DSA-2019-201: Dell Avamar and NetWorker Security Update for Multiple Third Component Vulnerabilities

摘要: Multiple components within Dell Avamar and NetWorker require a security update to address various vulnerabilities.

本文章適用於 本文章不適用於 本文無關於任何特定產品。 本文未識別所有產品版本。
查看其他資源

影響

Critical

詳細資料

Summary:    

Multiple components within Dell Avamar and NetWorker require a security update to address various vulnerabilities.

Note:   
The CVEs addressed by this security update are listed in the Release Notes. The Release Notes list not only the new CVEs addressed by this update, but all the past CVEs in this cumulative update
For Dell Avamar Servers running SUSE Linux Enterprise 11 SP1 or SP3, that the OS versions are end of life, the security update only addresses CVEs which SUSE addresses and updates some third party packages, such as JRE and Tomcat. It is recommended to upgrade Avamar servers to SUSE Linux Enterprise 11 SP4 prior to applying the OS Security Update.

This security patch is security updates for various third-party software components installed on the Avamar and NetWorker nodes. The patch addresses multiple security vulnerabilities in those components. The patch applies to all Avamar and NetWorker Products running on the SLES platforms listed above. The products include Avamar single-node servers, multi-node servers, accelerator nodes, Avamar Virtual Edition systems, NetWorker Virtual Edition systems, Avamar Combined Proxy, Avamar Plug-in for vCloud Director.

This security patch also updates Java JRE to version 8u231 for Avamar Server 7.3 and later, Avamar Proxy 7.5.0 and later, NetWorker Virtual Edition 9.0 and later, Dell vCloud Director Data Protection Extension versions 2.0.4 (Deprecated since 2019 R4) and later, Dell Avamar NDMP Accelerator 7.3 and later.

This security patch also updates Tomcat to version 8.5.46 for Avamar Server 7.3 and later.

See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
This security patch is security updates for various third-party software components installed on the Avamar and NetWorker nodes. The patch addresses multiple security vulnerabilities in those components. The patch applies to all Avamar and NetWorker Products running on the SLES platforms listed above. The products include Avamar single-node servers, multi-node servers, accelerator nodes, Avamar Virtual Edition systems, NetWorker Virtual Edition systems, Avamar Combined Proxy, Avamar Plug-in for vCloud Director.

This security patch also updates Java JRE to version 8u231 for Avamar Server 7.3 and later, Avamar Proxy 7.5.0 and later, NetWorker Virtual Edition 9.0 and later, Dell vCloud Director Data Protection Extension versions 2.0.4 (Deprecated since 2019 R4) and later, Dell Avamar NDMP Accelerator 7.3 and later.

This security patch also updates Tomcat to version 8.5.46 for Avamar Server 7.3 and later.

See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
Dell Technologies 建議所有客戶不僅要參考 CVSS 基本分數,也要將可能會影響與特定安全漏洞相關之潛在嚴重性的所有相關暫時和環境分數納入考量。

受影響的產品與補救措施

Affected products:     

  • Dell Avamar Server hardware appliance Gen4S with versions 7.3 and later running SUSE Linux Enterprise 11 SP1

  • Dell Avamar Server hardware appliance Gen4T with versions 7.3 and later running SUSE Linux Enterprise 11 SP3

  • Dell Avamar Server hardware appliance Gen4S or Gen4T with versions 7.3 and later running SUSE Linux Enterprise 11 SP4

  • Dell Avamar Virtual Edition versions 7.3 and later running SUSE Linux Enterprise 11 SP3

  • Dell Avamar Virtual Edition versions 7.3 and later running SUSE Linux Enterprise 11 SP4 (including Azure and AWS deployments since 7.5.1)

  • Dell Avamar Virtual Edition versions 19.2 and later running SUSE Linux Enterprise 12 SP4 (including Azure and AWS deployments)

  • Dell Avamar NDMP Accelerator 7.3 and later running SUSE Linux Enterprise 11 SP1, SP3, and SUSE Linux Enterprise 12 SP4

  • Dell Avamar VMware Image Proxy versions 7.3 and later running SUSE Linux Enterprise 11 SP1 or SUSE Linux Enterprise 11 SP3

  • Dell Avamar VMware Image Proxy versions 7.5.1 and later running SUSE Linux Enterprise 12 SP1

  • Dell NetWorker Virtual Edition (NVE) versions 9.0.x, 9.1.x, 9.2.x, and 18.x and later running SUSE Linux Enterprise 11 SP3 or SP4

  • Dell vCloud Director Data Protection Extension versions 2.0.3 and later running SUSE Linux Enterprise 11 SP3

  • Dell Integrated Data Protection Appliance (IDPA) 2.0, 2.1, 2.2, 2.3, and 2.4



Resolution:     
Apply the platform security patch to Avamar software version 7.3 and later and NetWorker Virtual Edition. The following platform security patch packages are now available to be installed:

Avamar SW:     


SLES11 SP3 or SP4 NVE:      

The Security Update for Avamar Virtual Edition and NetWorker Virtual Edition is customer installable. See Link to Remedies below for download and installation instructions.

