, CVE-2023-26553, CVE-2023-26554, CVE-2023-26555 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| OpenSC | CVE-2023-2977 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| shadow | CVE-2016-6252, CVE-2017-12424, CVE-2018-7169, CVE-2023-29383 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| supportutils | CVE-2022-45154 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| 3rd Generation Intel(R) Xeon(R) Scalable Processor | CVE-2022-33972 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| ImageMagick | CVE-2023-34151 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| python-requests | CVE-2023-32681 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
Betroffene Produkte und Korrektur
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| Multiple Third-Party Components See Release Notes |
Dell Avamar Server Hardware Appliance Gen4S, Gen4T, Gen5A |
Version 19.3, 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 | Version 19.3, 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2023R2 | Contact support team to install the latest OsRollup https://www.dell.com/support/home/en-us/ |
| Multiple Third-Party Components See Release Notes |
Dell Avamar Virtual Edition | Version 19.3, 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 (including Azure and AWS deployments) | Version 19.3, 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 (including Azure and AWS deployments) with the latest OS Security Rollup 2023R2 | Contact support team to install the latest OsRollup https://www.dell.com/support/home/en-us/ |
| Multiple Third-Party Components See Release Notes |
Dell Avamar NDMP Accelerator | Version 19.3, 19.4 running SUSE Linux Enterprise 12 SP4 | Version 19.3, 19.4 running SUSE Linux Enterprise 12 SP4 with the latest OS Security Rollup 2023R2 | Contact support team to install the latest OsRollup https://www.dell.com/support/home/en-us/ |
| Multiple Third-Party Components See Release Notes |
Dell Avamar NDMP Accelerator | Version 19.3, 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 | Version 19.3, 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2023R2 | Contact support team to install the latest OsRollup https://www.dell.com/support/home/en-us/ |
| Multiple Third-Party Components See Release Notes |
Dell Avamar VMware Image Proxy | Version 19.3 running SUSE Linux Enterprise 12 SP4 | Version 19.3 running SUSE Linux Enterprise 12 SP4 with the latest OS Security Rollup 2023R2 | Avamar Proxy Bundle 2023-R2-v5 |
| Multiple Third-Party Components See Release Notes |
Dell Avamar VMware Image Proxy | Version 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 | Version 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2023R2 | Avamar Proxy Bundle 2023-R2-v5 |
| Multiple Third-Party Components See Release Notes |
Dell NetWorker Virtual Edition (NVE) | Versions 19.4.x, 19.5.x, 19.6.x, 19.7.x, 19.8.x, 19.9.x running SUSE Linux Enterprise 12 SP5 | Versions 19.4, 19.5, 19.6, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2023R2 | NvePlatformOsRollup_2023-R2-v5.avp |
| Multiple Third-Party Components See Release Notes |
Dell PowerProtect DP Series Appliance / Dell Integrated Data Protection Appliance (IDPA) | Version 2.5 running on SLES12SP4 | Version 2.5 running on SLES12SP4 with the latest OS Security Rollup 2023R2 | Contact support team to install the latest OsRollup https://www.dell.com/support/home/en-us/ |
| Multiple Third-Party Components See Release Notes |
Dell PowerProtect DP Series Appliance / Dell Integrated Data Protection Appliance (IDPA) | Version 2.6.x, 2.7.x running on SLES12SP5 | Version 2.6.x, 2.7.x with the latest OS Security Rollup 2023R2 | Contact support team to install the latest OsRollup https://www.dell.com/support/home/en-us/ |
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| Multiple Third-Party Components See Release Notes |
Dell Avamar Server Hardware Appliance Gen4S, Gen4T, Gen5A |
Version 19.3, 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 | Version 19.3, 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2023R2 | Contact support team to install the latest OsRollup https://www.dell.com/support/home/en-us/ |
| Multiple Third-Party Components See Release Notes |
