DSA-2021-195: Dell EMC Data Protection Central Security and Dell EMC PowerProtect Data Protection Update for Multiple Third-Party Component Vulnerabilities
Summary: Dell EMC Data Protection Central and Dell EMC PowerProtect Data Protection remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Critical
Details
SP2-based systems
SuSE is not distributing updates for SLES 12 SP2 any longer.
SP5-based systems
SuSE is not distributing updates for SLES 12 SP2 any longer.
SP5-based systems
| Third-party Component | CVEs | More Information |
| libsystemd0=228-157.30.1 libudev1=228-157.30.1 systemd-bash-completion=228-157.30.1 systemd-sysvinit=228-157.30.1 systemd=228-157.30.1 udev=228-157.30.1 |
CVE-2021-33910 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
| runc=1.0.0~rc93-16.11.1 | CVE-2016-9962 | |
| CVE-2018-16873 | ||
| CVE-2018-16874 | ||
| CVE-2018-16875 | ||
| CVE-2019-16884 | ||
| CVE-2019-19921 | ||
| CVE-2019-5736 | ||
| CVE-2021-30465 | ||
| containerd=1.4.4-16.42.1 | CVE-2016-9962 | |
| CVE-2018-16873 | ||
| CVE-2018-16874 | ||
| CVE-2018-16875 | ||
| CVE-2019-5736 | ||
| CVE-2020-15157 | ||
| CVE-2020-15257 | ||
| CVE-2021-21334 | ||
| CVE-2021-32760 | ||
| libpcre2-8-0=10.34-1.3.1 | CVE-2015-2326 | |
| CVE-2017-7186 | ||
| CVE-2017-8786 | ||
| dbus-1=1.8.22-35.2 libdbus-1-3=1.8.22-35.2 |
CVE-2019-12749 | |
| CVE-2020-12049 | ||
| CVE-2020-35512 | ||
| cpio-lang=2.11-36.15.1 cpio=2.11-36.15.1 |
CVE-2021-38185 | |
| kernel-default=4.12.14-122.83.1 | CVE-2019-25045 | |
| CVE-2020-0429 | ||
| CVE-2020-24588 | ||
| CVE-2020-26558 | ||
| CVE-2020-36385 | ||
| CVE-2020-36386 | ||
| CVE-2021-0129 | ||
| CVE-2021-0512 | ||
| CVE-2021-0605 | ||
| CVE-2021-22543 | ||
| CVE-2021-22555 | ||
| CVE-2021-33624 | ||
| CVE-2021-33909 | ||
| CVE-2021-34693 | ||
| CVE-2021-3609 | ||
| CVE-2021-3612 | ||
| CVE-2021-3659 | ||
| CVE-2021-37576 | ||
| libmspack0=0.4-15.10.1 | CVE-2018-14681 | |
| CVE-2018-14682 | ||
| glibc-i18ndata=2.22-114.12.1 glibc-locale=2.22-114.12.1 glibc=2.22-114.12.1 |
CVE-2016-10228 | |
| CVE-2021-35942 | ||
| rsync=3.1.3-1.19 | CVE-2011-1097 | |
| CVE-2014-2855 | ||
| CVE-2014-8242 | ||
| CVE-2014-9512 | ||
| CVE-2017-16548 | ||
| CVE-2017-17433 | ||
| CVE-2017-17434 | ||
| CVE-2018-5764 | ||
| git-core=2.26.2-27.46.4 | CVE-2005-4900 | |
| CVE-2011-2186 | ||
| CVE-2014-9390 | ||
| CVE-2016-2315 | ||
| CVE-2016-2324 | ||
| CVE-2017-1000117 | ||
| CVE-2017-14867 | ||
| CVE-2017-15298 | ||
| CVE-2017-8386 | ||
| CVE-2018-11233 | ||
| CVE-2018-11235 | ||
| CVE-2018-17456 | ||
| CVE-2018-19486 | ||
| CVE-2019-1348 | ||
| CVE-2019-1349 | ||
| CVE-2019-1351 | ||
| CVE-2019-1353 | ||
| CVE-2019-19604 | ||
| CVE-2020-11008 | ||
| CVE-2021-21300 | ||
| java-1_8_0-openjdk-headless=1.8.0.302-27.63.2 java-1_8_0-openjdk=1.8.0.302-27.63.2 |
CVE-2020-14556 | |
| CVE-2020-14577 | ||
| CVE-2020-14578 | ||
| CVE-2020-14579 | ||
| CVE-2020-14581 | ||
| CVE-2020-14583 | ||
| CVE-2020-14593 | ||
| CVE-2020-14621 | ||
| CVE-2020-14779 | ||
| CVE-2020-14781 | ||
| CVE-2020-14782 | ||
| CVE-2020-14792 | ||
| CVE-2020-14796 | ||
| CVE-2020-14797 | ||
| CVE-2020-14798 | ||
| CVE-2020-14803 | ||
| CVE-2021-2161 | ||
| CVE-2021-2163 | ||
| CVE-2021-2341 | ||
| CVE-2021-2369 | ||
| CVE-2021-2388 | ||
| docker=20.10.6_ce-98.66.1 | CVE-2014-3499 | |
