DSA-2019-054: Dell EMC Data Protection Advisor Security Update for Oracle Java Runtime Environment (JRE) Vulnerabilities

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

Medium

Details

Summary:       
The Oracle JRE component within Dell EMC Data Protection Advisor requires a security update to address various vulnerabilities.

Oracle JRE has been updated for the following vulnerabilities:       

CVE-2019-2540    CVE-2018-11212    CVE-2019-2426    CVE-2019-2449
CVE-2019-2422

 
Refer to the Oracle Advisory for further information:      
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixJAVA

The Oracle Java SE patches are cumulative; patches included in a Critical Patch Update will include all fixes from the previous Critical Patch Updates.

For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.  

Oracle JRE has been updated for the following vulnerabilities:       

CVE-2019-2540    CVE-2018-11212    CVE-2019-2426    CVE-2019-2449
CVE-2019-2422

 
Refer to the Oracle Advisory for further information:      
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixJAVA

The Oracle Java SE patches are cumulative; patches included in a Critical Patch Update will include all fixes from the previous Critical Patch Updates.

For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.  

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Affected products: 
Dell EMC Data Protection Advisor 6.5 prior to patch 136
Dell EMC Data Protection Advisor 18.1 prior to patch 74
Dell EMC Data Protection Advisor 18.2 prior to patch 26
Dell EMC Integrated Data Protection Appliance 2.0
Dell EMC Integrated Data Protection Appliance 2.1
Dell EMC Integrated Data Protection Appliance 2.2
Dell EMC Integrated Data Protection Appliance 2.3


Remediation:
The following Dell EMC Data Protection Advisor releases contain a resolution to these vulnerabilities:       

  • Dell EMC Data Protection Advisor version 6.5 patch 136 or later

  • Dell EMC Data Protection Advisor version 18.1 patch 74 or later

  • Dell EMC Data Protection Advisor version 18.2 patch 26 or later

  • Dell EMC Integrated Data Protection Appliance 2.0 and 2.1   Upgrade to Integrated Data Protection Appliance 2.3 and apply Dell EMC Data Protection Advisor version 18.2 patch 26 or later

  • Dell EMC Integrated Data Protection Appliance 2.2   Apply Dell EMC Data Protection Advisor version 6.5 patch 136 or later

  • Dell EMC Integrated Data Protection Appliance 2.3   Apply Dell EMC Data Protection Advisor version 18.2 patch 26 or later

Dell EMC recommends all customers download the required patch from Dell EMC Online Support Data Protection Advisor product page (support.emc.com) and install it at the earliest opportunity.


Link to Remedies:      
Registered Dell EMC Online Support customers can download the required patch from support.emc.com at https://support.emc.com/downloads/829_Data-Protection-Advisor in the updates section of the downloads.



Affected products: 
Dell EMC Data Protection Advisor 6.5 prior to patch 136
Dell EMC Data Protection Advisor 18.1 prior to patch 74
Dell EMC Data Protection Advisor 18.2 prior to patch 26
Dell EMC Integrated Data Protection Appliance 2.0
Dell EMC Integrated Data Protection Appliance 2.1
Dell EMC Integrated Data Protection Appliance 2.2
Dell EMC Integrated Data Protection Appliance 2.3


Remediation:
The following Dell EMC Data Protection Advisor releases contain a resolution to these vulnerabilities:       

  • Dell EMC Data Protection Advisor version 6.5 patch 136 or later

  • Dell EMC Data Protection Advisor version 18.1 patch 74 or later

  • Dell EMC Data Protection Advisor version 18.2 patch 26 or later

  • Dell EMC Integrated Data Protection Appliance 2.0 and 2.1   Upgrade to Integrated Data Protection Appliance 2.3 and apply Dell EMC Data Protection Advisor version 18.2 patch 26 or later

  • Dell EMC Integrated Data Protection Appliance 2.2   Apply Dell EMC Data Protection Advisor version 6.5 patch 136 or later

  • Dell EMC Integrated Data Protection Appliance 2.3   Apply Dell EMC Data Protection Advisor version 18.2 patch 26 or later

Dell EMC recommends all customers download the required patch from Dell EMC Online Support Data Protection Advisor product page (support.emc.com) and install it at the earliest opportunity.


Link to Remedies:      
Registered Dell EMC Online Support customers can download the required patch from support.emc.com at https://support.emc.com/downloads/829_Data-Protection-Advisor in the updates section of the downloads.



Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

Data Protection Advisor

Products

Data Protection Advisor, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software, Product Security Information
Article Properties
Article Number: 000153684
Article Type: Dell Security Advisory
Last Modified: 22 May 2021
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.