Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000182746

DSA-2021-029: Dell EMC Data Protection Central OS Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell EMC Data Protection Central OS Update contains remediation for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Critical

Details


SP2-based systems
Third-party Component CVE(s) More Information
kernel-default=4.4.121-92.146.1 CVE-2020-25705 See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
CVE-2020-25656
CVE-2017-18204
CVE-2020-14351
CVE-2020-8694
CVE-2020-12352
CVE-2020-25645
CVE-2020-14381
CVE-2020-25212
CVE-2020-14390
CVE-2020-25643
CVE-2020-26088
CVE-2020-0432
CVE-2020-0431
CVE-2020-0427
CVE-2020-0404
CVE-2020-25284
krb5=1.12.5-40.40.2 CVE-2020-28196  
libFLAC8=1.3.0-12.3.1 CVE-2020-0499  
libX11-6=1.6.2-12.15.1
libX11-data=1.6.2-12.15.1		 CVE-2020-14363  
libgcc_s1=10.2.1+git583-1.3.5
libstdc++6=10.2.1+git583-1.3.5		 CVE-2020-13844  
libldap-2_4-2=2.4.41-18.77.1
openldap2=2.4.41-18.77.1
openldap2-client=2.4.41-18.77.1		 CVE-2020-25692  
libpython2_7-1_0=2.7.17-28.59.1
python-base=2.7.17-28.59.1
python-xml=2.7.17-28.59.1		 CVE-2019-20916  
CVE-2020-26116
CVE-2019-20907
libpython3_4m1_0=3.4.10-25.58.1
python3=3.4.10-25.58.1
python3-base=3.4.10-25.58.1		 CVE-2019-20916  
CVE-2020-26116
libsasl2-3=2.1.26-8.13.1 CVE-2019-19906  
libxml2-2=2.9.4-46.37.1
libxml2-tools=2.9.4-46.37.1		 CVE-2020-24977  
CVE-2019-19956
CVE-2019-20388
CVE-2020-7595
CVE-2016-9318
CVE-2018-9251
CVE-2018-14567
CVE-2018-14404
CVE-2017-18258
libzypp=16.21.4-27.73.1 CVE-2019-18900  
openssh-fips=7.2p2-74.57.1
openssh-helpers=7.2p2-74.57.1
openssh=7.2p2-74.57.1		 CVE-2020-14145  
sudo=1.8.10p3-10.29.1 CVE-2021-3156  
CVE-2021-23239

SP5-based systems
Third-party Component CVE(s) More Information
kernel-default=4.12.14-122.57.1 CVE-2020-28374  
CVE-2020-36158
CVE-2020-27825
CVE-2020-0466
CVE-2020-27068
CVE-2020-0465
CVE-2020-0444
CVE-2020-29660
CVE-2020-29661
libFLAC8=1.3.0-12.3.1 CVE-2020-0499  
libldap-2_4-2=2.4.41-18.80.1
openldap2=2.4.41-18.80.1		 CVE-2020-25709  
libpython3_6m1_0=3.6.12-4.28.1
python36-base=3.6.12-4.28.1
python36=3.6.12-4.28.1		 CVE-2020-27619  
libsasl2-3=2.1.26-8.13.1 CVE-2019-19906  
libstdc++6=10.2.1+git583-1.3.5 CVE-2020-13844  
libxml2-2=2.9.4-46.37.1
libxml2-tools=2.9.4-46.37.1		 CVE-2017-7376  
CVE-2017-7375
CVE-2017-9047
CVE-2017-9049
CVE-2017-0663
CVE-2017-5969
CVE-2017-9050
CVE-2017-9048
CVE-2016-9597
CVE-2016-4658
CVE-2016-3627
CVE-2016-1837
CVE-2016-1840
CVE-2016-1762
CVE-2015-1819
CVE-2015-5312
CVE-2015-7497
CVE-2015-7498
CVE-2015-7499
CVE-2015-7500
CVE-2015-7941
CVE-2015-7942
CVE-2015-8241
CVE-2015-8242
CVE-2015-8317
CVE-2015-8710
CVE-2014-0191
CVE-2012-5134
CVE-2013-0338
CVE-2013-1969
CVE-2010-4494
CVE-2011-1944
CVE-2008-4225
CVE-2008-4226
CVE-2008-4409
openssh-fips=7.2p2-78.10.1
openssh-helpers=7.2p2-78.10.1
openssh=7.2p2-78.10.1		 CVE-2020-14145  
sudo=1.8.27-4.6.1 CVE-2021-3156  
CVE-2021-23239
CVE-2021-23240


SP2-based systems
Third-party Component CVE(s) More Information
kernel-default=4.4.121-92.146.1 CVE-2020-25705 See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
CVE-2020-25656
CVE-2017-18204
CVE-2020-14351
CVE-2020-8694
CVE-2020-12352
CVE-2020-25645
CVE-2020-14381
CVE-2020-25212
CVE-2020-14390
CVE-2020-25643
CVE-2020-26088
CVE-2020-0432
CVE-2020-0431
CVE-2020-0427
CVE-2020-0404
CVE-2020-25284
krb5=1.12.5-40.40.2 CVE-2020-28196  
libFLAC8=1.3.0-12.3.1 CVE-2020-0499  
libX11-6=1.6.2-12.15.1
libX11-data=1.6.2-12.15.1		 CVE-2020-14363  
libgcc_s1=10.2.1+git583-1.3.5
libstdc++6=10.2.1+git583-1.3.5		 CVE-2020-13844  
libldap-2_4-2=2.4.41-18.77.1
openldap2=2.4.41-18.77.1
openldap2-client=2.4.41-18.77.1		 CVE-2020-25692  
libpython2_7-1_0=2.7.17-28.59.1
python-base=2.7.17-28.59.1
python-xml=2.7.17-28.59.1		 CVE-2019-20916  
CVE-2020-26116
CVE-2019-20907
libpython3_4m1_0=3.4.10-25.58.1
python3=3.4.10-25.58.1
python3-base=3.4.10-25.58.1		 CVE-2019-20916  
CVE-2020-26116
libsasl2-3=2.1.26-8.13.1 CVE-2019-19906  
libxml2-2=2.9.4-46.37.1
libxml2-tools=2.9.4-46.37.1		 CVE-2020-24977  
CVE-2019-19956
CVE-2019-20388
CVE-2020-7595
CVE-2016-9318
CVE-2018-9251
CVE-2018-14567
CVE-2018-14404
CVE-2017-18258
libzypp=16.21.4-27.73.1 CVE-2019-18900  
openssh-fips=7.2p2-74.57.1
openssh-helpers=7.2p2-74.57.1
openssh=7.2p2-74.57.1		 CVE-2020-14145  
sudo=1.8.10p3-10.29.1 CVE-2021-3156  
CVE-2021-23239

