DSA-2021-093: Dell Data Protection Central Security Update for Multiple Third-Party Component Vulnerabilities

Resumo: Dell Data Protection Central remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Este artigo aplica-se a Este artigo não se aplica a Este artigo não está vinculado a nenhum produto específico. Nem todas as versões do produto estão identificadas neste artigo.
Confira outros recursos

Impacto

Critical

Dados

SP2-based systems

Third-party Component CVEs More Information
bind-libs=9.9.9P1-63.20.1
bind-utils=9.9.9P1-63.20.1		 CVE-2020-8625 See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
glib2-lang=2.48.2-12.22.1
libglib-2_0-0=2.48.2-12.22.1
libgmodule-2_0-0=2.48.2-12.22.1
libgobject-2_0-0=2.48.2-12.22.1		 CVE-2021-27218  
CVE-2021-27219
grub2=2.02-115.59.1
grub2-i386-pc=2.02-115.59.1
grub2-snapper-plugin=2.02-115.59.1
grub2-systemd-sleep-plugin=2.02-115.59.1		 CVE-2021-20225  
CVE-2020-14372
CVE-2020-27749
CVE-2021-20233
CVE-2020-25647
CVE-2020-25632
CVE-2020-27779
kernel-default=4.4.121-92.152.2 CVE-2021-26930  
CVE-2021-26931
CVE-2021-26932
CVE-2020-27786
CVE-2021-3347
CVE-2020-25211
CVE-2020-27673
CVE-2020-27675
CVE-2020-29568
CVE-2020-29569
CVE-2020-0466
CVE-2020-0444
CVE-2020-28374
CVE-2020-36158
CVE-2020-27825
CVE-2020-27068
CVE-2020-0465
CVE-2020-29660
CVE-2020-29661
CVE-2020-27777
CVE-2020-11668
CVE-2019-20934
libldap-2_4-2=2.4.41-18.83.1
openldap2|2.4.41-18.83.1
openldap2-client=2.4.41-18.83.1		 CVE-2020-36230  
CVE-2020-36229
CVE-2020-36228
CVE-2020-36227
CVE-2020-36225
CVE-2020-36224
CVE-2020-36226
CVE-2020-36222
CVE-2020-36221
CVE-2020-36223
CVE-2021-27212
CVE-2020-25709
libopenssl1_0_0=1.0.2j-60.63.1
libowb1_0_0=1.5.0.0-1
openssl|1.0.2j-60.63.1		 CVE-2020-1971  
libpython2_7-1_0=2.7.18-28.67.1
python-base=2.7.18-28.67.1
python-xml=2.7.18-28.67.1		 CVE-2021-23336  
libpython3_4m1_0=3.4.10-25.63.2
python3=3.4.10-25.63.1
python3-base=3.4.10-25.63.2		 CVE-2021-3177  
libstdc++610.2.1+git583-1.3.5 CVE-2020-13844  
perl-XML-Twig=3.44-5.3.1 CVE-2016-9180  


