DSA-2019-201: Dell Avamar and NetWorker Security Update for Multiple Third Component Vulnerabilities

Resumen: Multiple components within Dell Avamar and NetWorker require a security update to address various vulnerabilities.

Este artículo se aplica a Este artículo no se aplica a Este artículo no está vinculado a ningún producto específico. No se identifican todas las versiones del producto en este artículo.
Consulte estos recursos

Impacto

Critical

Detalles

Summary:    

Multiple components within Dell Avamar and NetWorker require a security update to address various vulnerabilities.

Note:   
The CVEs addressed by this security update are listed in the Release Notes. The Release Notes list not only the new CVEs addressed by this update, but all the past CVEs in this cumulative update
For Dell Avamar Servers running SUSE Linux Enterprise 11 SP1 or SP3, that the OS versions are end of life, the security update only addresses CVEs which SUSE addresses and updates some third party packages, such as JRE and Tomcat. It is recommended to upgrade Avamar servers to SUSE Linux Enterprise 11 SP4 prior to applying the OS Security Update.

This security patch is security updates for various third-party software components installed on the Avamar and NetWorker nodes. The patch addresses multiple security vulnerabilities in those components. The patch applies to all Avamar and NetWorker Products running on the SLES platforms listed above. The products include Avamar single-node servers, multi-node servers, accelerator nodes, Avamar Virtual Edition systems, NetWorker Virtual Edition systems, Avamar Combined Proxy, Avamar Plug-in for vCloud Director.

This security patch also updates Java JRE to version 8u231 for Avamar Server 7.3 and later, Avamar Proxy 7.5.0 and later, NetWorker Virtual Edition 9.0 and later, Dell vCloud Director Data Protection Extension versions 2.0.4 (Deprecated since 2019 R4) and later, Dell Avamar NDMP Accelerator 7.3 and later.

This security patch also updates Tomcat to version 8.5.46 for Avamar Server 7.3 and later.

See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
This security patch is security updates for various third-party software components installed on the Avamar and NetWorker nodes. The patch addresses multiple security vulnerabilities in those components. The patch applies to all Avamar and NetWorker Products running on the SLES platforms listed above. The products include Avamar single-node servers, multi-node servers, accelerator nodes, Avamar Virtual Edition systems, NetWorker Virtual Edition systems, Avamar Combined Proxy, Avamar Plug-in for vCloud Director.

This security patch also updates Java JRE to version 8u231 for Avamar Server 7.3 and later, Avamar Proxy 7.5.0 and later, NetWorker Virtual Edition 9.0 and later, Dell vCloud Director Data Protection Extension versions 2.0.4 (Deprecated since 2019 R4) and later, Dell Avamar NDMP Accelerator 7.3 and later.

This security patch also updates Tomcat to version 8.5.46 for Avamar Server 7.3 and later.

See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
Dell Technologies recomienda que todos los clientes tengan en cuenta tanto la puntuación base como cualquier otra puntuación ambiental y temporal relevante que pueda afectar la posible gravedad asociada con la vulnerabilidad de seguridad en particular.

Corrección y productos afectados

Affected products:     

  • Dell Avamar Server hardware appliance Gen4S with versions 7.3 and later running SUSE Linux Enterprise 11 SP1

  • Dell Avamar Server hardware appliance Gen4T with versions 7.3 and later running SUSE Linux Enterprise 11 SP3

  • Dell Avamar Server hardware appliance Gen4S or Gen4T with versions 7.3 and later running SUSE Linux Enterprise 11 SP4

  • Dell Avamar Virtual Edition versions 7.3 and later running SUSE Linux Enterprise 11 SP3

  • Dell Avamar Virtual Edition versions 7.3 and later running SUSE Linux Enterprise 11 SP4 (including Azure and AWS deployments since 7.5.1)

  • Dell Avamar Virtual Edition versions 19.2 and later running SUSE Linux Enterprise 12 SP4 (including Azure and AWS deployments)

  • Dell Avamar NDMP Accelerator 7.3 and later running SUSE Linux Enterprise 11 SP1, SP3, and SUSE Linux Enterprise 12 SP4

  • Dell Avamar VMware Image Proxy versions 7.3 and later running SUSE Linux Enterprise 11 SP1 or SUSE Linux Enterprise 11 SP3

  • Dell Avamar VMware Image Proxy versions 7.5.1 and later running SUSE Linux Enterprise 12 SP1

  • Dell NetWorker Virtual Edition (NVE) versions 9.0.x, 9.1.x, 9.2.x, and 18.x and later running SUSE Linux Enterprise 11 SP3 or SP4

  • Dell vCloud Director Data Protection Extension versions 2.0.3 and later running SUSE Linux Enterprise 11 SP3

  • Dell Integrated Data Protection Appliance (IDPA) 2.0, 2.1, 2.2, 2.3, and 2.4



Resolution:     
Apply the platform security patch to Avamar software version 7.3 and later and NetWorker Virtual Edition. The following platform security patch packages are now available to be installed:

Avamar SW:     


SLES11 SP3 or SP4 NVE:      

The Security Update for Avamar Virtual Edition and NetWorker Virtual Edition is customer installable. See Link to Remedies below for download and installation instructions.

