Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000183192


DSA-2021-039: Dell EMC Avamar and NetWorker Security Update for Multiple Components

Summary: The 2020 R4plus OS Security Update addresses multiple third-party components within the listed Dell Avamar products that require a security update to address various vulnerabilities. This is a cumulative update that includes vulnerabilities addressed in previous updates as well as new vulnerabilities. "Plus" OS Security Updates are provided for those customers who are required by regulation to address critical security vulnerabilities within a 60-day period. The "plus" OS Security Updates are only supported on the most recent Avamar Server Software (currently 19.3/19.4) and SLES OS releases (currently SLES12SP5). It is recommended that all other customers continue to use the standard quarterly security updates which support multiple Avamar releases running on multiple SLES versions. ...

Article Content


Impact

Critical

Details

This security patch is a set of security updates for various third-party software components installed on the Avamar and NetWorker nodes. The patch addresses multiple security vulnerabilities in those components. The patch applies to all Avamar and NetWorker products running on the SLES platforms listed above. The products include Avamar single-node servers, multi-node servers, accelerator nodes, Avamar Virtual Edition systems, Avamar VMware Image Proxy, and NetWorker Virtual Edition systems.

This security patch also updates Java JRE to version 8u281 for Avamar Server 19.3/19.4, Avamar Proxy 19.4, Dell EMC Avamar NDMP Accelerator 19.3/19.4, and NetWorker Virtual Edition 19.4.

This security patch also updates Tomcat to version 8.5.61 for Avamar Server 19.3/19.4.

Read more in the Release Notes:
https://dl.dell.com/content/docu99691_Avamar_Platform_OS_Security_Patch_Rollup_2020R4plus_Release_Notes.pdf?language=en_US

Read and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact Dell EMC Software Technical Support at 1-877-534-2867.
This security patch is a set of security updates for various third-party software components installed on the Avamar and NetWorker nodes. The patch addresses multiple security vulnerabilities in those components. The patch applies to all Avamar and NetWorker products running on the SLES platforms listed above. The products include Avamar single-node servers, multi-node servers, accelerator nodes, Avamar Virtual Edition systems, Avamar VMware Image Proxy, and NetWorker Virtual Edition systems.

This security patch also updates Java JRE to version 8u281 for Avamar Server 19.3/19.4, Avamar Proxy 19.4, Dell EMC Avamar NDMP Accelerator 19.3/19.4, and NetWorker Virtual Edition 19.4.

This security patch also updates Tomcat to version 8.5.61 for Avamar Server 19.3/19.4.

Read more in the Release Notes:
https://dl.dell.com/content/docu99691_Avamar_Platform_OS_Security_Patch_Rollup_2020R4plus_Release_Notes.pdf?language=en_US

Read and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact Dell EMC Software Technical Support at 1-877-534-2867.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVE(s) Addressed  Product Affected Version(s) Updated Version(s) Link to Update
See Release Notes Dell EMC Avamar
  • Dell EMC Avamar Server hardware appliance Gen4S/Gen4T with version 19.3/19.4 running SUSE Linux Enterprise 12 SP5
  • Dell EMC Avamar Virtual Edition versions 19.3/19.4 running SUSE Linux Enterprise 12 SP5 (including Azure and AWS deployments)
  • Dell EMC Avamar NDMP Accelerator 19.3/19.4 running SUSE Linux Enterprise 12 SP5
  • Dell EMC Avamar VMware Image Proxy versions 19.4 running SUSE Linux Enterprise 12 SP5
Apply the platform security patch to Avamar software version and NetWorker Virtual Edition. The following platform security patch packages are now available to be installed:
The Security Update for Avamar Virtual Edition and NetWorker Virtual Edition is customer installable. Refer to “link to remedies” for download and installation instructions.

The installation process involves shutting down the server software, rebooting all the nodes, and restarting the server software, and so appropriate time needs to be scheduled and allocated to perform this full process.

Dell EMC strongly recommends all customers upgrade at the earliest opportunity.
To schedule platform security patch installation, or to upgrade your server, contact Dell EMC Customer Support at https://support.emc.com/.
Refer to the following KB Articles for Security Update (Rollup) Installation instructions:

KB article 169784: Avamar Virtual Edition: How to Install the Avamar Platform Security Rollup     

KB article
Customer on NVE v19.4 to refer the KBs listed below before applying the security patch rollup detailed in the DSA.