SP5-based systems
Third-party Component CVEs More Information
bind-utils=9.11.22-3.29.1 CVE-2020-8625 See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
curl=7.60.0-11.12.1 CVE-2019-5481  
file=5.22-10.18.1
file-magic=5.22-10.18.1		 CVE-2012-1571  
glib2-lang=2.48.2-12.22.1
libglib-2_0-0=2.48.2-12.22.1
libgmodule-2_0-0=2.48.2-12.22.1
libgobject-2_0-0=2.48.2-12.22.1		 CVE-2021-27218  
CVE-2021-27219
glibc=2.22-114.8.3
glibc-i18ndata=2.22-114.8.3
glibc-locale=2.22-114.8.3		 CVE-2020-27618  
CVE-2020-29562
CVE-2020-29573
CVE-2019-25013
CVE-2021-3326
grub2=2.02-12.47.1
grub2-i386-pc=2.02-12.47.1
grub2-snapper-plugin=2.02-12.47.1
grub2-systemd-sleep-plugin=2.02-12.47.1		 CVE-2021-20225  
CVE-2020-14372
CVE-2020-27749
CVE-2021-20233
CVE-2020-25647
CVE-2020-25632
CVE-2020-27779
kbd-legacy=2.0.4-8.10.2 CVE-2011-0460  
kernel-default=4.12.14-122.66.2 CVE-2020-27673  
CVE-2021-29154
CVE-2020-25673
CVE-2020-25672
CVE-2020-27671
CVE-2020-27670
CVE-2020-36311
CVE-2021-30002
CVE-2021-3483
CVE-2021-20219
CVE-2021-28964
CVE-2021-3444
CVE-2021-28971
CVE-2021-28688
CVE-2021-29265
CVE-2021-29264
CVE-2021-28972
CVE-2021-29647
CVE-2020-27171
CVE-2020-27170
CVE-2021-28660
CVE-2020-35519
CVE-2021-3428
CVE-2020-0433
CVE-2021-28038
CVE-2020-27815
CVE-2021-27365
CVE-2021-27363
CVE-2020-29368
CVE-2021-26930
CVE-2021-26932
CVE-2020-27786
CVE-2021-3348
CVE-2021-3347
CVE-2020-25211
CVE-2020-27675
CVE-2021-20177
CVE-2021-0342
CVE-2020-27835
CVE-2020-29568
CVE-2020-29569
CVE-2020-25639
libbind9-161=9.11.22-3.29.1
libdns1110=9.11.22-3.29.1
libirs161=9.11.22-3.29.1
libisc1107=9.11.22-3.29.1
libisccc161=9.11.22-3.29.1
libisccfg163=9.11.22-3.29.1
liblwres161=9.11.22-3.29.1
python-bind=9.11.22-3.29.1
 		 CVE-2020-8625  
CVE-2017-3145
CVE-2018-5740
CVE-2018-5745
CVE-2019-6465
CVE-2018-5743
CVE-2019-6471
CVE-2020-8616
CVE-2020-8617
CVE-2020-8624
CVE-2020-8623
CVE-2020-8622
CVE-2016-2775
CVE-2016-2776
CVE-2016-6170
CVE-2016-8864
CVE-2016-9131
CVE-2016-9147
CVE-2016-9444
CVE-2017-3135
CVE-2017-3136
CVE-2017-3137
CVE-2017-3138
CVE-2017-3142
CVE-2016-1285
CVE-2016-1286
CVE-2015-8704
CVE-2015-8000
CVE-2015-5722
CVE-2015-5477
CVE-2015-1349
CVE-2015-4620
CVE-2014-8500
CVE-2014-0591
CVE-2013-4854
CVE-2013-2266
CVE-2012-5689
CVE-2012-5688
CVE-2012-5166
CVE-2012-4244
CVE-2012-3817
CVE-2012-1667
CVE-2012-3868
CVE-2011-4313
CVE-2011-1910
CVE-2011-1907
CVE-2011-2464
CVE-2011-0414
CVE-2010-3614
CVE-2010-3615
CVE-2010-3613
CVE-2009-4022
CVE-2009-0696
libcurl4=7.60.0-11.12.1 CVE-2019-5481  
libebl1=0.158-7.13.3 CVE-2018-16403  
CVE-2016-10254
CVE-2016-10255
CVE-2018-18521
CVE-2017-7611
CVE-2017-7610
CVE-2018-16062
CVE-2018-18310
CVE-2019-7150
CVE-2019-7665
CVE-2017-7607
CVE-2018-18520
CVE-2017-7608
CVE-2017-7613
CVE-2017-7612
CVE-2014-9447
