Article Number: 000204795

DSA-2022-299: Dell EMC Data Protection Central Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell EMC Data Protection Central remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Critical

Details

SP2-based systems:

SuSE is not distributing updates for SLES 12 SP2 any longer.

SP5-based systems:

Third-party Component	CVE(s)	More Information
curl\|7.60.0-11.46.1 libcurl4\|7.60.0-11.46.1	CVE-2022-35252	See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
git-core\|2.26.2-27.57.1	CVE-2022-29187
gpg2\|2.0.24-9.11.1 gpg2-lang\|2.0.24-9.11.1	CVE-2022-34903
java-1_8_0-openjdk\|1.8.0.345-27.78.1 java-1_8_0-openjdk-headless\|1.8.0.345-27.78.1	CVE-2022-34169 CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 CVE-2022-21540 CVE-2022-21541
kernel-default\|4.12.14-122.133.1	CVE-2020-36516 CVE-2020-36557 CVE-2020-36558 CVE-2021-33655 CVE-2021-33656 CVE-2021-4203 CVE-2022-1462 CVE-2022-20166 CVE-2022-20368 CVE-2022-20369 CVE-2022-21385 CVE-2022-2588 CVE-2022-26373 CVE-2022-2639 CVE-2022-29154 CVE-2022-29581 CVE-2022-2977 CVE-2022-3028 CVE-2022-36879 CVE-2022-36946
libnl-config\|3.2.23-4.7.1 libnl1\|1.1.4-6.3.1 libnl3-200\|3.2.23-4.7.1	CVE-2017-0386
libjson-c2\|0.12.1-4.3.1	CVE-2020-12762
libcroco-0_6-3\|0.6.11-12.6.45	CVE-2020-12825
libicu52_1\|52.1-8.13.1 libicu52_1-data\|52.1-8.13.1	CVE-2020-21913
libp11-kit0\|0.23.2-8.10.1 p11-kit\|0.23.2-8.10.1 p11-kit-tools\|0.23.2-8.10.1	CVE-2020-29362
libsqlite3-0\|3.39.3-9.23.1	CVE-2021-36690 CVE-2022-35737
libpcre2-8-0\|10.34-1.10.1	CVE-2022-1587
libncurses5\|5.9-78.1 libncurses6\|5.9-78.1 ncurses-utils\|5.9-78.1 terminfo\|5.9-78.1 terminfo-base\|5.9-78.1	CVE-2022-29458
libvmtools0\|12.1.0-4.45.1 open-vm-tools\|12.1.0-4.45.1	CVE-2022-31676
libz1\|1.2.11-11.22.1	CVE-2022-37434
perl-HTTP-Daemon\|6.01-9.5.1	CVE-2022-31081
permissions\|20170707-6.10.1	CVE-2022-31252
ucode-intel\|20220809-3.46.1	CVE-2022-21233
unzip\|6.00-33.16.1	CVE-2022-0529 CVE-2022-0530

SP2-based systems:

SuSE is not distributing updates for SLES 12 SP2 any longer.

SP5-based systems:

Third-party Component	CVE(s)	More Information
curl\|7.60.0-11.46.1 libcurl4\|7.60.0-11.46.1	CVE-2022-35252	See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
git-core\|2.26.2-27.57.1	CVE-2022-29187
gpg2\|2.0.24-9.11.1 gpg2-lang\|2.0.24-9.11.1	CVE-2022-34903
java-1_8_0-openjdk\|1.8.0.345-27.78.1 java-1_8_0-openjdk-headless\|1.8.0.345-27.78.1	CVE-2022-34169 CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 CVE-2022-21540 CVE-2022-21541
kernel-default\|4.12.14-122.133.1	CVE-2020-36516 CVE-2020-36557 CVE-2020-36558 CVE-2021-33655 CVE-2021-33656 CVE-2021-4203 CVE-2022-1462 CVE-2022-20166 CVE-2022-20368 CVE-2022-20369 CVE-2022-21385 CVE-2022-2588 CVE-2022-26373 CVE-2022-2639 CVE-2022-29154 CVE-2022-29581 CVE-2022-2977 CVE-2022-3028 CVE-2022-36879 CVE-2022-36946
libnl-config\|3.2.23-4.7.1 libnl1\|1.1.4-6.3.1 libnl3-200\|3.2.23-4.7.1	CVE-2017-0386
libjson-c2\|0.12.1-4.3.1	CVE-2020-12762
libcroco-0_6-3\|0.6.11-12.6.45	CVE-2020-12825
libicu52_1\|52.1-8.13.1 libicu52_1-data\|52.1-8.13.1	CVE-2020-21913
libp11-kit0\|0.23.2-8.10.1 p11-kit\|0.23.2-8.10.1 p11-kit-tools\|0.23.2-8.10.1	CVE-2020-29362
libsqlite3-0\|3.39.3-9.23.1	CVE-2021-36690 CVE-2022-35737
libpcre2-8-0\|10.34-1.10.1	CVE-2022-1587
libncurses5\|5.9-78.1 libncurses6\|5.9-78.1 ncurses-utils\|5.9-78.1 terminfo\|5.9-78.1 terminfo-base\|5.9-78.1	CVE-2022-29458
libvmtools0\|12.1.0-4.45.1 open-vm-tools\|12.1.0-4.45.1	CVE-2022-31676
libz1\|1.2.11-11.22.1	CVE-2022-37434
perl-HTTP-Daemon\|6.01-9.5.1	CVE-2022-31081
permissions\|20170707-6.10.1	CVE-2022-31252
ucode-intel\|20220809-3.46.1	CVE-2022-21233
unzip\|6.00-33.16.1	CVE-2022-0529 CVE-2022-0530

