Article Number: 000206215
DSA-2022-330: Dell Data Protection Central Security Update for Multiple Third-Party Component Vulnerabilities
Summary: Dell Data Protection Central remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Article Content
Impact
Critical
Details
SP2-based systems
SuSE is not distributing updates for SLES 12 SP2 any longer.
SP5-based systems
SuSE is not distributing updates for SLES 12 SP2 any longer.
SP5-based systems
| Third-party Component | CVEs | More Information |
| python3-pip|10.0.1-13.8.1 | CVE-2013-5123 CVE-2014-8991 CVE-2015-2296 |
See NVD (http://nvd.nist.gov/  ) for individual scores for each CVE. |
| glibc|2.22-114.22.1 | CVE-2015-8985 | |
| libxml2-2|2.9.4-46.59.2 libxml2-tools|2.9.4-46.59.2 |
CVE-2016-3709 CVE-2022-40303 CVE-2022-40304 |
|
| sqlite3-tcl|3.39.3-9.23.1 | CVE-2016-6153 | |
| libjpeg8|8.1.2-31.28.1 | CVE-2020-35538 | |
| rpm|4.11.2-16.26.1 | CVE-2021-20271 CVE-2021-3421 |
|
| libpython2_7-1_0|2.7.18-33.14.1 | CVE-2021-28861 | |
| libtirpc-netconfig|1.0.1-17.24.1 libtirpc3|1.0.1-17.24.1 |
CVE-2021-46828 | |
| libtasn1|4.9-3.13.1 libtasn1-6|4.9-3.13.1 |
CVE-2021-46848 | |
| kernel-default|4.12.14-122.136.1 | CVE-2022-20008 CVE-2022-2503 CVE-2022-2663 CVE-2022-32296 CVE-2022-3239 CVE-2022-3303 CVE-2022-39188 CVE-2022-41218 CVE-2022-41848 |
|
| bind-utils|9.11.22-3.43.1 libbind9-161|9.11.22-3.43.1 libdns1110|9.11.22-3.43.1 libirs161|9.11.22-3.43.1 libisc1107|9.11.22-3.43.1 libisccc161|9.11.22-3.43.1 libisccfg163|9.11.22-3.43.1 liblwres161|9.11.22-3.43.1 python-bind|9.11.22-3.43.1 |
CVE-2022-2795 CVE-2022-38177 CVE-2022-38178 |
|
| dhcp|4.3.3-10.28.1 dhcp-client|4.3.3-10.28.1 |
CVE-2022-2928 CVE-2022-2929 |
|
| libcurl4|7.60.0-11.49.1 curl|7.60.0-11.49.1 |
CVE-2022-32221 | |
| libksba8|1.3.0-24.3.1 | CVE-2022-3515 | |
| libX11-6|1.6.2-12.24.1 libX11-data|1.6.2-12.24.1 |
CVE-2022-3554 CVE-2022-3555 |
|
| expat|2.1.0-21.28.1 libexpat1|2.1.0-21.28.1 |
CVE-2022-40674 CVE-2022-43680 |
|
| kpartx|0.7.9+232+suse.cbc3754-3.14.1 | CVE-2022-41973 |
SP2-based systems
SuSE is not distributing updates for SLES 12 SP2 any longer.
SP5-based systems
SuSE is not distributing updates for SLES 12 SP2 any longer.
SP5-based systems
| Third-party Component | CVEs | More Information |
| python3-pip|10.0.1-13.8.1 | CVE-2013-5123 CVE-2014-8991 CVE-2015-2296 |
See NVD (http://nvd.nist.gov/ ) for individual scores for each CVE. |
| glibc|2.22-114.22.1 | CVE-2015-8985 | |
| libxml2-2|2.9.4-46.59.2 libxml2-tools|2.9.4-46.59.2 |
CVE-2016-3709 CVE-2022-40303 CVE-2022-40304 |
|
| sqlite3-tcl|3.39.3-9.23.1 | CVE-2016-6153 | |
| libjpeg8|8.1.2-31.28.1 | CVE-2020-35538 | |
| rpm|4.11.2-16.26.1 | CVE-2021-20271 CVE-2021-3421 |
|
| libpython2_7-1_0|2.7.18-33.14.1 | CVE-2021-28861 | |
| libtirpc-netconfig|1.0.1-17.24.1 libtirpc3|1.0.1-17.24.1 |
CVE-2021-46828 | |
| libtasn1|4.9-3.13.1 libtasn1-6|4.9-3.13.1 |
CVE-2021-46848 | |
| kernel-default|4.12.14-122.136.1 | CVE-2022-20008 CVE-2022-2503 CVE-2022-2663 CVE-2022-32296 CVE-2022-3239 CVE-2022-3303 CVE-2022-39188 CVE-2022-41218 CVE-2022-41848 |
|
| bind-utils|9.11.22-3.43.1 libbind9-161|9.11.22-3.43.1 libdns1110|9.11.22-3.43.1 libirs161|9.11.22-3.43.1 libisc1107|9.11.22-3.43.1 libisccc161|9.11.22-3.43.1 libisccfg163|9.11.22-3.43.1 liblwres161|9.11.22-3.43.1 python-bind|9.11.22-3.43.1 |
CVE-2022-2795 CVE-2022-38177 CVE-2022-38178 |
|
| dhcp|4.3.3-10.28.1 dhcp-client|4.3.3-10.28.1 |
CVE-2022-2928 CVE-2022-2929 |
|
| libcurl4|7.60.0-11.49.1 curl|7.60.0-11.49.1 |
CVE-2022-32221 | |
| libksba8|1.3.0-24.3.1 | CVE-2022-3515 | |
| libX11-6|1.6.2-12.24.1 libX11-data|1.6.2-12.24.1 |
CVE-2022-3554 CVE-2022-3555 |
|
| expat|2.1.0-21.28.1 libexpat1|2.1.0-21.28.1 |
CVE-2022-40674 CVE-2022-43680 |
|
| kpartx|0.7.9+232+suse.cbc3754-3.14.1 | CVE-2022-41973 |
Affected Products and Remediation
| Product | Affected Versions | Updated Versions | Link to Update |
