Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000182746


DSA-2021-029: Dell EMC Data Protection Central OS Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell EMC Data Protection Central OS Update contains remediation for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content


Impact

Critical

Details


SP2-based systems
Third-party Component CVE(s) More Information
kernel-default=4.4.121-92.146.1 CVE-2020-25705 See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
CVE-2020-25656
CVE-2017-18204
CVE-2020-14351
CVE-2020-8694
CVE-2020-12352
CVE-2020-25645
CVE-2020-14381
CVE-2020-25212
CVE-2020-14390
CVE-2020-25643
CVE-2020-26088
CVE-2020-0432
CVE-2020-0431
CVE-2020-0427
CVE-2020-0404
CVE-2020-25284
krb5=1.12.5-40.40.2 CVE-2020-28196  
libFLAC8=1.3.0-12.3.1 CVE-2020-0499  
libX11-6=1.6.2-12.15.1
libX11-data=1.6.2-12.15.1
CVE-2020-14363  
libgcc_s1=10.2.1+git583-1.3.5
libstdc++6=10.2.1+git583-1.3.5
CVE-2020-13844  
libldap-2_4-2=2.4.41-18.77.1
openldap2=2.4.41-18.77.1
openldap2-client=2.4.41-18.77.1
CVE-2020-25692  
libpython2_7-1_0=2.7.17-28.59.1
python-base=2.7.17-28.59.1
python-xml=2.7.17-28.59.1
CVE-2019-20916  
CVE-2020-26116
CVE-2019-20907
libpython3_4m1_0=3.4.10-25.58.1
python3=3.4.10-25.58.1
python3-base=3.4.10-25.58.1
CVE-2019-20916  
CVE-2020-26116
libsasl2-3=2.1.26-8.13.1 CVE-2019-19906  
libxml2-2=2.9.4-46.37.1
libxml2-tools=2.9.4-46.37.1
CVE-2020-24977  
CVE-2019-19956
CVE-2019-20388
CVE-2020-7595
CVE-2016-9318
CVE-2018-9251
CVE-2018-14567
CVE-2018-14404
CVE-2017-18258
libzypp=16.21.4-27.73.1 CVE-2019-18900  
openssh-fips=7.2p2-74.57.1
openssh-helpers=7.2p2-74.57.1
openssh=7.2p2-74.57.1
CVE-2020-14145  
sudo=1.8.10p3-10.29.1 CVE-2021-3156  
CVE-2021-23239

SP5-based systems
Third-party Component CVE(s) More Information
kernel-default=4.12.14-122.57.1 CVE-2020-28374  
CVE-2020-36158
CVE-2020-27825
CVE-2020-0466
CVE-2020-27068
CVE-2020-0465
CVE-2020-0444
CVE-2020-29660
CVE-2020-29661
libFLAC8=1.3.0-12.3.1 CVE-2020-0499  
libldap-2_4-2=2.4.41-18.80.1
openldap2=2.4.41-18.80.1
CVE-2020-25709  
libpython3_6m1_0=3.6.12-4.28.1
python36-base=3.6.12-4.28.1
python36=3.6.12-4.28.1
CVE-2020-27619  
libsasl2-3=2.1.26-8.13.1 CVE-2019-19906  
libstdc++6=10.2.1+git583-1.3.5 CVE-2020-13844  
libxml2-2=2.9.4-46.37.1
libxml2-tools=2.9.4-46.37.1
CVE-2017-7376  
CVE-2017-7375
CVE-2017-9047
CVE-2017-9049
CVE-2017-0663
CVE-2017-5969
CVE-2017-9050
CVE-2017-9048
CVE-2016-9597
CVE-2016-4658
CVE-2016-3627
CVE-2016-1837
CVE-2016-1840
CVE-2016-1762
CVE-2015-1819
CVE-2015-5312
CVE-2015-7497
CVE-2015-7498
CVE-2015-7499
CVE-2015-7500
CVE-2015-7941
CVE-2015-7942
CVE-2015-8241
CVE-2015-8242
CVE-2015-8317
CVE-2015-8710
CVE-2014-0191
CVE-2012-5134
CVE-2013-0338
CVE-2013-1969
CVE-2010-4494
CVE-2011-1944
CVE-2008-4225
CVE-2008-4226
CVE-2008-4409
openssh-fips=7.2p2-78.10.1
openssh-helpers=7.2p2-78.10.1
openssh=7.2p2-78.10.1
CVE-2020-14145  
sudo=1.8.27-4.6.1 CVE-2021-3156  
CVE-2021-23239
CVE-2021-23240


