The 2020 R3plus OS Security Update addresses multiple third-party components within the listed Dell EMC Avamar products that require a security update to address various vulnerabilities. This is a cumulative update that includes vulnerabilities addressed in previous updates as well as new vulnerabilities.
"Plus" OS Security Updates are provided for those customers who are required by regulation to address critical security vulnerabilities within a 60-day period. The "plus" OS Security Updates are only supported on the most recent Avamar Server Software (currently 19.3/19.4) and SLES OS releases (currently SLES12SP5). It is recommended that all other customers continue to use the standard quarterly security updates which support multiple Avamar releases running on multiple SLES versions.
Note: The CVEs remedied by this security update are listed in the Release Notes. The Release Notes list not only the new CVEs remedied by this update, but all the past CVEs included in this cumulative update.
This security patch is a set of security updates for various third-party software components installed on the Avamar and NetWorker nodes. The patch addresses multiple security vulnerabilities in those components. The patch applies to all Avamar and NetWorker Products running on the SLES platforms listed above. The products include Avamar single-node servers, multi-node servers, accelerator nodes, Avamar Virtual Edition systems, NetWorker Virtual Edition systems.
This security patch also updates Java JRE to version 8u271 for Avamar Server 19.3/19.4, Avamar Proxy 19.4, Dell EMC Avamar NDMP Accelerator 19.3/19.4, NetWorker Virtual Edition 19.4.
This security patch also updates tomcat to version 8.5.59 for Avamar Server 19.3/19.4.
See NVD (http://nvd.nist.gov/) for individual scores for each CVE
This security patch is a set of security updates for various third-party software components installed on the Avamar and NetWorker nodes. The patch addresses multiple security vulnerabilities in those components. The patch applies to all Avamar and NetWorker Products running on the SLES platforms listed above. The products include Avamar single-node servers, multi-node servers, accelerator nodes, Avamar Virtual Edition systems, NetWorker Virtual Edition systems.
This security patch also updates Java JRE to version 8u271 for Avamar Server 19.3/19.4, Avamar Proxy 19.4, Dell EMC Avamar NDMP Accelerator 19.3/19.4, NetWorker Virtual Edition 19.4.
This security patch also updates tomcat to version 8.5.59 for Avamar Server 19.3/19.4.
See NVD (http://nvd.nist.gov/) for individual scores for each CVE
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.
Affected Products & Remediation
Affected products:
Dell EMC Avamar Server hardware appliance Gen4S/Gen4T with version 19.3 running SUSE Linux Enterprise 12 SP5
Dell EMC Avamar Server hardware appliance Gen4S/Gen4T with version 19.4 running SUSE Linux Enterprise 12 SP5
Dell EMC Avamar Virtual Edition versions 19.3/19.4 running SUSE Linux Enterprise 12 SP5 (including Azure and AWS deployments)
Dell EMC Integrated Data Protection Appliance (IDPA) 2.6
Remediation: Apply the platform security patch to Avamar software version and NetWorker Virtual Edition. The following platform security patch packages are now available to be installed:
The Security Update for Avamar Virtual Edition is customer installable.
The installation process involves shutting down the server software, rebooting all the nodes, and restarting the server software, and so appropriate time needs to be scheduled and allocated to perform this full process.
Dell EMC strongly recommends all customers upgrade at the earliest opportunity.
Dell EMC Integrated Data Protection Appliance (IDPA) 2.6
Remediation: Apply the platform security patch to Avamar software version and NetWorker Virtual Edition. The following platform security patch packages are now available to be installed:
The Security Update for Avamar Virtual Edition is customer installable.
The installation process involves shutting down the server software, rebooting all the nodes, and restarting the server software, and so appropriate time needs to be scheduled and allocated to perform this full process.
Dell EMC strongly recommends all customers upgrade at the earliest opportunity.
NetWorker Family, Avamar, Avamar Data Store Gen4S, Avamar Data Store Gen4T, Avamar Server, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware
, Integrated Data Protection Appliance Software, Product Security Information
...
Article Properties
Article Number: 000180921
Article Type: Dell Security Advisory
Last Modified: 22 Jul 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.
Article Properties
Article Number: 000180921
Article Type: Dell Security Advisory
Last Modified: 22 Jul 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.