Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000204795


DSA-2022-299: Dell EMC Data Protection Central Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell EMC Data Protection Central remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content


Impact

Critical

Details

SP2-based systems:

SuSE is not distributing updates for SLES 12 SP2 any longer.

SP5-based systems:
 
Third-party Component CVE(s) More Information
curl|7.60.0-11.46.1
libcurl4|7.60.0-11.46.1
CVE-2022-35252 See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
git-core|2.26.2-27.57.1 CVE-2022-29187  
gpg2|2.0.24-9.11.1
gpg2-lang|2.0.24-9.11.1
CVE-2022-34903  
java-1_8_0-openjdk|1.8.0.345-27.78.1
java-1_8_0-openjdk-headless|1.8.0.345-27.78.1
CVE-2022-34169
CVE-2022-21426
CVE-2022-21434
CVE-2022-21443
CVE-2022-21476
CVE-2022-21496
CVE-2022-21540
CVE-2022-21541
 
kernel-default|4.12.14-122.133.1 CVE-2020-36516
CVE-2020-36557
CVE-2020-36558
CVE-2021-33655
CVE-2021-33656
CVE-2021-4203
CVE-2022-1462
CVE-2022-20166
CVE-2022-20368
CVE-2022-20369
CVE-2022-21385
CVE-2022-2588
CVE-2022-26373
CVE-2022-2639
CVE-2022-29154
CVE-2022-29581
CVE-2022-2977
CVE-2022-3028
CVE-2022-36879
CVE-2022-36946
 
libnl-config|3.2.23-4.7.1
libnl1|1.1.4-6.3.1
libnl3-200|3.2.23-4.7.1
CVE-2017-0386  
libjson-c2|0.12.1-4.3.1 CVE-2020-12762  
libcroco-0_6-3|0.6.11-12.6.45 CVE-2020-12825  
libicu52_1|52.1-8.13.1
libicu52_1-data|52.1-8.13.1
CVE-2020-21913  
libp11-kit0|0.23.2-8.10.1
p11-kit|0.23.2-8.10.1
p11-kit-tools|0.23.2-8.10.1
CVE-2020-29362  
libsqlite3-0|3.39.3-9.23.1 CVE-2021-36690
CVE-2022-35737
 
libpcre2-8-0|10.34-1.10.1 CVE-2022-1587  
libncurses5|5.9-78.1
libncurses6|5.9-78.1
ncurses-utils|5.9-78.1
terminfo|5.9-78.1
terminfo-base|5.9-78.1
CVE-2022-29458  
libvmtools0|12.1.0-4.45.1
open-vm-tools|12.1.0-4.45.1
CVE-2022-31676  
libz1|1.2.11-11.22.1 CVE-2022-37434  
perl-HTTP-Daemon|6.01-9.5.1 CVE-2022-31081  
permissions|20170707-6.10.1 CVE-2022-31252  
ucode-intel|20220809-3.46.1 CVE-2022-21233  
unzip|6.00-33.16.1 CVE-2022-0529
CVE-2022-0530
 
SP2-based systems:

SuSE is not distributing updates for SLES 12 SP2 any longer.

SP5-based systems:
 
Third-party Component CVE(s) More Information
curl|7.60.0-11.46.1
libcurl4|7.60.0-11.46.1
CVE-2022-35252 See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
git-core|2.26.2-27.57.1 CVE-2022-29187  
gpg2|2.0.24-9.11.1
gpg2-lang|2.0.24-9.11.1
CVE-2022-34903  
java-1_8_0-openjdk|1.8.0.345-27.78.1
java-1_8_0-openjdk-headless|1.8.0.345-27.78.1
CVE-2022-34169
CVE-2022-21426
CVE-2022-21434
CVE-2022-21443
CVE-2022-21476
CVE-2022-21496
CVE-2022-21540
CVE-2022-21541
 
kernel-default|4.12.14-122.133.1 CVE-2020-36516
CVE-2020-36557
CVE-2020-36558
CVE-2021-33655
CVE-2021-33656
CVE-2021-4203
CVE-2022-1462
CVE-2022-20166
CVE-2022-20368
CVE-2022-20369
CVE-2022-21385
CVE-2022-2588
CVE-2022-26373
CVE-2022-2639
CVE-2022-29154
CVE-2022-29581
CVE-2022-2977
CVE-2022-3028
CVE-2022-36879
CVE-2022-36946
 
libnl-config|3.2.23-4.7.1
libnl1|1.1.4-6.3.1
libnl3-200|3.2.23-4.7.1
CVE-2017-0386  
libjson-c2|0.12.1-4.3.1 CVE-2020-12762  
libcroco-0_6-3|0.6.11-12.6.45 CVE-2020-12825  
libicu52_1|52.1-8.13.1
libicu52_1-data|52.1-8.13.1
CVE-2020-21913  
libp11-kit0|0.23.2-8.10.1
p11-kit|0.23.2-8.10.1
p11-kit-tools|0.23.2-8.10.1
CVE-2020-29362  
libsqlite3-0|3.39.3-9.23.1 CVE-2021-36690
CVE-2022-35737
 