SP5-based systems
Third-party Component CVE(s) More Information
kernel-default=4.12.14-122.57.1 CVE-2020-28374  
CVE-2020-36158
CVE-2020-27825
CVE-2020-0466
CVE-2020-27068
CVE-2020-0465
CVE-2020-0444
CVE-2020-29660
CVE-2020-29661
libFLAC8=1.3.0-12.3.1 CVE-2020-0499  
libldap-2_4-2=2.4.41-18.80.1
openldap2=2.4.41-18.80.1		 CVE-2020-25709  
libpython3_6m1_0=3.6.12-4.28.1
python36-base=3.6.12-4.28.1
python36=3.6.12-4.28.1		 CVE-2020-27619  
libsasl2-3=2.1.26-8.13.1 CVE-2019-19906  
libstdc++6=10.2.1+git583-1.3.5 CVE-2020-13844  
libxml2-2=2.9.4-46.37.1
libxml2-tools=2.9.4-46.37.1		 CVE-2017-7376  
CVE-2017-7375
CVE-2017-9047
CVE-2017-9049
CVE-2017-0663
CVE-2017-5969
CVE-2017-9050
CVE-2017-9048
CVE-2016-9597
CVE-2016-4658
CVE-2016-3627
CVE-2016-1837
CVE-2016-1840
CVE-2016-1762
CVE-2015-1819
CVE-2015-5312
CVE-2015-7497
CVE-2015-7498
CVE-2015-7499
CVE-2015-7500
CVE-2015-7941
CVE-2015-7942
CVE-2015-8241
CVE-2015-8242
CVE-2015-8317
CVE-2015-8710
CVE-2014-0191
CVE-2012-5134
CVE-2013-0338
CVE-2013-1969
CVE-2010-4494
CVE-2011-1944
CVE-2008-4225
CVE-2008-4226
CVE-2008-4409
openssh-fips=7.2p2-78.10.1
openssh-helpers=7.2p2-78.10.1
openssh=7.2p2-78.10.1		 CVE-2020-14145  
sudo=1.8.27-4.6.1 CVE-2021-3156  
CVE-2021-23239
CVE-2021-23240

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product Affected Version(s) Updated Version(s) Link to Update  
Dell EMC Data Protection Central 1.0.0, 1.0.1, 18.1, 18.2, 19.1, 19.2, 19.3, 19.4 1.0.0, 1.0.1, 18.1, 18.2, 19.1, 19.2, 19.3, 19.4 Software

Release Notes		  
 
Dell EMC IDPA System Manager 18.1, 18.2, 19.2 18.1, 18.2, 19.2 Software

Release Notes		  


Dell EMC creates and distributes the Data Protection Central OS Update.  These DPC OS Updates contain security patches from third party components for the Data Protection Central system. See Data Protection Central OS Update Release Notes for more information.

For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.   To search for a particular CVE, use the database’s search utility at http://web.nvd.nist.gov/view/vuln/search.


Resolution: 
Apply the Data Protection Central OS Update to all Data Protection Central systems installed via DPC OVA deployment; DPC systems installed without use of the DPC OVA are not updated by the DPC OS Update procedure.
To upgrade your Dell EMC Data Protection Central system, see https://support.emc.com/kb/522157 for installation instructions.
Product Affected Version(s) Updated Version(s) Link to Update  
Dell EMC Data Protection Central 1.0.0, 1.0.1, 18.1, 18.2, 19.1, 19.2, 19.3, 19.4 1.0.0, 1.0.1, 18.1, 18.2, 19.1, 19.2, 19.3, 19.4 Software

Release Notes		  
 
Dell EMC IDPA System Manager 18.1, 18.2, 19.2 18.1, 18.2, 19.2 Software

Release Notes		  


Dell EMC creates and distributes the Data Protection Central OS Update.  These DPC OS Updates contain security patches from third party components for the Data Protection Central system. See Data Protection Central OS Update Release Notes for more information.

For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.   To search for a particular CVE, use the database’s search utility at http://web.nvd.nist.gov/view/vuln/search.


Resolution: 
Apply the Data Protection Central OS Update to all Data Protection Central systems installed via DPC OVA deployment; DPC systems installed without use of the DPC OVA are not updated by the DPC OS Update procedure.
To upgrade your Dell EMC Data Protection Central system, see https://support.emc.com/kb/522157 for installation instructions.

Workarounds and Mitigations

None

Revision History

RevisionDateDescription
1.02021-02-04Initial release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Information

Article Properties

Affected Product

Data Protection Central

Product

Data Protection Central, Product Security Information

Last Published Date

22 May 2021

Version

3

Article Type

Dell Security Advisory

Back to Top