SP2-based systems
Third-party Component CVE(s) More Information
kernel-default=4.4.121-92.146.1 CVE-2020-25705 See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
CVE-2020-25656
CVE-2017-18204
CVE-2020-14351
CVE-2020-8694
CVE-2020-12352
CVE-2020-25645
CVE-2020-14381
CVE-2020-25212
CVE-2020-14390
CVE-2020-25643
CVE-2020-26088
CVE-2020-0432
CVE-2020-0431
CVE-2020-0427
CVE-2020-0404
CVE-2020-25284
krb5=1.12.5-40.40.2 CVE-2020-28196  
libFLAC8=1.3.0-12.3.1 CVE-2020-0499  
libX11-6=1.6.2-12.15.1
libX11-data=1.6.2-12.15.1
CVE-2020-14363  
libgcc_s1=10.2.1+git583-1.3.5
libstdc++6=10.2.1+git583-1.3.5
CVE-2020-13844  
libldap-2_4-2=2.4.41-18.77.1
openldap2=2.4.41-18.77.1
openldap2-client=2.4.41-18.77.1
CVE-2020-25692  
libpython2_7-1_0=2.7.17-28.59.1
python-base=2.7.17-28.59.1
python-xml=2.7.17-28.59.1
CVE-2019-20916  
CVE-2020-26116
CVE-2019-20907
libpython3_4m1_0=3.4.10-25.58.1
python3=3.4.10-25.58.1
python3-base=3.4.10-25.58.1
CVE-2019-20916  
CVE-2020-26116
libsasl2-3=2.1.26-8.13.1 CVE-2019-19906  
libxml2-2=2.9.4-46.37.1
libxml2-tools=2.9.4-46.37.1
CVE-2020-24977  
CVE-2019-19956
CVE-2019-20388
CVE-2020-7595
CVE-2016-9318
CVE-2018-9251
CVE-2018-14567
CVE-2018-14404
CVE-2017-18258
libzypp=16.21.4-27.73.1 CVE-2019-18900  
openssh-fips=7.2p2-74.57.1
openssh-helpers=7.2p2-74.57.1
openssh=7.2p2-74.57.1
CVE-2020-14145  
sudo=1.8.10p3-10.29.1 CVE-2021-3156  
CVE-2021-23239

SP5-based systems
Third-party Component CVE(s) More Information
kernel-default=4.12.14-122.57.1 CVE-2020-28374  
CVE-2020-36158
CVE-2020-27825
CVE-2020-0466
CVE-2020-27068
CVE-2020-0465
CVE-2020-0444
CVE-2020-29660
CVE-2020-29661
libFLAC8=1.3.0-12.3.1 CVE-2020-0499  
libldap-2_4-2=2.4.41-18.80.1
openldap2=2.4.41-18.80.1
CVE-2020-25709  
libpython3_6m1_0=3.6.12-4.28.1
python36-base=3.6.12-4.28.1
python36=3.6.12-4.28.1
CVE-2020-27619  
libsasl2-3=2.1.26-8.13.1 CVE-2019-19906  
libstdc++6=10.2.1+git583-1.3.5 CVE-2020-13844  
libxml2-2=2.9.4-46.37.1
libxml2-tools=2.9.4-46.37.1
CVE-2017-7376  
CVE-2017-7375
CVE-2017-9047
CVE-2017-9049
CVE-2017-0663
CVE-2017-5969
CVE-2017-9050
CVE-2017-9048
CVE-2016-9597
CVE-2016-4658
CVE-2016-3627
CVE-2016-1837
CVE-2016-1840
CVE-2016-1762
CVE-2015-1819
CVE-2015-5312
CVE-2015-7497
CVE-2015-7498
CVE-2015-7499
CVE-2015-7500
CVE-2015-7941
CVE-2015-7942
CVE-2015-8241
CVE-2015-8242
CVE-2015-8317
CVE-2015-8710
CVE-2014-0191
CVE-2012-5134
CVE-2013-0338
CVE-2013-1969
CVE-2010-4494
CVE-2011-1944
CVE-2008-4225
CVE-2008-4226
CVE-2008-4409
openssh-fips=7.2p2-78.10.1
openssh-helpers=7.2p2-78.10.1
openssh=7.2p2-78.10.1
CVE-2020-14145  
sudo=1.8.27-4.6.1 CVE-2021-3156  
CVE-2021-23239
CVE-2021-23240