Installation for all other Avamar affected products should be performed by qualified Avamar Support Engineers.

The installation process requires shutting down the server software, rebooting all the nodes, and restarting the server software, and so appropriate time must be scheduled and allocated to perform this full process.

Dell strongly recommends that all customers upgrade at the earliest opportunity.

To schedule platform security patch installation, or to upgrade your server, contact Dell Customer Support at https://www.dell.com/support/home/.

See the following Dell articles for Security Update (Rollup) Installation instructions:     

Read more in the Release Notes:     

Affected products:     

  • Dell Avamar Server hardware appliance Gen4S with versions 7.3 and later running SUSE Linux Enterprise 11 SP1

  • Dell Avamar Server hardware appliance Gen4T with versions 7.3 and later running SUSE Linux Enterprise 11 SP3

  • Dell Avamar Server hardware appliance Gen4S or Gen4T with versions 7.3 and later running SUSE Linux Enterprise 11 SP4

  • Dell Avamar Virtual Edition versions 7.3 and later running SUSE Linux Enterprise 11 SP3

  • Dell Avamar Virtual Edition versions 7.3 and later running SUSE Linux Enterprise 11 SP4 (including Azure and AWS deployments since 7.5.1)

  • Dell Avamar Virtual Edition versions 19.2 and later running SUSE Linux Enterprise 12 SP4 (including Azure and AWS deployments)

  • Dell Avamar NDMP Accelerator 7.3 and later running SUSE Linux Enterprise 11 SP1, SP3, and SUSE Linux Enterprise 12 SP4

  • Dell Avamar VMware Image Proxy versions 7.3 and later running SUSE Linux Enterprise 11 SP1 or SUSE Linux Enterprise 11 SP3

  • Dell Avamar VMware Image Proxy versions 7.5.1 and later running SUSE Linux Enterprise 12 SP1

  • Dell NetWorker Virtual Edition (NVE) versions 9.0.x, 9.1.x, 9.2.x, and 18.x and later running SUSE Linux Enterprise 11 SP3 or SP4

  • Dell vCloud Director Data Protection Extension versions 2.0.3 and later running SUSE Linux Enterprise 11 SP3

  • Dell Integrated Data Protection Appliance (IDPA) 2.0, 2.1, 2.2, 2.3, and 2.4



Resolution:     
Apply the platform security patch to Avamar software version 7.3 and later and NetWorker Virtual Edition. The following platform security patch packages are now available to be installed:

Avamar SW:     


SLES11 SP3 or SP4 NVE:      

The Security Update for Avamar Virtual Edition and NetWorker Virtual Edition is customer installable. See Link to Remedies below for download and installation instructions.

Installation for all other Avamar affected products should be performed by qualified Avamar Support Engineers.

The installation process requires shutting down the server software, rebooting all the nodes, and restarting the server software, and so appropriate time must be scheduled and allocated to perform this full process.

Dell strongly recommends that all customers upgrade at the earliest opportunity.

To schedule platform security patch installation, or to upgrade your server, contact Dell Customer Support at https://www.dell.com/support/home/.

See the following Dell articles for Security Update (Rollup) Installation instructions:     

Read more in the Release Notes:     

Soluciones alternativas y mitigaciones

None

Historial de revisiones

Revision

Date

Description

1.0

2019-12-18

Initial Release

1.12021-11-03Updated Product Tagging

Información relacionada

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Descargo de responsabilidad

Productos afectados

Avamar, Avamar Client, Avamar Client for VMware, Avamar Client for Windows, Avamar Data Migration Enabler, Avamar Data Store, Avamar Data Transport, Avamar Desktop/Laptop Option, Avamar Extended Retention, Avamar Media Access Node, Avamar Plug-in , Avamar REST API, Avamar Server, Avamar Virtual Edition, Backup & Recovery Manager Avamar, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software, Multiple Systems Management, NetWorker, OpenStack Data Protection Extension, Product Security Information, vRealize Data Protection Extension for Avamar ...
Propiedades del artículo
Número del artículo: 000153697
Tipo de artículo: Dell Security Advisory
Última modificación: 19 sept 2025
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.