Article Number: 000213738

DSA-2023-187 Dell Avamar, Dell NetWorker Virtual Edition (NVE) and Dell PowerProtect DP Series Appliance / Dell Integrated Data Protection Appliance (IDPA) Security Update for Multiple Vulnerabilities (OS Security Rollup 2023R1)

Summary: Dell Avamar, Dell NetWorker Virtual Edition (NVE) and Dell PowerProtect DP Series Appliance /Integrated Data Protection Appliance (IDPA) remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system. ...

Article Content

Impact

Critical

Details

Third-Party Component	CVE(s)	More Information
Multiple Third-Party Components	See Release Notes	2023R1 Release Notes

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVE(s) Addressed	Product	Affected Version(s)	Updated Version(s)	Link to Update
Multiple Third-Party Components See Release Notes	Dell Avamar Server Hardware Appliance Gen4S, Gen4T, Gen5A	Version 19.3, 19.4, 19.7, 19.8 with Security Rollup Prior to 2023-R1 on SLES12SP5	Version 19.3, 19.4, 19.7, 19.8 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2023R1	AvPlatformOsRollup_2023-R1-v7.avp
	Dell Avamar Virtual Edition	Version 19.3, 19.4, 19.7, 19.8 with Security Rollup Prior to 2023-R1 on SLES12SP5 (including Azure and AWS deployments)	Version 19.3, 19.4, 19.7, 19.8 running SUSE Linux Enterprise 12 SP5 (including Azure and AWS deployments) with the latest OS Security Rollup 2023R1	AvPlatformOsRollup_2023-R1-v7.avp
	Dell Avamar NDMP Accelerator	Version 19.3, 19.4 with Security Rollup Prior to 2023-R1 running SUSE Linux Enterprise 12 SP4	Version 19.3, 19.4 running SUSE Linux Enterprise 12 SP4 with the latest OS Security Rollup 2023R1
	Dell Avamar NDMP Accelerator	Version 19.3, 19.4, 19.7, 19.8 with Security Rollup Prior to 2023-R1 running SUSE Linux Enterprise 12 SP5	Version 19.3, 19.4, 19.7, 19.8 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2023R1
	Dell Avamar VMware Image Proxy	Version 19.3, with Security Rollup Prior to 2023-R1 running SUSE Linux Enterprise 12 SP4	Version 19.3 running SUSE Linux Enterprise 12 SP4 with the latest OS Security Rollup 2023R1	Avamar Proxy Bundle 2023-R1-v7
	Dell Avamar VMware Image Proxy	Version 19.3, 19.4, 19.7, 19.8 with Security Rollup Prior to 2023-R1 running SUSE Linux Enterprise 12 SP5	Version 19.4, 19.7, 19.8 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2023R1	Avamar Proxy Bundle 2023-R1-v7
	Dell NetWorker Virtual Edition (NVE)	Versions 19.4.x 19.5.x, 19.6.x, 19.7.x and 19.8.x with Security Rollup Prior to 2023-R1 running SUSE Linux Enterprise 12 SP5	Versions 19.4, 19.5, 19.6, 19.7 and 19.8 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2023R1	NvePlatformOsRollup_2023-R1-v7.avp
	Dell PowerProtect DP Series Appliance / Dell Integrated Data Protection Appliance (IDPA)	Version 2.5 with Security Rollup Prior to 2023-R1 running on SLES12SP4	Version 2.5 running on SLES12SP4 with the latest OS Security Rollup 2023R1	AvPlatformOsRollup_2023-R1-v7.avp
		Version 2.6.x, 2.7.x with Security Rollup Prior to 2023-R1 running on SLES12SP5	Version 2.6.x, 2.7.x with the latest OS Security Rollup 2023R1	AvPlatformOsRollup_2023-R1-v7.avp