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product Affected Version(s) Updated Version(s) Link to Update  
Dell EMC Data Protection Central 1.0.0, 1.0.1, 18.1, 18.2, 19.1, 19.2, 19.3, 19.4 1.0.0, 1.0.1, 18.1, 18.2, 19.1, 19.2, 19.3, 19.4 Software

Release Notes
 
 
Dell EMC IDPA System Manager 18.1, 18.2, 19.2 18.1, 18.2, 19.2 Software

Release Notes
 


Dell EMC creates and distributes the Data Protection Central OS Update.  These DPC OS Updates contain security patches from third party components for the Data Protection Central system. See Data Protection Central OS Update Release Notes for more information.

For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.   To search for a particular CVE, use the database’s search utility at http://web.nvd.nist.gov/view/vuln/search.


Resolution: 
Apply the Data Protection Central OS Update to all Data Protection Central systems installed via DPC OVA deployment; DPC systems installed without use of the DPC OVA are not updated by the DPC OS Update procedure.
To upgrade your Dell EMC Data Protection Central system, see https://support.emc.com/kb/522157 for installation instructions.
Product Affected Version(s) Updated Version(s) Link to Update  
Dell EMC Data Protection Central 1.0.0, 1.0.1, 18.1, 18.2, 19.1, 19.2, 19.3, 19.4 1.0.0, 1.0.1, 18.1, 18.2, 19.1, 19.2, 19.3, 19.4 Software

Release Notes
 
 
Dell EMC IDPA System Manager 18.1, 18.2, 19.2 18.1, 18.2, 19.2 Software

Release Notes
 


Dell EMC creates and distributes the Data Protection Central OS Update.  These DPC OS Updates contain security patches from third party components for the Data Protection Central system. See Data Protection Central OS Update Release Notes for more information.

For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.   To search for a particular CVE, use the database’s search utility at http://web.nvd.nist.gov/view/vuln/search.


Resolution: 
Apply the Data Protection Central OS Update to all Data Protection Central systems installed via DPC OVA deployment; DPC systems installed without use of the DPC OVA are not updated by the DPC OS Update procedure.
To upgrade your Dell EMC Data Protection Central system, see https://support.emc.com/kb/522157 for installation instructions.

Workarounds and Mitigations

None

Revision History

RevisionDateDescription
1.02021-02-04Initial release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


The information in this Dell Technologies Security Advisory should be read and used to assist in avoiding situations that may arise from the problems described herein. Dell Technologies distributes Security Advisories to bring important security information to the attention of users of the affected product(s). Dell Technologies assesses the risk based on an average of risks across a diverse set of installed systems and may not represent the actual risk to your local installation and individual environment. It is recommended that all users determine the applicability of this information to their individual environments and take appropriate actions. The information set forth herein is provided "as is" without warranty of any kind. Dell Technologies expressly disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Dell Technologies, its affiliates or suppliers, be liable for any damages whatsoever arising from or related to the information contained herein or actions that you decide to take based thereon, including any direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell Technologies, its affiliates or suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation shall apply to the extent permissible under law.

Article Properties


Affected Product

Data Protection Central

Product

Data Protection Central, Product Security Information

Last Published Date

22 May 2021

Version

3

Article Type

Dell Security Advisory

Rate This Article


Accurate
Useful
Easy to Understand
Was this article helpful?

0/3000 characters