DSA-2019-201: Dell Avamar and NetWorker Security Update for Multiple Third Component Vulnerabilities
Resumo: Multiple components within Dell Avamar and NetWorker require a security update to address various vulnerabilities.
Impacto
Critical
Dados
Summary:
Multiple components within Dell Avamar and NetWorker require a security update to address various vulnerabilities.
Note:
The CVEs addressed by this security update are listed in the Release Notes. The Release Notes list not only the new CVEs addressed by this update, but all the past CVEs in this cumulative update
For Dell Avamar Servers running SUSE Linux Enterprise 11 SP1 or SP3, that the OS versions are end of life, the security update only addresses CVEs which SUSE addresses and updates some third party packages, such as JRE and Tomcat. It is recommended to upgrade Avamar servers to SUSE Linux Enterprise 11 SP4 prior to applying the OS Security Update.
This security patch also updates Java JRE to version 8u231 for Avamar Server 7.3 and later, Avamar Proxy 7.5.0 and later, NetWorker Virtual Edition 9.0 and later, Dell vCloud Director Data Protection Extension versions 2.0.4 (Deprecated since 2019 R4) and later, Dell Avamar NDMP Accelerator 7.3 and later.
This security patch also updates Tomcat to version 8.5.46 for Avamar Server 7.3 and later.
See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
This security patch also updates Java JRE to version 8u231 for Avamar Server 7.3 and later, Avamar Proxy 7.5.0 and later, NetWorker Virtual Edition 9.0 and later, Dell vCloud Director Data Protection Extension versions 2.0.4 (Deprecated since 2019 R4) and later, Dell Avamar NDMP Accelerator 7.3 and later.
This security patch also updates Tomcat to version 8.5.46 for Avamar Server 7.3 and later.
See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
Produtos afetados e soluções
Affected products:
-
Dell Avamar Server hardware appliance Gen4S with versions 7.3 and later running SUSE Linux Enterprise 11 SP1
-
Dell Avamar Server hardware appliance Gen4T with versions 7.3 and later running SUSE Linux Enterprise 11 SP3
-
Dell Avamar Server hardware appliance Gen4S or Gen4T with versions 7.3 and later running SUSE Linux Enterprise 11 SP4
-
Dell Avamar Virtual Edition versions 7.3 and later running SUSE Linux Enterprise 11 SP3
-
Dell Avamar Virtual Edition versions 7.3 and later running SUSE Linux Enterprise 11 SP4 (including Azure and AWS deployments since 7.5.1)
-
Dell Avamar Virtual Edition versions 19.2 and later running SUSE Linux Enterprise 12 SP4 (including Azure and AWS deployments)
-
Dell Avamar NDMP Accelerator 7.3 and later running SUSE Linux Enterprise 11 SP1, SP3, and SUSE Linux Enterprise 12 SP4
-
Dell Avamar VMware Image Proxy versions 7.3 and later running SUSE Linux Enterprise 11 SP1 or SUSE Linux Enterprise 11 SP3
-
Dell Avamar VMware Image Proxy versions 7.5.1 and later running SUSE Linux Enterprise 12 SP1
-
Dell NetWorker Virtual Edition (NVE) versions 9.0.x, 9.1.x, 9.2.x, and 18.x and later running SUSE Linux Enterprise 11 SP3 or SP4
-
Dell vCloud Director Data Protection Extension versions 2.0.3 and later running SUSE Linux Enterprise 11 SP3
-
Dell Integrated Data Protection Appliance (IDPA) 2.0, 2.1, 2.2, 2.3, and 2.4
Resolution:
Apply the platform security patch to Avamar software version 7.3 and later and NetWorker Virtual Edition. The following platform security patch packages are now available to be installed:
Avamar SW:
SLES11 SP3 or SP4 NVE:
The Security Update for Avamar Virtual Edition and NetWorker Virtual Edition is customer installable. See Link to Remedies below for download and installation instructions.
Installation for all other Avamar affected products should be performed by qualified Avamar Support Engineers.