| Dell Data Protection Central | 19.1 | 19.1 | To upgrade your Dell Data Protection Central system, see Dell KB article 34881: Data Protection Central: How to Install the Data Protection Central operating system Update for installation instructions. See the latest Data Protection Central OS Update file in https://www.dell.com/support/home/product-support/product/data-protection-central/drivers. See the latest Data Protection Central OS Updates Release Notes in https://www.dell.com/support/home/product-support/product/data-protection-central/docs. NOTE: The DPC version number is not updated by the DPC OS Update distribution that provides these fixes. Examine the /etc/dpc-osupdate file to confirm execution of DPC OS Update; this file contains the line: version=1.1.11-1 |
| 19.2 | 19.2 | ||
| 19.3 | 19.3 | ||
| 19.4 | 19.4 | ||
| 19.5 | 19.5 | ||
| 19.6 | 19.6 | ||
| 19.7 | 19.7 | ||
| PowerProtect DP Series Appliance | 2.5 | 2.5 | To upgrade your PowerProtect DP Series Appliance Dell Data Protection Central component, see Dell KB article 34881: Data Protection Central: How to Install the Data Protection Central operating system Update for installation instructions. See the latest Data Protection Central OS Update file in https://www.dell.com/support/home/product-support/product/data-protection-central/drivers. See the latest Data Protection Central OS Updates Release Notes in https://www.dell.com/support/home/product-support/product/data-protection-central/docs. NOTE: The DPC version number is not updated by the DPC OS Update distribution that provides these fixes. Examine the /etc/dpc-osupdate file to confirm execution of DPC OS Update; this file contains the line: version=1.1.11-1 |
| 2.6.x | 2.6.x | ||
| 2.7.x | 2.7.x | ||
| Product | Affected Versions | Updated Versions | Link to Update |
| Dell Data Protection Central | 19.1 | 19.1 | To upgrade your Dell Data Protection Central system, see Dell KB article 34881: Data Protection Central: How to Install the Data Protection Central operating system Update for installation instructions. See the latest Data Protection Central OS Update file in https://www.dell.com/support/home/product-support/product/data-protection-central/drivers. See the latest Data Protection Central OS Updates Release Notes in https://www.dell.com/support/home/product-support/product/data-protection-central/docs. NOTE: The DPC version number is not updated by the DPC OS Update distribution that provides these fixes. Examine the /etc/dpc-osupdate file to confirm execution of DPC OS Update; this file contains the line: version=1.1.11-1 |
| 19.2 | 19.2 | ||
| 19.3 | 19.3 | ||
| 19.4 | 19.4 | ||
| 19.5 | 19.5 | ||
| 19.6 | 19.6 | ||
| 19.7 | 19.7 | ||
| PowerProtect DP Series Appliance | 2.5 | 2.5 | To upgrade your PowerProtect DP Series Appliance Dell Data Protection Central component, see Dell KB article 34881: Data Protection Central: How to Install the Data Protection Central operating system Update for installation instructions. See the latest Data Protection Central OS Update file in https://www.dell.com/support/home/product-support/product/data-protection-central/drivers. See the latest Data Protection Central OS Updates Release Notes in https://www.dell.com/support/home/product-support/product/data-protection-central/docs. NOTE: The DPC version number is not updated by the DPC OS Update distribution that provides these fixes. Examine the /etc/dpc-osupdate file to confirm execution of DPC OS Update; this file contains the line: version=1.1.11-1 |
| 2.6.x | 2.6.x | ||
| 2.7.x | 2.7.x | ||
Revision History
| Revision | Date | Description |
| 1.0 | 2022-12-12 | Initial Release |
Related Information
Legal Information
Article Properties
Affected Product
PowerProtect Data Protection Appliance, Data Protection Central, PowerProtect Data Protection Software
Product
Product Security Information
Last Published Date
12 Dec 2022
Article Type
Dell Security Advisory