DSA-2021-141: Dell Avamar and NetWorker Security Update for Multiple Components

概要: The 2021 R1plus operating system Security Update addresses multiple third-party components within the listed Dell Avamar and NetWorker products that require a security update to address various vulnerabilities. This is a cumulative update that includes vulnerabilities that are addressed in previous updates and new vulnerabilities. The "plus" operating system Security Updates are only supported on the most recent Avamar Server Software versions (currently 19.3 or 19.4) and SLES operating system releases (currently SLES12SP5). It is recommended that all other customers continue to use the standard quarterly security updates which support multiple Avamar releases running on multiple SLES versions. ...

この記事は次に適用されます: この記事は次には適用されません: この記事は、特定の製品に関連付けられていません。 すべての製品パージョンがこの記事に記載されているわけではありません。
他のリソースを確認する

影響

Critical

詳細

This security patch is a set of security updates for various third-party software components that are installed on the Avamar and NetWorker nodes. The patch addresses multiple security vulnerabilities in those components. The patch applies to all Avamar and NetWorker products running on the SLES platforms listed. The products include Avamar single-node servers, multinode servers, accelerator nodes, Avamar Virtual Edition systems, Avamar VMware Image Proxy, and NetWorker Virtual Edition systems.

This security patch also updates Java JRE to version 8u291 for Avamar Server 19.3 or 19.4, Avamar Proxy 19.4, Dell Avamar NDMP Accelerator 19.3 or 19.4, and NetWorker Virtual Edition 19.4.

This security patch also updates Apache Tomcat to version 8.5.66 for Avamar Server 19.3 or 19.4.

Read more in the Release Notes:
https://dl.dell.com/content/docu104902_avamar-platform-os-security-patch-rollup-2021r1plus-release-notes.pdf?language=en_us.
This security patch is a set of security updates for various third-party software components that are installed on the Avamar and NetWorker nodes. The patch addresses multiple security vulnerabilities in those components. The patch applies to all Avamar and NetWorker products running on the SLES platforms listed. The products include Avamar single-node servers, multinode servers, accelerator nodes, Avamar Virtual Edition systems, Avamar VMware Image Proxy, and NetWorker Virtual Edition systems.

This security patch also updates Java JRE to version 8u291 for Avamar Server 19.3 or 19.4, Avamar Proxy 19.4, Dell Avamar NDMP Accelerator 19.3 or 19.4, and NetWorker Virtual Edition 19.4.

This security patch also updates Apache Tomcat to version 8.5.66 for Avamar Server 19.3 or 19.4.

Read more in the Release Notes:
https://dl.dell.com/content/docu104902_avamar-platform-os-security-patch-rollup-2021r1plus-release-notes.pdf?language=en_us.
デル・テクノロジーズでは、すべてのお客様に対して、CVSSベース スコアに加えて、特定のセキュリティの脆弱性に付随する潜在的な重要度に影響する可能性のある現状スコアや環境スコアも考慮することをお勧めしています。

影響を受ける製品と修復

CVEs Addressed Product Affected Versions Updated Versions Link to Update
See Release Notes
 		 Dell Avamar
  • Dell Avamar Server hardware appliance Gen4S/Gen4T with versions 19.3 or 19.4 running SUSE Linux Enterprise 12 SP5
  • Dell Avamar Virtual Edition versions 19.3 or 19.4 running SUSE Linux Enterprise 12 SP5 (including Azure and AWS deployments)
  • Dell Avamar NDMP Accelerator versions 19.3 or 19.4 running SUSE Linux Enterprise 12 SP5
  • Dell Avamar VMware Image Proxy versions 19.4 running SUSE Linux Enterprise 12 SP5
 Apply the platform security patch to Avamar software version and NetWorker Virtual Edition. The following platform security patch packages are now available to be installed:
The Security Update for Avamar Virtual Edition and NetWorker Virtual Edition is customer installable. See “link to remedies” for download and installation instructions.

The installation process requires shutting down the server software, rebooting all the nodes, and restarting the server software. Appropriate time must be scheduled and allocated to perform this process.

Dell strongly recommends all customers upgrade at the earliest opportunity.		 To schedule platform security patch installation, or to upgrade your server, contact Dell Customer Support at https://www.dell.com/support/home/en-us.

See the following KB Articles for Security Update (Rollup) Installation instructions:
Dell NetWorker Virtual Edition (NVE)
  • Dell NetWorker Virtual Edition (NVE) versions 19.4 running SUSE Linux Enterprise 12 SP5
  Dell PowerProtect DP Series Appliance or Dell Integrated Data Protection Appliance (IDPA)
  • Dell PowerProtect DP Series Appliance or Dell Integrated Data Protection Appliance (IDPA) versions 2.6 or 2.6.1
CVEs Addressed Product Affected Versions Updated Versions Link to Update
See Release Notes
 		 Dell Avamar
  • Dell Avamar Server hardware appliance Gen4S/Gen4T with versions 19.3 or 19.4 running SUSE Linux Enterprise 12 SP5
  • Dell Avamar Virtual Edition versions 19.3 or 19.4 running SUSE Linux Enterprise 12 SP5 (including Azure and AWS deployments)
  • Dell Avamar NDMP Accelerator versions 19.3 or 19.4 running SUSE Linux Enterprise 12 SP5
  • Dell Avamar VMware Image Proxy versions 19.4 running SUSE Linux Enterprise 12 SP5
 Apply the platform security patch to Avamar software version and NetWorker Virtual Edition. The following platform security patch packages are now available to be installed:
The Security Update for Avamar Virtual Edition and NetWorker Virtual Edition is customer installable. See “link to remedies” for download and installation instructions.

The installation process requires shutting down the server software, rebooting all the nodes, and restarting the server software. Appropriate time must be scheduled and allocated to perform this process.

Dell strongly recommends all customers upgrade at the earliest opportunity.		 To schedule platform security patch installation, or to upgrade your server, contact Dell Customer Support at https://www.dell.com/support/home/en-us.

See the following KB Articles for Security Update (Rollup) Installation instructions:
Dell NetWorker Virtual Edition (NVE)
  • Dell NetWorker Virtual Edition (NVE) versions 19.4 running SUSE Linux Enterprise 12 SP5
  Dell PowerProtect DP Series Appliance or Dell Integrated Data Protection Appliance (IDPA)
  • Dell PowerProtect DP Series Appliance or Dell Integrated Data Protection Appliance (IDPA) versions 2.6 or 2.6.1

関連情報

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

法的免責事項

対象製品

Avamar, Avamar Data Store Gen4S, Avamar Data Store Gen4T, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software, NetWorker , Product Security Information ...
文書のプロパティ
文書番号: 000189404
文書の種類: Dell Security Advisory
最終更新: 06 12月 2024
質問に対する他のDellユーザーからの回答を見つける
サポート サービス
お使いのデバイスがサポート サービスの対象かどうかを確認してください。