The installation process requires shutting down the server software, rebooting all the nodes, and restarting the server software, and so appropriate time must be scheduled and allocated to perform this full process.
Dell strongly recommends that all customers upgrade at the earliest opportunity.
To schedule platform security patch installation, or to upgrade your server, contact Dell Customer Support at https://www.dell.com/support/home/.
See the following Dell articles for Security Update (Rollup) Installation instructions:
-
169784: Avamar Virtual Edition, NetWorker Virtual Appliance: How to Install the Avamar Platform Security Rollup for Avamar Virtual Edition. (Only registered Dell Customers can access the content on the article link using Dell.com/support)
-
52627: NetWorker Virtual Edition (NVE): How to Install the Platform Security Rollup for NetWorker Virtual Edition.
Read more in the Release Notes:
Affected products:
-
Dell Avamar Server hardware appliance Gen4S with versions 7.3 and later running SUSE Linux Enterprise 11 SP1
-
Dell Avamar Server hardware appliance Gen4T with versions 7.3 and later running SUSE Linux Enterprise 11 SP3
-
Dell Avamar Server hardware appliance Gen4S or Gen4T with versions 7.3 and later running SUSE Linux Enterprise 11 SP4
-
Dell Avamar Virtual Edition versions 7.3 and later running SUSE Linux Enterprise 11 SP3
-
Dell Avamar Virtual Edition versions 7.3 and later running SUSE Linux Enterprise 11 SP4 (including Azure and AWS deployments since 7.5.1)
-
Dell Avamar Virtual Edition versions 19.2 and later running SUSE Linux Enterprise 12 SP4 (including Azure and AWS deployments)
-
Dell Avamar NDMP Accelerator 7.3 and later running SUSE Linux Enterprise 11 SP1, SP3, and SUSE Linux Enterprise 12 SP4
-
Dell Avamar VMware Image Proxy versions 7.3 and later running SUSE Linux Enterprise 11 SP1 or SUSE Linux Enterprise 11 SP3
-
Dell Avamar VMware Image Proxy versions 7.5.1 and later running SUSE Linux Enterprise 12 SP1
-
Dell NetWorker Virtual Edition (NVE) versions 9.0.x, 9.1.x, 9.2.x, and 18.x and later running SUSE Linux Enterprise 11 SP3 or SP4
-
Dell vCloud Director Data Protection Extension versions 2.0.3 and later running SUSE Linux Enterprise 11 SP3
-
Dell Integrated Data Protection Appliance (IDPA) 2.0, 2.1, 2.2, 2.3, and 2.4
Resolution:
Apply the platform security patch to Avamar software version 7.3 and later and NetWorker Virtual Edition. The following platform security patch packages are now available to be installed:
Avamar SW:
SLES11 SP3 or SP4 NVE:
The Security Update for Avamar Virtual Edition and NetWorker Virtual Edition is customer installable. See Link to Remedies below for download and installation instructions.
Installation for all other Avamar affected products should be performed by qualified Avamar Support Engineers.
The installation process requires shutting down the server software, rebooting all the nodes, and restarting the server software, and so appropriate time must be scheduled and allocated to perform this full process.
Dell strongly recommends that all customers upgrade at the earliest opportunity.
To schedule platform security patch installation, or to upgrade your server, contact Dell Customer Support at https://www.dell.com/support/home/.
See the following Dell articles for Security Update (Rollup) Installation instructions:
-
169784: Avamar Virtual Edition, NetWorker Virtual Appliance: How to Install the Avamar Platform Security Rollup for Avamar Virtual Edition. (Only registered Dell Customers can access the content on the article link using Dell.com/support)
-
52627: NetWorker Virtual Edition (NVE): How to Install the Platform Security Rollup for NetWorker Virtual Edition.
Read more in the Release Notes:
Soluções temporárias e atenuações
None
Histórico de revisão
|
Revision |
Date |
Description |
|
1.0 |
2019-12-18 |
Initial Release |
| 1.1 | 2021-11-03 | Updated Product Tagging |