| CVE-2014-5277 | ||
| CVE-2014-6407 | ||
| CVE-2014-6408 | ||
| CVE-2014-8178 | ||
| CVE-2014-8179 | ||
| CVE-2014-9356 | ||
| CVE-2014-9357 | ||
| CVE-2014-9358 | ||
| CVE-2015-3627 | ||
| CVE-2015-3629 | ||
| CVE-2015-3630 | ||
| CVE-2015-3631 | ||
| CVE-2016-3697 | ||
| CVE-2016-8867 | ||
| CVE-2016-9962 | ||
| CVE-2017-14992 | ||
| CVE-2017-16539 | ||
| CVE-2018-10892 | ||
| CVE-2018-15664 | ||
| CVE-2018-16873 | ||
| CVE-2018-16874 | ||
| CVE-2018-16875 | ||
| CVE-2018-20699 | ||
| CVE-2019-13509 | ||
| CVE-2019-14271 | ||
| CVE-2020-13401 | ||
| CVE-2020-15257 | ||
| CVE-2021-21284 | ||
| libsndfile1=1.0.25-36.23.1 | CVE-2018-19432 | |
| CVE-2018-19758 | ||
| CVE-2021-3246 | ||
| curl=7.60.0-11.23.1 libcurl4=7.60.0-11.23.1 |
CVE-2021-22922 | |
| CVE-2021-22923 | ||
| CVE-2021-22924 | ||
| CVE-2021-22925 |
SP2-based systems
SuSE is not distributing updates for SLES 12 SP2 any longer.
SP5-based systems
SuSE is not distributing updates for SLES 12 SP2 any longer.
SP5-based systems
| Third-party Component | CVEs | More Information |
| libsystemd0=228-157.30.1 libudev1=228-157.30.1 systemd-bash-completion=228-157.30.1 systemd-sysvinit=228-157.30.1 systemd=228-157.30.1 udev=228-157.30.1 |
CVE-2021-33910 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
| runc=1.0.0~rc93-16.11.1 | CVE-2016-9962 | |
| CVE-2018-16873 | ||
| CVE-2018-16874 | ||
| CVE-2018-16875 | ||
| CVE-2019-16884 | ||
| CVE-2019-19921 | ||
| CVE-2019-5736 | ||
| CVE-2021-30465 | ||
| containerd=1.4.4-16.42.1 | CVE-2016-9962 | |
| CVE-2018-16873 | ||
| CVE-2018-16874 | ||
| CVE-2018-16875 | ||
| CVE-2019-5736 | ||
| CVE-2020-15157 | ||
| CVE-2020-15257 | ||
| CVE-2021-21334 | ||
| CVE-2021-32760 | ||
| libpcre2-8-0=10.34-1.3.1 | CVE-2015-2326 | |
| CVE-2017-7186 | ||
| CVE-2017-8786 | ||
| dbus-1=1.8.22-35.2 libdbus-1-3=1.8.22-35.2 |
CVE-2019-12749 | |
| CVE-2020-12049 | ||
| CVE-2020-35512 | ||
| cpio-lang=2.11-36.15.1 cpio=2.11-36.15.1 |
CVE-2021-38185 | |
| kernel-default=4.12.14-122.83.1 | CVE-2019-25045 | |
| CVE-2020-0429 | ||
| CVE-2020-24588 | ||
| CVE-2020-26558 | ||
| CVE-2020-36385 | ||
| CVE-2020-36386 | ||
| CVE-2021-0129 | ||
| CVE-2021-0512 | ||
| CVE-2021-0605 | ||
| CVE-2021-22543 | ||
| CVE-2021-22555 | ||
| CVE-2021-33624 | ||
| CVE-2021-33909 | ||
| CVE-2021-34693 | ||
| CVE-2021-3609 | ||
| CVE-2021-3612 | ||
| CVE-2021-3659 | ||
| CVE-2021-37576 | ||
| libmspack0=0.4-15.10.1 | CVE-2018-14681 | |
| CVE-2018-14682 | ||
| glibc-i18ndata=2.22-114.12.1 glibc-locale=2.22-114.12.1 glibc=2.22-114.12.1 |
CVE-2016-10228 | |
| CVE-2021-35942 | ||
| rsync=3.1.3-1.19 | CVE-2011-1097 | |
| CVE-2014-2855 | ||
| CVE-2014-8242 | ||
| CVE-2014-9512 | ||
| CVE-2017-16548 | ||
| CVE-2017-17433 | ||
| CVE-2017-17434 | ||
| CVE-2018-5764 | ||
| git-core=2.26.2-27.46.4 | CVE-2005-4900 | |
| CVE-2011-2186 | ||
| CVE-2014-9390 | ||
| CVE-2016-2315 | ||
| CVE-2016-2324 | ||
| CVE-2017-1000117 | ||
| CVE-2017-14867 | ||
| CVE-2017-15298 | ||
| CVE-2017-8386 | ||
| CVE-2018-11233 | ||
| CVE-2018-11235 | ||
| CVE-2018-17456 | ||
| CVE-2018-19486 | ||
| CVE-2019-1348 | ||
| CVE-2019-1349 | ||
| CVE-2019-1351 | ||
| CVE-2019-1353 | ||
| CVE-2019-19604 | ||
| CVE-2020-11008 | ||
| CVE-2021-21300 | ||
| java-1_8_0-openjdk-headless=1.8.0.302-27.63.2 java-1_8_0-openjdk=1.8.0.302-27.63.2 |