Dell Avamar Virtual Edition | Version 19.3, 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 (including Azure and AWS deployments) | Version 19.3, 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 (including Azure and AWS deployments) with the latest OS Security Rollup 2023R2 | Contact support team to install the latest OsRollup https://www.dell.com/support/home/en-us/ |
| Multiple Third-Party Components See Release Notes |
Dell Avamar NDMP Accelerator | Version 19.3, 19.4 running SUSE Linux Enterprise 12 SP4 | Version 19.3, 19.4 running SUSE Linux Enterprise 12 SP4 with the latest OS Security Rollup 2023R2 | Contact support team to install the latest OsRollup https://www.dell.com/support/home/en-us/ |
| Multiple Third-Party Components See Release Notes |
Dell Avamar NDMP Accelerator | Version 19.3, 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 | Version 19.3, 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2023R2 | Contact support team to install the latest OsRollup https://www.dell.com/support/home/en-us/ |
| Multiple Third-Party Components See Release Notes |
Dell Avamar VMware Image Proxy | Version 19.3 running SUSE Linux Enterprise 12 SP4 | Version 19.3 running SUSE Linux Enterprise 12 SP4 with the latest OS Security Rollup 2023R2 | Avamar Proxy Bundle 2023-R2-v5 |
| Multiple Third-Party Components See Release Notes |
Dell Avamar VMware Image Proxy | Version 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 | Version 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2023R2 | Avamar Proxy Bundle 2023-R2-v5 |
| Multiple Third-Party Components See Release Notes |
Dell NetWorker Virtual Edition (NVE) | Versions 19.4.x, 19.5.x, 19.6.x, 19.7.x, 19.8.x, 19.9.x running SUSE Linux Enterprise 12 SP5 | Versions 19.4, 19.5, 19.6, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2023R2 | NvePlatformOsRollup_2023-R2-v5.avp |
| Multiple Third-Party Components See Release Notes |
Dell PowerProtect DP Series Appliance / Dell Integrated Data Protection Appliance (IDPA) | Version 2.5 running on SLES12SP4 | Version 2.5 running on SLES12SP4 with the latest OS Security Rollup 2023R2 | Contact support team to install the latest OsRollup https://www.dell.com/support/home/en-us/ |
| Multiple Third-Party Components See Release Notes |
Dell PowerProtect DP Series Appliance / Dell Integrated Data Protection Appliance (IDPA) | Version 2.6.x, 2.7.x running on SLES12SP5 | Version 2.6.x, 2.7.x with the latest OS Security Rollup 2023R2 | Contact support team to install the latest OsRollup https://www.dell.com/support/home/en-us/ |
- The CVEs remedied by this security update are listed in the Release Notes. The Release Notes list not only the new CVEs remedied by this update, but all the past CVEs included in this cumulative update.
- The Security Update (Rollup) applies to all Avamar products running on the SLES platforms listed above. The products include Avamar single-node servers, multi-node servers, accelerator nodes, Avamar Virtual Edition systems, and Avamar Combined Proxy.
- To schedule platform security patch installation, or to upgrade your server, contact Dell Customer Support at https://www.dell.com/support/home/en-us/.
Revisionsverlauf
| Revision | Date | Description |
| 1.0 | 2023-08-02 | Initial Release |
| 2.0 | 2023-08-03 | Updated for enhanced presentation with no change to content |
| 3.0 | 2023-08-17 | Updated for enhanced presentation with no change to content |
| 4.0 | 2023-09-13 | Updated the "Link" column under " Affected Products and Remediation" section with “Contact support team to install the latest OsRollup” along with URL. |
| 5.0 | 2023-10-13 | Updated "Third Party Components" section |
Zugehörige Informationen
Rechtlicher Hinweis
Betroffene Produkte
Avamar, NetWorker Family, PowerProtect Data Manager Appliance, Avamar, Avamar Data Store, Avamar Data Store Gen3, Avamar Data Store Gen4, Avamar Data Store Gen4S, Avamar Data Store Gen4T, Avamar Data Store Gen5A, Avamar Server, Avamar Virtual Edition
, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software, NetWorker Series, NetWorker Module, Product Security Information
...
Artikeleigenschaften
Artikelnummer: 000216397
Artikeltyp: Dell Security Advisory
Zuletzt geändert: 06 Nov. 2025
Antworten auf Ihre Fragen erhalten Sie von anderen Dell NutzerInnen
Support Services
Prüfen Sie, ob Ihr Gerät durch Support Services abgedeckt ist.