KB article 185883 NVE : SSH access fails after failed NvePlatformOsRollup_2020-R4plus-v6 installation

KB article 184726 NVE: NvePlatformOsRollup_2020-R4plus-v6 fails at 45% "Install Operating System Patches with Selected SuSE RPMs (9 of 18) Failed"

52627: NetWorker Virtual Edition (NVE) : How to Install the Platform Security Rollup 

KB article 77959: Avamar Server, Avamar Proxy, Avamar NDMP Accelerator: How to install the Avamar Platform Security Rollup from the command line   

KB article 174844: Avamar: How to Upgrade Avamar Security Rollup for Proxy starting 19.1
Dell EMC NetWorker Virtual Edition (NVE)
  • Dell EMC NetWorker Virtual Edition (NVE) versions 19.4 running SUSE Linux Enterprise 12 SP5
  Dell EMC Integrated Data Protection Appliance
  • Dell EMC Integrated Data Protection Appliance (IDPA) 2.6.
    & 2.6.1

Note:
The CVEs remedied by this security update are listed in the Release Notes. The Release Notes list not only the new CVEs remedied by this update, but all the past CVEs included in this cumulative update.
CVE(s) Addressed  Product Affected Version(s) Updated Version(s) Link to Update
See Release Notes Dell EMC Avamar
  • Dell EMC Avamar Server hardware appliance Gen4S/Gen4T with version 19.3/19.4 running SUSE Linux Enterprise 12 SP5
  • Dell EMC Avamar Virtual Edition versions 19.3/19.4 running SUSE Linux Enterprise 12 SP5 (including Azure and AWS deployments)
  • Dell EMC Avamar NDMP Accelerator 19.3/19.4 running SUSE Linux Enterprise 12 SP5
  • Dell EMC Avamar VMware Image Proxy versions 19.4 running SUSE Linux Enterprise 12 SP5
Apply the platform security patch to Avamar software version and NetWorker Virtual Edition. The following platform security patch packages are now available to be installed:
The Security Update for Avamar Virtual Edition and NetWorker Virtual Edition is customer installable. Refer to “link to remedies” for download and installation instructions.

The installation process involves shutting down the server software, rebooting all the nodes, and restarting the server software, and so appropriate time needs to be scheduled and allocated to perform this full process.

Dell EMC strongly recommends all customers upgrade at the earliest opportunity.
To schedule platform security patch installation, or to upgrade your server, contact Dell EMC Customer Support at https://support.emc.com/.
Refer to the following KB Articles for Security Update (Rollup) Installation instructions:

KB article 169784: Avamar Virtual Edition: How to Install the Avamar Platform Security Rollup     

KB article
Customer on NVE v19.4 to refer the KBs listed below before applying the security patch rollup detailed in the DSA.

KB article 185883 NVE : SSH access fails after failed NvePlatformOsRollup_2020-R4plus-v6 installation

KB article 184726 NVE: NvePlatformOsRollup_2020-R4plus-v6 fails at 45% "Install Operating System Patches with Selected SuSE RPMs (9 of 18) Failed"

52627: NetWorker Virtual Edition (NVE) : How to Install the Platform Security Rollup 

KB article 77959: Avamar Server, Avamar Proxy, Avamar NDMP Accelerator: How to install the Avamar Platform Security Rollup from the command line   

KB article 174844: Avamar: How to Upgrade Avamar Security Rollup for Proxy starting 19.1
Dell EMC NetWorker Virtual Edition (NVE)
  • Dell EMC NetWorker Virtual Edition (NVE) versions 19.4 running SUSE Linux Enterprise 12 SP5
  Dell EMC Integrated Data Protection Appliance
  • Dell EMC Integrated Data Protection Appliance (IDPA) 2.6.
    & 2.6.1

Note:
The CVEs remedied by this security update are listed in the Release Notes. The Release Notes list not only the new CVEs remedied by this update, but all the past CVEs included in this cumulative update.

Workarounds and Mitigations

None

Revision History

Revision

Date

Description

1.0

2021-02-18

Initial Release

Related Information


Article Properties


Affected Product

Avamar, Avamar Server, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software, NetWorker, Product Security Information

Last Published Date

04 Nov 2021

Version

4

Article Type

Dell Security Advisory