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product	Affected Version(s)	Updated Version(s)	Link to Update
Dell EMC Data Protection Central	19.1	19.1	To upgrade your Dell EMC Data Protection Central system, see https://www.dell.com/support/kbdoc/en-us/000034881/data-protection-central-how-to-install-the-data-protection-central-os-update for installation instructions. See the latest ‘Data Protection Central OS Update’ file in https://www.dell.com/support/home/en-us/product-support/product/data-protection-central/drivers See the latest ‘Data Protection Central OS Updates Release Notes’ in https://www.dell.com/support/home/en-us/product-support/product/data-protection-central/docs NOTE: the DPC version number is not updated by the DPC OS Update distribution that provides these fixes. Examine the /etc/dpc-osupdate file to confirm execution of DPC OS Update; this file will contain the line: version=1.1.10-1
	19.2	19.2
	19.3	19.3
	19.4	19.4
	19.5	19.5
	19.6	19.6
	19.7	19.7
PowerProtect DP Series Appliance	2.5	2.5	To upgrade your PowerProtect DP Series Appliance Dell Data Protection Central component, see Dell article https://www.dell.com/support/kbdoc/en-us/000034881/data-protection-central-how-to-install-the-data-protection-central-os-update for installation instructions. See the latest ‘Data Protection Central OS Update’ file in https://www.dell.com/support/home/en-us/product-support/product/data-protection-central/drivers See the latest ‘Data Protection Central OS Updates Release Notes’ in https://www.dell.com/support/home/en-us/product-support/product/data-protection-central/docs NOTE: The DPC version number is not updated by the DPC OS Update distribution that provides these fixes. Examine the /etc/dpc-osupdate file to confirm execution of DPC OS Update; this file will contain the line: version=1.1.10-1

Product	Affected Version(s)	Updated Version(s)	Link to Update
Dell EMC Data Protection Central	19.1	19.1	To upgrade your Dell EMC Data Protection Central system, see https://www.dell.com/support/kbdoc/en-us/000034881/data-protection-central-how-to-install-the-data-protection-central-os-update for installation instructions. See the latest ‘Data Protection Central OS Update’ file in https://www.dell.com/support/home/en-us/product-support/product/data-protection-central/drivers See the latest ‘Data Protection Central OS Updates Release Notes’ in https://www.dell.com/support/home/en-us/product-support/product/data-protection-central/docs NOTE: the DPC version number is not updated by the DPC OS Update distribution that provides these fixes. Examine the /etc/dpc-osupdate file to confirm execution of DPC OS Update; this file will contain the line: version=1.1.10-1
	19.2	19.2
	19.3	19.3
	19.4	19.4
	19.5	19.5
	19.6	19.6
	19.7	19.7
PowerProtect DP Series Appliance	2.5	2.5	To upgrade your PowerProtect DP Series Appliance Dell Data Protection Central component, see Dell article https://www.dell.com/support/kbdoc/en-us/000034881/data-protection-central-how-to-install-the-data-protection-central-os-update for installation instructions. See the latest ‘Data Protection Central OS Update’ file in https://www.dell.com/support/home/en-us/product-support/product/data-protection-central/drivers See the latest ‘Data Protection Central OS Updates Release Notes’ in https://www.dell.com/support/home/en-us/product-support/product/data-protection-central/docs NOTE: The DPC version number is not updated by the DPC OS Update distribution that provides these fixes. Examine the /etc/dpc-osupdate file to confirm execution of DPC OS Update; this file will contain the line: version=1.1.10-1

Revision History

Revision	Date	Description
1.0	2022-10-28	Initial Release

DSA-2022-299: Dell EMC Data Protection Central Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell EMC Data Protection Central remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Details

Affected Products and Remediation

Revision History

Related Information

Legal Information

Article Properties

Affected Product

Last Published Date

Article Type

Welcome

Welcome to Dell

DSA-2022-299: Dell EMC Data Protection Central Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell EMC Data Protection Central remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Details

Affected Products and Remediation

Revision History

Related Information

Legal Information

Article Properties

Affected Product

Last Published Date

Article Type