CVE-2014-0172
libldap-2_4-2=2.4.41-18.83.1
openldap2|2.4.41-18.83.1
 		 CVE-2020-36230  
CVE-2020-36229
CVE-2020-36228
CVE-2020-36227
CVE-2020-36225
CVE-2020-36224
CVE-2020-36226
CVE-2020-36222
CVE-2020-36221
CVE-2020-36223
CVE-2021-27212
libmagic1=5.22-10.18.1 CVE-2012-1571  
libnghttp2-14=1.39.2-3.5.1 CVE-2020-11080  
CVE-2019-9511
CVE-2018-1000168
CVE-2016-1544
libopenssl1_0_0=1.0.2p-3.33.1
libowb1_0_0=1.5.0.0-1		 CVE-2020-1971  
libpython2_7-1_0=2.7.18-28.67.1
python-base=2.7.18-28.67.1
python-xml=2.7.18-28.67.1
 		 CVE-2021-23336  
libpython3_4m1_0=3.4.10-25.66.1
libpython3_6m1_0=3.6.13-4.36.1
python3=3.4.10-25.66.1
python3-base=3.4.10-25.66.1
python36=3.6.13-4.36.1
python36-base=3.6.13-4.36.1		 CVE-2021-23336  
CVE-2021-3177
libssh4=0.8.7-3.9.1 CVE-2020-1730  
CVE-2019-14889
CVE-2014-8132
CVE-2015-3146
CVE-2016-0739
CVE-2018-10933
CVE-2014-0017
CVE-2013-0176
CVE-2012-4559
CVE-2012-4560
CVE-2012-4561
libstdc++6=10.2.1+git583-1.3.5 CVE-2020-13844  
openssl-1_0_0=1.0.2p-3.33.1 CVE-2020-1971  
CVE-2019-1551
CVE-2019-1547
CVE-2019-1563
CVE-2019-1559
CVE-2018-5407
CVE-2018-0734
CVE-2018-0737
CVE-2018-0732
CVE-2016-0800
CVE-2016-7055
CVE-2017-3731
CVE-2017-3732
CVE-2017-3735
CVE-2017-3736
CVE-2017-3737
CVE-2017-3738
CVE-2017-3739
CVE-2016-7052
CVE-2016-6304
CVE-2016-2177
CVE-2016-2178
CVE-2016-2179
CVE-2016-2180
CVE-2016-2181
CVE-2016-2182
CVE-2016-2183
CVE-2016-6302
CVE-2016-6303
CVE-2016-6306
CVE-2016-2107
CVE-2016-2105
CVE-2016-2106
CVE-2016-2109
CVE-2016-2176
CVE-2016-0702
CVE-2016-0705
CVE-2016-0797
CVE-2016-0798
CVE-2016-0799
CVE-2015-3197
CVE-2015-3194
CVE-2015-3195
CVE-2015-3196
CVE-2015-0287
CVE-2015-4000
CVE-2015-1788
CVE-2015-1789
CVE-2015-1790
CVE-2015-1792
CVE-2015-1791
CVE-2015-3216
CVE-2015-0209
CVE-2015-0286
CVE-2015-0288
CVE-2015-0289
CVE-2015-0293
CVE-2014-3570
CVE-2014-3571
CVE-2014-3572
CVE-2014-8275
CVE-2015-0204
CVE-2015-0205
CVE-2015-0206
CVE-2014-3513
CVE-2014-3567
CVE-2014-3568
CVE-2014-3566
CVE-2014-3512
CVE-2014-3511
CVE-2014-3510
CVE-2014-3507
CVE-2014-3506
CVE-2014-3505
CVE-2014-3509
CVE-2014-5139
CVE-2014-3508
CVE-2014-0224
CVE-2014-0221
CVE-2014-0195
CVE-2014-3470
CVE-2014-0198
CVE-2010-5298
CVE-2014-0160
CVE-2014-0076
CVE-2013-4353
CVE-2013-6449
CVE-2013-6450
CVE-2012-4929
CVE-2013-0166
CVE-2012-2686
CVE-2012-2110
CVE-2012-1165
CVE-2012-0884
CVE-2012-0050
CVE-2011-4576
CVE-2011-4577
CVE-2011-4619
CVE-2012-0027
CVE-2011-3207
CVE-2011-0014
CVE-2010-1633
CVE-2010-2939
CVE-2010-3864
CVE-2010-0742
CVE-2010-0740
CVE-2008-5077
CVE-2009-0590
CVE-2009-0591
CVE-2009-0789
CVE-2009-1377
CVE-2009-1378
CVE-2009-1379
CVE-2009-1386
CVE-2009-1387
rsyslog=8.24.0-3.46.1 CVE-2013-6370  
CVE-2013-6371
CVE-2013-4758
CVE-2011-3200
tar=1.27.1-15.9.1
tar-lang=1.27.1-15.9.1		 CVE-2021-20193  

