DSA-2019-154: Dell EMC Avamar and Networker Security Update for Multiple Third-Party Components Vulnerabilities


alert-notice

Critical

First published:  31 Oct 2019
Last updated:  31 Oct 2019

CVE ID(s)

Overview

Severity Rating (CVSS Base Score)

See NVD (http://nvd.nist.gov/) for individual scores for each CVE

Affected products:    

  • Dell EMC Avamar Server hardware appliance Gen4S with versions 7.3 and later running SUSE Linux Enterprise 11 SP1

  • Dell EMC Avamar Server hardware appliance Gen4T with versions 7.3 and later running SUSE Linux Enterprise 11 SP3

  • Dell EMC Avamar Server hardware appliance Gen4S and Gen4T with versions 7.3 and later running SUSE Linux Enterprise 11 SP4

  • Dell EMC Avamar Virtual Edition versions 7.3 and later running SUSE Linux Enterprise 11 SP3

  • Dell EMC Avamar Virtual Edition versions 7.3 and later running SUSE Linux Enterprise 11 SP4 (including Azure and AWS deployments since 7.5.1)

  • Dell EMC Avamar NDMP Accelerator 7.3 and later running SUSE Linux Enterprise 11 SP1, SP3, or 12 SP4

  • Dell EMC Avamar VMware Image Proxy versions 7.3 and later running SUSE Linux Enterprise 11 SP1 or SP3

  • Dell EMC Avamar VMware Image Proxy versions 7.5.1 and later running SUSE Linux Enterprise 12 SP1

  • Dell EMC Avamar Extended Retention Media Access Node (MAN) versions 7.3 and later running SUSE Linux 11 SP1

  • Dell EMC NetWorker Virtual Edition (NVE) versions 9.1.x, 9.2.x, and 18.x and later running SUSE Linux Enterprise 11 SP3 or SP4

  • Dell EMC Backup & Recovery Manager (Avamar and NetWorker) versions 1.3 and 1.3.1 running SUSE Linux Enterprise 11 SP3

  • Dell EMC vCloud Director Data Protection Extension versions 2.0.3 and later running SUSE Linux Enterprise 11 SP3

  • Dell EMC Integrated Data Protection Appliance (IDPA) 2.0, 2.1, 2.2, 2.3, and 2.4


Summary:  
Multiple components within Dell EMC Avamar and Networker require a security update to address various vulnerabilities.

Details

Filled_Alert_Notice_Symbol   Severity Disclaimer

For an explanation of Severity Ratings, refer to Dell EMC Knowledgebase article 468307. Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.

Read and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact Dell EMC Software Technical Support at 1-877-534-2867. Dell EMC distributes Dell EMC Security Advisories, in order to bring to the attention of users of the affected Dell EMC products, important security information. Dell EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.

Recommendations

Apply the platform security patch to Avamar software version 7.3 and later, NetWorker Virtual Edition, and NetWorker VBA. The following platform security patch packages are now available to be installed:  

SLES11 SP3/SP4 NVE: 

The Security Update for Avamar Virtual Edition, NetWorker VBA, and NetWorker Virtual Edition are customer installable. Refer to the Link To Remedies below for download and installation instructions.

Installation for all other Avamar affected products should be performed by qualified Avamar Support Engineers.

The installation process involves shutting down the server software, rebooting all the nodes, and restarting the server software, and so, appropriate time needs to be scheduled and allocated to perform this full process.

To schedule platform security patch installation, or to upgrade your server, contact Dell EMC Customer Support at https://support.emc.com/.

Refer to the following KB Articles for Security Update (Rollup) Installation instructions:  


Read more in the Release Notes:   

Read and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the issues described herein. If you have any questions regarding this product alert, contact Dell EMC Software Technical Support at 1-877-534-2867.

Read and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact Dell EMC Software Technical Support at 1-877-534-2867. Dell EMC distributes Dell EMC Security Advisories, in order to bring to the attention of users of the affected Dell EMC products, important security information. Dell EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.