CVE-2020-14556 | |
| CVE-2020-14577 | ||
| CVE-2020-14578 | ||
| CVE-2020-14579 | ||
| CVE-2020-14581 | ||
| CVE-2020-14583 | ||
| CVE-2020-14593 | ||
| CVE-2020-14621 | ||
| CVE-2020-14779 | ||
| CVE-2020-14781 | ||
| CVE-2020-14782 | ||
| CVE-2020-14792 | ||
| CVE-2020-14796 | ||
| CVE-2020-14797 | ||
| CVE-2020-14798 | ||
| CVE-2020-14803 | ||
| CVE-2021-2161 | ||
| CVE-2021-2163 | ||
| CVE-2021-2341 | ||
| CVE-2021-2369 | ||
| CVE-2021-2388 | ||
| docker=20.10.6_ce-98.66.1 | CVE-2014-3499 | |
| CVE-2014-5277 | ||
| CVE-2014-6407 | ||
| CVE-2014-6408 | ||
| CVE-2014-8178 | ||
| CVE-2014-8179 | ||
| CVE-2014-9356 | ||
| CVE-2014-9357 | ||
| CVE-2014-9358 | ||
| CVE-2015-3627 | ||
| CVE-2015-3629 | ||
| CVE-2015-3630 | ||
| CVE-2015-3631 | ||
| CVE-2016-3697 | ||
| CVE-2016-8867 | ||
| CVE-2016-9962 | ||
| CVE-2017-14992 | ||
| CVE-2017-16539 | ||
| CVE-2018-10892 | ||
| CVE-2018-15664 | ||
| CVE-2018-16873 | ||
| CVE-2018-16874 | ||
| CVE-2018-16875 | ||
| CVE-2018-20699 | ||
| CVE-2019-13509 | ||
| CVE-2019-14271 | ||
| CVE-2020-13401 | ||
| CVE-2020-15257 | ||
| CVE-2021-21284 | ||
| libsndfile1=1.0.25-36.23.1 | CVE-2018-19432 | |
| CVE-2018-19758 | ||
| CVE-2021-3246 | ||
| curl=7.60.0-11.23.1 libcurl4=7.60.0-11.23.1 |
CVE-2021-22922 | |
| CVE-2021-22923 | ||
| CVE-2021-22924 | ||
| CVE-2021-22925 |
Affected Products & Remediation
| Product | Affected Versions | Updated Versions | Link to Update | |
| Dell EMC Data Protection Central | 18.1, 18.2, 19.1, 19.2, 19.3, 19.4, and 19.5 | 18.1, 18.2, 19.1, 19.2, 19.3, 19.4, and 19.5 | To upgrade your Dell EMC Data Protection Central system, see KB article 34881: Data Protection Central: How to Install the Data Protection Central operating system Update for installation instructions. Software Release Notes |
|
| Dell EMC PowerProtect Data Protection | 2.7 and below | Dell EMC Data Protection Central Update | Software Release Notes |
| Product | Affected Versions | Updated Versions | Link to Update | |
| Dell EMC Data Protection Central | 18.1, 18.2, 19.1, 19.2, 19.3, 19.4, and 19.5 | 18.1, 18.2, 19.1, 19.2, 19.3, 19.4, and 19.5 | To upgrade your Dell EMC Data Protection Central system, see KB article 34881: Data Protection Central: How to Install the Data Protection Central operating system Update for installation instructions. Software Release Notes |
|
| Dell EMC PowerProtect Data Protection | 2.7 and below | Dell EMC Data Protection Central Update | Software Release Notes |
Workarounds & Mitigations
None.
Revision History
| Revision | Date | Description |
| 1.0 | 2021-09-22 | Initial Release |
| 2.0 | 2021-10-20 | PowerProtect Data Protection Added |
Related Information
Legal Disclaimer
Affected Products
Data Protection Central, PowerProtect DP4400, Data Protection Central, PowerProtect DP5300, PowerProtect DP5800, PowerProtect DP8300, PowerProtect DP8800, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family
, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software, PowerProtect DP5900, PowerProtect DP8400, PowerProtect DP8900, Product Security Information
...
Article Properties
Article Number: 000191727
Article Type: Dell Security Advisory
Last Modified: 20 Oct 2021
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.