Dell creates and distributes the Data Protection Central (DPC) OS Update. These DPC OS Updates contain security patches from third party components for the Data Protection Central system. See Data Protection Central OS Update Release Notes for more information.

For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm. To search for a particular CVE, use the database’s search utility at http://web.nvd.nist.gov/view/vuln/search.


Resolution:      
Apply the Data Protection Central OS Update to all Data Protection Central systems installed via DPC OVA deployment; DPC systems installed without use of the DPC OVA are not updated by the DPC OS Update procedure.

To upgrade your Dell Data Protection Central system, see KB article 34881: Data Protection Central: How to Install the Data Protection Central OS Update  for installation instructions.

Dell recommends all customers upgrade at the earliest opportunity.
Dell creates and distributes the Data Protection Central (DPC) OS Update. These DPC OS Updates contain security patches from third party components for the Data Protection Central system. See Data Protection Central OS Update Release Notes for more information.

For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm. To search for a particular CVE, use the database’s search utility at http://web.nvd.nist.gov/view/vuln/search.


Resolution:      
Apply the Data Protection Central OS Update to all Data Protection Central systems installed via DPC OVA deployment; DPC systems installed without use of the DPC OVA are not updated by the DPC OS Update procedure.

To upgrade your Dell Data Protection Central system, see KB article 34881: Data Protection Central: How to Install the Data Protection Central OS Update  for installation instructions.

Dell recommends all customers upgrade at the earliest opportunity.
A Dell Technologies recomenda que todos os clientes levem em consideração a pontuação base CVSS e as pontuações temporais e ambientais pertinentes que possam afetar a gravidade potencial associada a uma vulnerabilidade de segurança específica.

Produtos afetados e soluções

Product Affected Version) Updated Versions Link to Update  
Dell Data Protection Central 1.0.0, 1.0.1, 18.1, 18.2, 19.1, 19.2, 19.3, 19.4 1.0.0, 1.0.1, 18.1, 18.2, 19.1, 19.2, 19.3, 19.4 DPC Software

DPC Release Notes		  
 
Dell IDPA System Manager 18.1, 18.2, 19.2 18.1, 18.2, 19.2 DPC Software

DPC Release Notes		  
Product Affected Version) Updated Versions Link to Update  
Dell Data Protection Central 1.0.0, 1.0.1, 18.1, 18.2, 19.1, 19.2, 19.3, 19.4 1.0.0, 1.0.1, 18.1, 18.2, 19.1, 19.2, 19.3, 19.4 DPC Software

DPC Release Notes		  
 
Dell IDPA System Manager 18.1, 18.2, 19.2 18.1, 18.2, 19.2 DPC Software

DPC Release Notes		  

Histórico de revisão

RevisionDateDescription
1.1.2-12021-04-22Minor
1.1.1-42021-01-29Minor

Informações relacionadas

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Aviso de isenção legal

Produtos afetados

Data Protection Central, Product Security Information

Produtos

Data Protection Central, Data Protection Central, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software
Propriedades do artigo
Número do artigo: 000185736
Tipo de artigo: Dell Security Advisory
Último modificado: 01 ago. 2022
Encontre as respostas de outros usuários da Dell para suas perguntas.
Serviços de suporte
Verifique se o dispositivo está coberto pelos serviços de suporte.