libpcre2-8-0|10.34-1.10.1 CVE-2022-1587  
libncurses5|5.9-78.1
libncurses6|5.9-78.1
ncurses-utils|5.9-78.1
terminfo|5.9-78.1
terminfo-base|5.9-78.1
CVE-2022-29458  
libvmtools0|12.1.0-4.45.1
open-vm-tools|12.1.0-4.45.1
CVE-2022-31676  
libz1|1.2.11-11.22.1 CVE-2022-37434  
perl-HTTP-Daemon|6.01-9.5.1 CVE-2022-31081  
permissions|20170707-6.10.1 CVE-2022-31252  
ucode-intel|20220809-3.46.1 CVE-2022-21233  
unzip|6.00-33.16.1 CVE-2022-0529
CVE-2022-0530
 
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product Affected Version(s) Updated Version(s) Link to Update
Dell EMC Data Protection Central 19.1 19.1 To upgrade your Dell EMC Data Protection Central system, see https://www.dell.com/support/kbdoc/en-us/000034881/data-protection-central-how-to-install-the-data-protection-central-os-update for installation instructions.

See the latest ‘Data Protection Central OS Update’ file in https://www.dell.com/support/home/en-us/product-support/product/data-protection-central/drivers
See the latest ‘Data Protection Central OS Updates Release Notes’ in https://www.dell.com/support/home/en-us/product-support/product/data-protection-central/docs

NOTE: the DPC version number is not updated by the DPC OS Update distribution that provides these fixes. Examine the /etc/dpc-osupdate file to confirm execution of DPC OS Update; this file will contain the line:
version=1.1.10-1
19.2 19.2
19.3 19.3
19.4 19.4
19.5 19.5
19.6 19.6
19.7 19.7
PowerProtect DP Series Appliance 2.5 2.5 To upgrade your PowerProtect DP Series Appliance Dell Data Protection Central component, see Dell article https://www.dell.com/support/kbdoc/en-us/000034881/data-protection-central-how-to-install-the-data-protection-central-os-update for installation instructions.

See the latest ‘Data Protection Central OS Update’ file in https://www.dell.com/support/home/en-us/product-support/product/data-protection-central/drivers
See the latest ‘Data Protection Central OS Updates Release Notes’ in https://www.dell.com/support/home/en-us/product-support/product/data-protection-central/docs

NOTE: The DPC version number is not updated by the DPC OS Update distribution that provides these fixes. Examine the /etc/dpc-osupdate file to confirm execution of DPC OS Update; this file will contain the line:
version=1.1.10-1

 
Product Affected Version(s) Updated Version(s) Link to Update
Dell EMC Data Protection Central 19.1 19.1 To upgrade your Dell EMC Data Protection Central system, see https://www.dell.com/support/kbdoc/en-us/000034881/data-protection-central-how-to-install-the-data-protection-central-os-update for installation instructions.

See the latest ‘Data Protection Central OS Update’ file in https://www.dell.com/support/home/en-us/product-support/product/data-protection-central/drivers
See the latest ‘Data Protection Central OS Updates Release Notes’ in https://www.dell.com/support/home/en-us/product-support/product/data-protection-central/docs

NOTE: the DPC version number is not updated by the DPC OS Update distribution that provides these fixes. Examine the /etc/dpc-osupdate file to confirm execution of DPC OS Update; this file will contain the line:
version=1.1.10-1
19.2 19.2
19.3 19.3
19.4 19.4
19.5 19.5
19.6 19.6
19.7 19.7
PowerProtect DP Series Appliance 2.5 2.5 To upgrade your PowerProtect DP Series Appliance Dell Data Protection Central component, see Dell article https://www.dell.com/support/kbdoc/en-us/000034881/data-protection-central-how-to-install-the-data-protection-central-os-update for installation instructions.

See the latest ‘Data Protection Central OS Update’ file in https://www.dell.com/support/home/en-us/product-support/product/data-protection-central/drivers
See the latest ‘Data Protection Central OS Updates Release Notes’ in https://www.dell.com/support/home/en-us/product-support/product/data-protection-central/docs

NOTE: The DPC version number is not updated by the DPC OS Update distribution that provides these fixes. Examine the /etc/dpc-osupdate file to confirm execution of DPC OS Update; this file will contain the line:
version=1.1.10-1

 

Revision History

RevisionDateDescription
1.02022-10-28Initial Release

Related Information


Article Properties


Affected Product

Data Protection Central, Data Protection Central, Product Security Information

Last Published Date

31 Oct 2022

Version

2

Article Type

Dell Security Advisory