Installation for all other Avamar affected products should be performed by qualified Avamar Support Engineers.

The installation process requires shutting down the server software, rebooting all the nodes, and restarting the server software, and so appropriate time must be scheduled and allocated to perform this full process.

Dell strongly recommends that all customers upgrade at the earliest opportunity.

To schedule platform security patch installation, or to upgrade your server, contact Dell Customer Support at https://www.dell.com/support/home/.

See the following Dell articles for Security Update (Rollup) Installation instructions:     

Read more in the Release Notes:     

Affected products:     

  • Dell Avamar Server hardware appliance Gen4S with versions 7.3 and later running SUSE Linux Enterprise 11 SP1

  • Dell Avamar Server hardware appliance Gen4T with versions 7.3 and later running SUSE Linux Enterprise 11 SP3

  • Dell Avamar Server hardware appliance Gen4S or Gen4T with versions 7.3 and later running SUSE Linux Enterprise 11 SP4

  • Dell Avamar Virtual Edition versions 7.3 and later running SUSE Linux Enterprise 11 SP3

  • Dell Avamar Virtual Edition versions 7.3 and later running SUSE Linux Enterprise 11 SP4 (including Azure and AWS deployments since 7.5.1)

  • Dell Avamar Virtual Edition versions 19.2 and later running SUSE Linux Enterprise 12 SP4 (including Azure and AWS deployments)

  • Dell Avamar NDMP Accelerator 7.3 and later running SUSE Linux Enterprise 11 SP1, SP3, and SUSE Linux Enterprise 12 SP4

  • Dell Avamar VMware Image Proxy versions 7.3 and later running SUSE Linux Enterprise 11 SP1 or SUSE Linux Enterprise 11 SP3

  • Dell Avamar VMware Image Proxy versions 7.5.1 and later running SUSE Linux Enterprise 12 SP1

  • Dell NetWorker Virtual Edition (NVE) versions 9.0.x, 9.1.x, 9.2.x, and 18.x and later running SUSE Linux Enterprise 11 SP3 or SP4

  • Dell vCloud Director Data Protection Extension versions 2.0.3 and later running SUSE Linux Enterprise 11 SP3

  • Dell Integrated Data Protection Appliance (IDPA) 2.0, 2.1, 2.2, 2.3, and 2.4



Resolution:     
Apply the platform security patch to Avamar software version 7.3 and later and NetWorker Virtual Edition. The following platform security patch packages are now available to be installed:

Avamar SW:     


SLES11 SP3 or SP4 NVE:      

The Security Update for Avamar Virtual Edition and NetWorker Virtual Edition is customer installable. See Link to Remedies below for download and installation instructions.

Installation for all other Avamar affected products should be performed by qualified Avamar Support Engineers.

The installation process requires shutting down the server software, rebooting all the nodes, and restarting the server software, and so appropriate time must be scheduled and allocated to perform this full process.

Dell strongly recommends that all customers upgrade at the earliest opportunity.

To schedule platform security patch installation, or to upgrade your server, contact Dell Customer Support at https://www.dell.com/support/home/.

See the following Dell articles for Security Update (Rollup) Installation instructions:     

Read more in the Release Notes:     

因應措施與緩解措施

None

修訂歷史記錄

Revision

Date

Description

1.0

2019-12-18

Initial Release

1.12021-11-03Updated Product Tagging

相關資訊

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

法律免責聲明

受影響的產品

Avamar, Avamar Client, Avamar Client for VMware, Avamar Client for Windows, Avamar Data Migration Enabler, Avamar Data Store, Avamar Data Transport, Avamar Desktop/Laptop Option, Avamar Extended Retention, Avamar Media Access Node, Avamar Plug-in , Avamar REST API, Avamar Server, Avamar Virtual Edition, Backup & Recovery Manager Avamar, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software, Multiple Systems Management, NetWorker, OpenStack Data Protection Extension, Product Security Information, vRealize Data Protection Extension for Avamar ...
文章屬性
文章編號: 000153697
文章類型: Dell Security Advisory
上次修改時間: 19 9月 2025
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。