Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000195194


DSA-2022-005: Dell EMC Avamar, Dell EMC NetWorker Virtual Edition, Dell EMC PowerProtect DP Series Appliance, and Dell EMC Integrated Data Protection Appliance Security Update for Multiple Vulnerabilities (OS Security Rollup 2021R3)

Summary: Dell EMC Avamar, Dell EMC NetWorker Virtual Edition (NVE), Dell EMC PowerProtect DP Series Appliance, and Dell EMC Integrated Data Protection Appliance (IDPA) remediation is availableSee more

Article Content


Impact

High

Details

Third-party Component CVEs More Information
Multiple Third-party Components See Release Notes https://dl.dell.com/content/manual17560616-avamar-platform-os-security-patch-rollup-2021r3-release-notes.pdf?language=en-us
Third-party Component CVEs More Information
Multiple Third-party Components See Release Notes https://dl.dell.com/content/manual17560616-avamar-platform-os-security-patch-rollup-2021r3-release-notes.pdf?language=en-us

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs Addressed  Product Affected Versions Updated Versions Link to Update
Multiple Third-party Components
See Release Notes
Dell EMC Avamar Server Hardware Appliance Gen4S or Gen4T Version 19.1 running SUSE Linux Enterprise 11 SP4 Version 19.1 running SUSE Linux Enterprise 11 SP4 with the latest OS Security Rollup 2021R3 AvPlatformOsRollup_2021-R3-v6.avp        
Version 19.2 running SUSE Linux Enterprise 12 SP4 Version 19.2 running SUSE Linux Enterprise 12 SP4 with the latest OS Security Rollup 2021R3
19.3 or 19.4 running SUSE Linux Enterprise 12 SP5 Version 19.3 or 19.4 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2021R3
Dell EMC Avamar Virtual Edition Version 19.1 running SUSE Linux Enterprise 11 SP4 (including Azure and AWS deployments) Version 19.1 running SUSE Linux Enterprise 11 SP4 (including Azure and AWS deployments) with the latest OS Security Rollup 2021R3 AvPlatformOsRollup_2021-R3-v6.avp               
Version 19.2 running SUSE Linux Enterprise 12 SP4 (including Azure and AWS deployments) 19.2 running SUSE Linux Enterprise 12 SP4 (including Azure and AWS deployments) with the latest OS Security Rollup 2021R3
Version 19.3 or 19.4 running SUSE Linux Enterprise 12 SP5 (including Azure and AWS deployments) Version 19.3 or 19.4 running SUSE Linux Enterprise 12 SP5 (including Azure and AWS deployments) with the latest OS Security Rollup 2021R3
Dell EMC Avamar NDMP Accelerator Version 19.1, 19.2, 19.3, or 19.4 running SUSE Linux Enterprise 11 SP4 Version 19.1, 19.2, 19.3, or 19.4 running SUSE Linux Enterprise 11 SP4 with the latest OS Security Rollup 2021R3
Version 19.2, 19.3, or 19.4 running SUSE Linux Enterprise 12 SP4 Version 19.2, 19.3, or 19.4 running SUSE Linux Enterprise 12 SP4 with the latest OS Security Rollup 2021R3
Version 19.3 or 19.4 running SUSE Linux Enterprise 12 SP5 Version 19.3 or 19.4 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2021R3
Dell EMC Avamar VMware Image Proxy Version 19.1 running SUSE Linux Enterprise 12 SP1 Version 19.1 running SUSE Linux Enterprise 12 SP1 with the latest OS Security Rollup 2021R3 Avamar Proxy Bundle 2021-R3-v6
 
Version 19.2 or 19.3 running SUSE Linux Enterprise 12 SP4 Version 19.2 or 19.3 running SUSE Linux Enterprise 12 SP4 with the latest OS Security Rollup 2021R3
Version 19.4 running SUSE Linux SUSE Linux Enterprise 12 SP5 Version 19.4 running SUSE Linux SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2021R3
Dell EMC NetWorker Virtual Edition (NVE) Versions 19.1, 19.2, or 19.3 running SUSE Linux Enterprise 11 SP4 Versions 19.1, 19.2, or 19.3 running SUSE Linux Enterprise 11 SP4 with the latest OS Security Rollup 2021R3 NvePlatformOsRollup_2021-R3-v6.avp
Versions 19.4 or 19.5 running SUSE Linux Enterprise 12 SP5
Note: 2021-R3 OS rollup is integrated with NVE 19.6 and hence need not be explicitly installed.
Versions 19.4 or 19.5 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2021R3
Dell EMC PowerProtect DP Series Appliance / Dell EMC Integrated Data Protection Appliance (IDPA) Dell EMC Integrated Data Protection Appliance (IDPA) 2.3, 2.4.x, 2.5, 2.6.x, 2.7, or 2.7.1 Dell EMC PowerProtect DP Series  2.7.2 (integrated with latest Avamar OS Security Rollup 2021R3) AvPlatformOsRollup_2021-R3-v6.avp             
 
