Article Number: 000183192


DSA-2021-039: Dell EMC Avamar and NetWorker Security Update for Multiple Components

Summary: The 2020 R4plus OS Security Update addresses multiple third-party components within the listed Dell Avamar products that require a security update to address various vulnerabilities. See more

Article Content


Impact

Critical

Details
This security patch is a set of security updates for various third-party software components installed on the Avamar and NetWorker nodes. The patch addresses multiple security vulnerabilities in those components. The patch applies to all Avamar and NetWorker products running on the SLES platforms listed above. The products include Avamar single-node servers, multi-node servers, accelerator nodes, Avamar Virtual Edition systems, Avamar VMware Image Proxy, and NetWorker Virtual Edition systems.

This security patch also updates Java JRE to version 8u281 for Avamar Server 19.3/19.4, Avamar Proxy 19.4, Dell EMC Avamar NDMP Accelerator 19.3/19.4, and NetWorker Virtual Edition 19.4.

This security patch also updates Tomcat to version 8.5.61 for Avamar Server 19.3/19.4.

Read more in the Release Notes:
https://dl.dell.com/content/docu99691_Avamar_Platform_OS_Security_Patch_Rollup_2020R4plus_Release_Notes.pdf?language=en_US

Read and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact Dell EMC Software Technical Support at 1-877-534-2867.
This security patch is a set of security updates for various third-party software components installed on the Avamar and NetWorker nodes. The patch addresses multiple security vulnerabilities in those components. The patch applies to all Avamar and NetWorker products running on the SLES platforms listed above. The products include Avamar single-node servers, multi-node servers, accelerator nodes, Avamar Virtual Edition systems, Avamar VMware Image Proxy, and NetWorker Virtual Edition systems.

This security patch also updates Java JRE to version 8u281 for Avamar Server 19.3/19.4, Avamar Proxy 19.4, Dell EMC Avamar NDMP Accelerator 19.3/19.4, and NetWorker Virtual Edition 19.4.

This security patch also updates Tomcat to version 8.5.61 for Avamar Server 19.3/19.4.

Read more in the Release Notes:
https://dl.dell.com/content/docu99691_Avamar_Platform_OS_Security_Patch_Rollup_2020R4plus_Release_Notes.pdf?language=en_US

Read and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact Dell EMC Software Technical Support at 1-877-534-2867.

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation
CVE(s) Addressed  Product Affected Version(s) Updated Version(s) Link to Update
See Release Notes Dell EMC Avamar
  • Dell EMC Avamar Server hardware appliance Gen4S/Gen4T with version 19.3/19.4 running SUSE Linux Enterprise 12 SP5
  • Dell EMC Avamar Virtual Edition versions 19.3/19.4 running SUSE Linux Enterprise 12 SP5 (including Azure and AWS deployments)
  • Dell EMC Avamar NDMP Accelerator 19.3/19.4 running SUSE Linux Enterprise 12 SP5
  • Dell EMC Avamar VMware Image Proxy versions 19.4 running SUSE Linux Enterprise 12 SP5
Apply the platform security patch to Avamar software version and NetWorker Virtual Edition. The following platform security patch packages are now available to be installed:
The Security Update for Avamar Virtual Edition and NetWorker Virtual Edition is customer installable. Refer to “link to remedies” for download and installation instructions.

The installation process involves shutting down the server software, rebooting all the nodes, and restarting the server software, and so appropriate time needs to be scheduled and allocated to perform this full process.

Dell EMC strongly recommends all customers upgrade at the earliest opportunity.
To schedule platform security patch installation, or to upgrade your server, contact Dell EMC Customer Support at https://support.emc.com/.
Refer to the following KB Articles for Security Update (Rollup) Installation instructions:
KB article 169784: Avamar Virtual Edition: How to Install the Avamar Platform Security Rollup     

KB article 52627: NetWorker Virtual Edition (NVE) : How to Install the Platform Security Rollup 

KB article 77959: Avamar Server, Avamar Proxy, Avamar NDMP Accelerator: How to install the Avamar Platform Security Rollup from the command line   

