Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000219029

DSA-2023-410: Security Update for Dell Avamar, Dell NetWorker Virtual Edition (NVE) and Dell PowerProtect DP Series Appliance / Dell Integrated Data Protection Appliance (IDPA) Security Update for Multiple Vulnerabilities

Summary: Dell Avamar, Dell NetWorker Virtual Edition (NVE) and Dell PowerProtect DP Series Appliance /Integrated Data Protection Appliance (IDPA) remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system. ...

Article Content

Impact

Critical

Details

Third-Party Component CVEs More Information
JRE-8u381 CVE-2023-22043, CVE-2023-22045, CVE-2023-22049 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
TOMCAT-8.5.89 CVE-2023-34981 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
BIND CVE-2023-2828 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
curl CVE-2023-32001 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
c-ares CVE-2022-4904 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
D-Bus CVE-2023-34969 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
gawk CVE-2023-4156 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Artifex Ghostscript CVE-2023-36664, CVE-2020-16305, CVE-2023-38559 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
python-configobj CVE-2023-26112 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Intel(R) Processors CVE-2022-40982, CVE-2023-1637 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Intel(R) Xeon(R) Processors CVE-2022-41804 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
3rd Generation Intel(R) Xeon(R) Scalable processors CVE-2023-23908 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
ImageMagick CVE-2023-3195, CVE-2023-3745 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Linux kernel CVE-2023-0459, CVE-2023-1077, CVE-2023-1079, CVE-2023-1249, CVE-2023-2985, CVE-2023-3090, CVE-2023-3111, CVE-2023-3141, CVE-2023-3159, CVE-2023-3161, CVE-2023-3268, CVE-2023-3358, CVE-2023-35001, CVE-2023-3567, CVE-2023-35824, CVE-2023-3609, CVE-2023-3611, CVE-2023-3776 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Bluetooth CVE-2023-2002 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
AMD CPUs CVE-2023-20569 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Zen 2 CPUs CVE-2023-20593 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
MIT Kerberos 5 CVE-2023-36054 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libcap CVE-2023-2603 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
OpenSSL CVE-2023-3446, CVE-2023-3817 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
PostgreSQL CVE-2023-39417, CVE-2023-39418, CVE-2023-4016 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
OpenSSH  CVE-2023-38408 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Perl CVE-2023-31484 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Samba CVE-2022-2127, CVE-2023-34966, CVE-2023-34967, CVE-2023-34968 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
vim CVE-2023-1264, CVE-2023-1355, CVE-2023-2426, CVE-2023-2609, CVE-2023-2610 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Wget CVE-2010-2252, CVE-2014-4877, CVE-2016-4971, CVE-2016-7098, CVE-2017-13089, CVE-2017-13090, CVE-2017-6508, CVE-2018-0494, CVE-2019-5953 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs Addressed  Product Affected Versions Updated Versions Link
Multiple Third-Party Components
See Release Notes		 Dell Avamar Server Hardware Appliance Gen4T, Gen5A Version 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 Version 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2023R3 AvPlatformOsRollup_2023-R3-v4.avp          
Multiple Third-Party Components
See Release Notes		 Dell Avamar Virtual Edition Version 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 (including Azure and AWS deployments) Version 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 (including Azure and AWS deployments) with the latest OS Security Rollup 2023R3 AvPlatformOsRollup_2023-R3-v4.avp               
Multiple Third-Party Components
See Release Notes		 Dell Avamar NDMP Accelerator Version 19.4 running SUSE Linux Enterprise 12 SP4 Version 19.4 running SUSE Linux Enterprise 12 SP4 with the latest OS Security Rollup 2023R3 AvPlatformOsRollup_2023-R3-v4.avp
Multiple Third-Party Components
See Release Notes		 Dell Avamar NDMP Accelerator Version 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 Version 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2023R3 AvPlatformOsRollup_2023-R3-v4.avp
Multiple Third-Party Components
See Release Notes		 Dell Avamar VMware Image Proxy  Version 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 Version 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2023R3
 		 Avamar Proxy Bundle 2023-R3-v4.avp
 
Multiple Third-Party Components
See Release Notes		 Dell NetWorker Virtual Edition (NVE) Versions 19.4.x, 19.5.x, 19.6.x, 19.7.x, 19.8.x, 19.9.x running SUSE Linux Enterprise 12 SP5 Versions 19.4, 19.5, 19.6, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2023R3 NvePlatformOsRollup_2023-R3-v4.avp
Multiple Third-Party Components
See Release Notes		 Dell PowerProtect DP Series Appliance / Dell Integrated Data Protection Appliance (IDPA) Version 2.6.x, 2.7.x running on SLES12SP5 Version 2.7.2 (non DP4400) or 2.7.4 (for DP4400) with the latest OS Security Rollup 2023R3 AvPlatformOsRollup_2023-R3-v4.avp               
CVEs Addressed  Product Affected Versions Updated Versions Link
Multiple Third-Party Components
See Release Notes		 Dell Avamar Server Hardware Appliance Gen4T, Gen5A Version 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 Version 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2023R3 AvPlatformOsRollup_2023-R3-v4.avp          
Multiple Third-Party Components
See Release Notes		 Dell Avamar Virtual Edition Version 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 (including Azure and AWS deployments) Version 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 (including Azure and AWS deployments) with the latest OS Security Rollup 2023R3 AvPlatformOsRollup_2023-R3-v4.avp               
Multiple Third-Party Components
See Release Notes		 Dell Avamar NDMP Accelerator Version 19.4 running SUSE Linux Enterprise 12 SP4 Version 19.4 running SUSE Linux Enterprise 12 SP4 with the latest OS Security Rollup 2023R3 AvPlatformOsRollup_2023-R3-v4.avp
Multiple Third-Party Components
See Release Notes		 Dell Avamar NDMP Accelerator Version 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 Version 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2023R3 AvPlatformOsRollup_2023-R3-v4.avp
Multiple Third-Party Components
See Release Notes		 Dell Avamar VMware Image Proxy  Version 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 Version 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2023R3
 		 Avamar Proxy Bundle 2023-R3-v4.avp
 
Multiple Third-Party Components
See Release Notes		 Dell NetWorker Virtual Edition (NVE) Versions 19.4.x, 19.5.x, 19.6.x, 19.7.x, 19.8.x, 19.9.x running SUSE Linux Enterprise 12 SP5 Versions 19.4, 19.5, 19.6, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2023R3 NvePlatformOsRollup_2023-R3-v4.avp
Multiple Third-Party Components
See Release Notes		 Dell PowerProtect DP Series Appliance / Dell Integrated Data Protection Appliance (IDPA) Version 2.6.x, 2.7.x running on SLES12SP5 Version 2.7.2 (non DP4400) or 2.7.4 (for DP4400) with the latest OS Security Rollup 2023R3 AvPlatformOsRollup_2023-R3-v4.avp               

Revision History

Revision DateDescription
1.02023-10-30Initial Release
2.02023-10-31Updated the Security Advisory with the Correct "Link" under "Affected Products and Remediation" section

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Information

Article Properties

Affected Product
Avamar, NetWorker Family, PowerProtect Data Manager Appliance, Avamar, Avamar Data Store, Avamar Data Store Gen3, Avamar Data Store Gen4, Avamar Data Store Gen4S, Avamar Data Store Gen4T, Avamar Data Store Gen5A, Avamar Server, Avamar Virtual Edition , PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software, NetWorker Series, NetWorker Module, Product Security Information ...
Last Published Date

06 Nov 2023

Version

5

Article Type

Dell Security Advisory

Back to Top