Note:
The CVEs remedied by this security update are listed in the Release Notes. The Release Notes list not only the new CVEs remedied by this update, but all the past CVEs included in this cumulative update.

For Dell EMC Avamar Servers running SUSE Linux Enterprise 11 SP1 or SP3, where the OS versions are end of life, it is recommended to upgrade Avamar servers to SUSE Linux Enterprise 11 SP4 before applying this Security Update. For Avamar Servers version 18.2 and earlier, except IDPA, please upgrade to 19.1 or later version if you want to apply this Security Update.
 
The patch applies to all Avamar and Products running on the SLES platforms listed above. The products include Avamar single-node servers, multi-node servers, accelerator nodes, Avamar Virtual Edition systems, and Avamar Combined Proxy.

This security patch also updates Java JRE to version 8u311 and tomcat to version 8.5.72 for Avamar Server 19.1 and later, Avamar Proxy 19.1 and later, NetWorker Virtual Edition 19.1 and later, IDPA Avamar Server 18.2 and later, or Dell EMC Avamar NDMP Accelerator 19.1 and later.


See the following KB Articles for Security Update (Rollup) Installation instructions: To schedule platform security patch installation, or to upgrade your server, contact Dell EMC Customer Support at https://support.emc.com/.
CVEs Addressed  Product Affected Versions Updated Versions Link to Update
Multiple Third-party Components
See Release Notes
Dell EMC Avamar Server Hardware Appliance Gen4S or Gen4T Version 19.1 running SUSE Linux Enterprise 11 SP4 Version 19.1 running SUSE Linux Enterprise 11 SP4 with the latest OS Security Rollup 2021R3 AvPlatformOsRollup_2021-R3-v6.avp        
Version 19.2 running SUSE Linux Enterprise 12 SP4 Version 19.2 running SUSE Linux Enterprise 12 SP4 with the latest OS Security Rollup 2021R3
19.3 or 19.4 running SUSE Linux Enterprise 12 SP5 Version 19.3 or 19.4 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2021R3
Dell EMC Avamar Virtual Edition Version 19.1 running SUSE Linux Enterprise 11 SP4 (including Azure and AWS deployments) Version 19.1 running SUSE Linux Enterprise 11 SP4 (including Azure and AWS deployments) with the latest OS Security Rollup 2021R3 AvPlatformOsRollup_2021-R3-v6.avp               
Version 19.2 running SUSE Linux Enterprise 12 SP4 (including Azure and AWS deployments) 19.2 running SUSE Linux Enterprise 12 SP4 (including Azure and AWS deployments) with the latest OS Security Rollup 2021R3
Version 19.3 or 19.4 running SUSE Linux Enterprise 12 SP5 (including Azure and AWS deployments) Version 19.3 or 19.4 running SUSE Linux Enterprise 12 SP5 (including Azure and AWS deployments) with the latest OS Security Rollup 2021R3
Dell EMC Avamar NDMP Accelerator Version 19.1, 19.2, 19.3, or 19.4 running SUSE Linux Enterprise 11 SP4 Version 19.1, 19.2, 19.3, or 19.4 running SUSE Linux Enterprise 11 SP4 with the latest OS Security Rollup 2021R3
Version 19.2, 19.3, or 19.4 running SUSE Linux Enterprise 12 SP4 Version 19.2, 19.3, or 19.4 running SUSE Linux Enterprise 12 SP4 with the latest OS Security Rollup 2021R3
Version 19.3 or 19.4 running SUSE Linux Enterprise 12 SP5 Version 19.3 or 19.4 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2021R3
Dell EMC Avamar VMware Image Proxy Version 19.1 running SUSE Linux Enterprise 12 SP1 Version 19.1 running SUSE Linux Enterprise 12 SP1 with the latest OS Security Rollup 2021R3 Avamar Proxy Bundle 2021-R3-v6
 