CVE(s) Addressed	Product	Affected Version(s)	Updated Version(s)	Link to Update
Multiple Third-Party Components See Release Notes	Dell Avamar Server Hardware Appliance Gen4S, Gen4T, Gen5A	Version 19.3, 19.4, 19.7, 19.8 with Security Rollup Prior to 2023-R1 on SLES12SP5	Version 19.3, 19.4, 19.7, 19.8 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2023R1	AvPlatformOsRollup_2023-R1-v7.avp
	Dell Avamar Virtual Edition	Version 19.3, 19.4, 19.7, 19.8 with Security Rollup Prior to 2023-R1 on SLES12SP5 (including Azure and AWS deployments)	Version 19.3, 19.4, 19.7, 19.8 running SUSE Linux Enterprise 12 SP5 (including Azure and AWS deployments) with the latest OS Security Rollup 2023R1	AvPlatformOsRollup_2023-R1-v7.avp
	Dell Avamar NDMP Accelerator	Version 19.3, 19.4 with Security Rollup Prior to 2023-R1 running SUSE Linux Enterprise 12 SP4	Version 19.3, 19.4 running SUSE Linux Enterprise 12 SP4 with the latest OS Security Rollup 2023R1
	Dell Avamar NDMP Accelerator	Version 19.3, 19.4, 19.7, 19.8 with Security Rollup Prior to 2023-R1 running SUSE Linux Enterprise 12 SP5	Version 19.3, 19.4, 19.7, 19.8 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2023R1
	Dell Avamar VMware Image Proxy	Version 19.3, with Security Rollup Prior to 2023-R1 running SUSE Linux Enterprise 12 SP4	Version 19.3 running SUSE Linux Enterprise 12 SP4 with the latest OS Security Rollup 2023R1	Avamar Proxy Bundle 2023-R1-v7
	Dell Avamar VMware Image Proxy	Version 19.3, 19.4, 19.7, 19.8 with Security Rollup Prior to 2023-R1 running SUSE Linux Enterprise 12 SP5	Version 19.4, 19.7, 19.8 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2023R1	Avamar Proxy Bundle 2023-R1-v7
	Dell NetWorker Virtual Edition (NVE)	Versions 19.4.x 19.5.x, 19.6.x, 19.7.x and 19.8.x with Security Rollup Prior to 2023-R1 running SUSE Linux Enterprise 12 SP5	Versions 19.4, 19.5, 19.6, 19.7 and 19.8 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2023R1	NvePlatformOsRollup_2023-R1-v7.avp
	Dell PowerProtect DP Series Appliance / Dell Integrated Data Protection Appliance (IDPA)	Version 2.5 with Security Rollup Prior to 2023-R1 running on SLES12SP4	Version 2.5 running on SLES12SP4 with the latest OS Security Rollup 2023R1	AvPlatformOsRollup_2023-R1-v7.avp
		Version 2.6.x, 2.7.x with Security Rollup Prior to 2023-R1 running on SLES12SP5	Version 2.6.x, 2.7.x with the latest OS Security Rollup 2023R1	AvPlatformOsRollup_2023-R1-v7.avp

The CVEs remedied by this security update are listed in the 2023R1 Release Notes .
The Release Notes list not only the new CVEs remedied by this update, but all the past CVEs included in this cumulative update.
The Security Update (Rollup) applies to all Avamar products running on the SLES platforms listed above. The products include Avamar single-node servers, multi-node servers, accelerator nodes, Avamar Virtual Edition systems, and Avamar Combined Proxy.

Refer to the following KB Articles for Security Update (Rollup) Installation instructions:

https://www.dell.com/support/kbdoc/en-us/000169784 for Avamar Virtual Edition and vNDMP.
https://www.dell.com/support/kbdoc/000052627 for installing the latest Security Rollup on NetWorker Virtual Edition.
https://www.dell.com/support/kbdoc/000198146 for installing the latest Security Rollup on the Protection Software (Avamar Server) component of IDPA.

https://www.dell.com/support/kbdoc/en-in/000190424/ for How to install hotfix on Avamar proxy using AUI

To schedule platform security patch installation, or to upgrade your server, contact Dell Customer Support at https://www.dell.com/support/home/en-us/.

Revision History

Revision	Date	Description
1.0	2023-05-18	Initial Release
2.0	2023-06-22	Made changes in "Updated Version(s) column" under Affected Products and Remediation Section
3.0	2023-09-14	Made changes in "Affected Version(s) column" under Affected Products and Remediation Section

Related Information

Legal Information

Article Properties

Affected Product

Avamar, NetWorker Family, PowerProtect Data Protection Appliance, Avamar, Avamar Client, Avamar Data Store, Avamar Data Store Gen4S, Avamar Data Store Gen4T, Avamar Data Store Gen5A, Avamar Plug-in for NDMP, Avamar Server, Avamar Virtual Edition , PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software, NetWorker, NetWorker Series, NetWorker Module, Product Security Information ...

Last Published Date

15 Sep 2023

Article Type

Dell Security Advisory

Welcome

Welcome to Dell