KB article 174844: Avamar: How to Upgrade Avamar Security Rollup for Proxy starting 19.1
Dell EMC NetWorker Virtual Edition (NVE)
  • Dell EMC NetWorker Virtual Edition (NVE) versions 19.4 running SUSE Linux Enterprise 12 SP5
  Dell EMC Integrated Data Protection Appliance
  • Dell EMC Integrated Data Protection Appliance (IDPA) 2.6.
    & 2.6.1

Note:
The CVEs remedied by this security update are listed in the Release Notes. The Release Notes list not only the new CVEs remedied by this update, but all the past CVEs included in this cumulative update.
CVE(s) Addressed  Product Affected Version(s) Updated Version(s) Link to Update
See Release Notes Dell EMC Avamar
  • Dell EMC Avamar Server hardware appliance Gen4S/Gen4T with version 19.3/19.4 running SUSE Linux Enterprise 12 SP5
  • Dell EMC Avamar Virtual Edition versions 19.3/19.4 running SUSE Linux Enterprise 12 SP5 (including Azure and AWS deployments)
  • Dell EMC Avamar NDMP Accelerator 19.3/19.4 running SUSE Linux Enterprise 12 SP5
  • Dell EMC Avamar VMware Image Proxy versions 19.4 running SUSE Linux Enterprise 12 SP5
Apply the platform security patch to Avamar software version and NetWorker Virtual Edition. The following platform security patch packages are now available to be installed:
The Security Update for Avamar Virtual Edition and NetWorker Virtual Edition is customer installable. Refer to “link to remedies” for download and installation instructions.

The installation process involves shutting down the server software, rebooting all the nodes, and restarting the server software, and so appropriate time needs to be scheduled and allocated to perform this full process.

Dell EMC strongly recommends all customers upgrade at the earliest opportunity.
To schedule platform security patch installation, or to upgrade your server, contact Dell EMC Customer Support at https://support.emc.com/.
Refer to the following KB Articles for Security Update (Rollup) Installation instructions:
KB article 169784: Avamar Virtual Edition: How to Install the Avamar Platform Security Rollup     

KB article 52627: NetWorker Virtual Edition (NVE) : How to Install the Platform Security Rollup 

KB article 77959: Avamar Server, Avamar Proxy, Avamar NDMP Accelerator: How to install the Avamar Platform Security Rollup from the command line   

KB article 174844: Avamar: How to Upgrade Avamar Security Rollup for Proxy starting 19.1
Dell EMC NetWorker Virtual Edition (NVE)
  • Dell EMC NetWorker Virtual Edition (NVE) versions 19.4 running SUSE Linux Enterprise 12 SP5
  Dell EMC Integrated Data Protection Appliance
  • Dell EMC Integrated Data Protection Appliance (IDPA) 2.6.
    & 2.6.1

Note:
The CVEs remedied by this security update are listed in the Release Notes. The Release Notes list not only the new CVEs remedied by this update, but all the past CVEs included in this cumulative update.
Workarounds and Mitigations

None

Revision History

Revision

Date

Description

1.0

2021-02-18

Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


The information in this Dell Technologies Security Advisory should be read and used to assist in avoiding situations that may arise from the problems described herein. Dell Technologies distributes Security Advisories to bring important security information to the attention of users of the affected product(s). Dell Technologies assesses the risk based on an average of risks across a diverse set of installed systems and may not represent the actual risk to your local installation and individual environment. It is recommended that all users determine the applicability of this information to their individual environments and take appropriate actions. The information set forth herein is provided "as is" without warranty of any kind. Dell Technologies expressly disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Dell Technologies, its affiliates or suppliers, be liable for any damages whatsoever arising from or related to the information contained herein or actions that you decide to take based thereon, including any direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell Technologies, its affiliates or suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation shall apply to the extent permissible under law.

Article Properties


Affected Product

Avamar, NetWorker, Product Security Information

Last Published Date

20 Feb 2021

Version

1

Article Type

Dell Security Advisory

Rate This Article


Accurate
Useful
Easy to Understand
Was this article helpful?

0/3000 characters