Version 19.2 or 19.3 running SUSE Linux Enterprise 12 SP4 Version 19.2 or 19.3 running SUSE Linux Enterprise 12 SP4 with the latest OS Security Rollup 2021R3
Version 19.4 running SUSE Linux SUSE Linux Enterprise 12 SP5 Version 19.4 running SUSE Linux SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2021R3
Dell EMC NetWorker Virtual Edition (NVE) Versions 19.1, 19.2, or 19.3 running SUSE Linux Enterprise 11 SP4 Versions 19.1, 19.2, or 19.3 running SUSE Linux Enterprise 11 SP4 with the latest OS Security Rollup 2021R3 NvePlatformOsRollup_2021-R3-v6.avp
Versions 19.4 or 19.5 running SUSE Linux Enterprise 12 SP5
Note: 2021-R3 OS rollup is integrated with NVE 19.6 and hence need not be explicitly installed.
Versions 19.4 or 19.5 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2021R3
Dell EMC PowerProtect DP Series Appliance / Dell EMC Integrated Data Protection Appliance (IDPA) Dell EMC Integrated Data Protection Appliance (IDPA) 2.3, 2.4.x, 2.5, 2.6.x, 2.7, or 2.7.1 Dell EMC PowerProtect DP Series  2.7.2 (integrated with latest Avamar OS Security Rollup 2021R3) AvPlatformOsRollup_2021-R3-v6.avp             
 
Note:
The CVEs remedied by this security update are listed in the Release Notes. The Release Notes list not only the new CVEs remedied by this update, but all the past CVEs included in this cumulative update.

For Dell EMC Avamar Servers running SUSE Linux Enterprise 11 SP1 or SP3, where the OS versions are end of life, it is recommended to upgrade Avamar servers to SUSE Linux Enterprise 11 SP4 before applying this Security Update. For Avamar Servers version 18.2 and earlier, except IDPA, please upgrade to 19.1 or later version if you want to apply this Security Update.
 
The patch applies to all Avamar and Products running on the SLES platforms listed above. The products include Avamar single-node servers, multi-node servers, accelerator nodes, Avamar Virtual Edition systems, and Avamar Combined Proxy.

This security patch also updates Java JRE to version 8u311 and tomcat to version 8.5.72 for Avamar Server 19.1 and later, Avamar Proxy 19.1 and later, NetWorker Virtual Edition 19.1 and later, IDPA Avamar Server 18.2 and later, or Dell EMC Avamar NDMP Accelerator 19.1 and later.


See the following KB Articles for Security Update (Rollup) Installation instructions: To schedule platform security patch installation, or to upgrade your server, contact Dell EMC Customer Support at https://support.emc.com/.
Revision History

RevisionDateDescription
1.02022-01-13Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


The information in this Dell Technologies Security Advisory should be read and used to assist in avoiding situations that may arise from the problems described herein. Dell Technologies distributes Security Advisories to bring important security information to the attention of users of the affected product(s). Dell Technologies assesses the risk based on an average of risks across a diverse set of installed systems and may not represent the actual risk to your local installation and individual environment. It is recommended that all users determine the applicability of this information to their individual environments and take appropriate actions. The information set forth herein is provided "as is" without warranty of any kind. Dell Technologies expressly disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Dell Technologies, its affiliates or suppliers, be liable for any damages whatsoever arising from or related to the information contained herein or actions that you decide to take based thereon, including any direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell Technologies, its affiliates or suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation shall apply to the extent permissible under law.

Article Properties


Affected Product

Avamar, NetWorker Family, Avamar, Avamar Data Store Gen4S, Avamar Data Store Gen4T, Avamar Virtual Edition, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection HardwareAvamar, NetWorker Family, Avamar, Avamar Data Store Gen4S, Avamar Data Store Gen4T, Avamar Virtual Edition, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software, Product Security InformationSee more

Last Published Date

12 Jan 2022

Version

1

Article Type

Dell Security Advisory

Rate This Article


Accurate
Useful
Easy to Understand
Was this article helpful?

0/3000 characters