Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000216397

DSA-2023-268 Security Update for Dell Avamar, Dell NetWorker Virtual Edition (NVE) and Dell PowerProtect DP Series Appliance / Dell Integrated Data Protection Appliance (IDPA) Security Update for Multiple Vulnerabilities

Summary: Dell Avamar, Dell NetWorker Virtual Edition (NVE) and Dell PowerProtect DP Series Appliance /Integrated Data Protection Appliance (IDPA) remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system. ...

Article Content

Impact

Critical

Details

Third-Party Component CVEs More Information
OpenPrinting CUPS CVE-2023-32324
See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
CURL CVE-2019-15601, CVE-2019-5435, CVE-2020-8169, CVE-2021-22297,  CVE-2021-22298, CVE-2021-22890, CVE-2021-22901, CVE-2021-22945, CVE-2022-27774, CVE-2022-27775, CVE-2022-27778, CVE-2022-27779,  CVE-2022-27780, CVE-2022-30115, CVE-2022-32205, CVE-2022-32207,  CVE-2022-35260, CVE-2022-42915, CVE-2022-42916, CVE-2022-43551,  CVE-2023-23914, CVE-2023-23915, CVE-2023-27537, CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322
See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
Dmidecode  CVE-2023-30630
See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
Dnsmasq CVE-2023-28450 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Linux kernel CVE-2020-36691, CVE-2021-3923, CVE-2022-20567, CVE-2022-3566, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2023-1076, CVE-2023-1095, CVE-2023-1281, CVE-2023-1380, CVE-2023-1390, CVE-2023-1513, CVE-2023-1611, CVE-2023-1670, CVE-2023-1855, CVE-2023-1989, CVE-2023-1990, CVE-2023-1998, CVE-2023-2124, CVE-2023-2162, CVE-2023-2176, CVE-2023-2194, CVE-2023-2269, CVE-2023-23455, CVE-2023-2483, CVE-2023-2513, CVE-2023-28328, CVE-2023-28464, CVE-2023-28466, CVE-2023-28772, CVE-2023-30772, CVE-2023-31084, CVE-2023-31436, CVE-2023-32269 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
 
Avahi  CVE-2023-1981 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Bluetooth3 CVE-2023-27349 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
c-ares CVE-2023-31130, CVE-2023-31147, CVE-2023-32067 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
General-Purpose Utility Library -- Library for VFS CVE-2023-24593, CVE-2023-25180 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
HarfBuzz  CVE-2023-25193 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Openldap CVE-2023-2953 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Ncurses, Terminfo CVE-2023-29491 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Openssl CVE-2023-2650 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
PostgreSQL, Python2 CVE-2023-2454, CVE-2023-2455 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Python3, Python36-base, Python36 CVE-2007-4559 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Tag Image File Format (TIFF) CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0799, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Open VM Tools CVE-2023-20867 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Xlib/XCB CVE-2023-3138 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
XML C library, XML toolkit CVE-2023-28484, CVE-2023-29469, CVE-2023-31124 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libwebp5 CVE-2023-1999 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
NTP 4.2.8p15 CVE-2023-26551, CVE-2023-26552, CVE-2023-26553, CVE-2023-26554, CVE-2023-26555 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
OpenSC CVE-2023-2977 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
shadow CVE-2016-6252, CVE-2017-12424, CVE-2018-7169, CVE-2023-29383 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
supportutils CVE-2022-45154 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
3rd Generation Intel(R) Xeon(R) Scalable Processor CVE-2022-33972 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
ImageMagick CVE-2023-34151 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
python-requests CVE-2023-32681 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.​​​​​​​

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs Addressed Product Affected Versions Remediated Versions Link
Multiple Third-Party Components
See Release Notes		 Dell Avamar Server Hardware Appliance Gen4S, Gen4T, 
Gen5A 		 Version 19.3, 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 Version 19.3, 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2023R2 Contact support team to install the latest OsRollup
https://www.dell.com/support/home/en-us/
Multiple Third-Party Components
See Release Notes		 Dell Avamar Virtual Edition Version 19.3, 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 (including Azure and AWS deployments) Version 19.3, 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 (including Azure and AWS deployments) with the latest OS Security Rollup 2023R2 Contact support team to install the latest OsRollup
https://www.dell.com/support/home/en-us/
Multiple Third-Party Components
See Release Notes		 Dell Avamar NDMP Accelerator Version 19.3, 19.4 running SUSE Linux Enterprise 12 SP4 Version 19.3, 19.4 running SUSE Linux Enterprise 12 SP4 with the latest OS Security Rollup 2023R2 Contact support team to install the latest OsRollup
https://www.dell.com/support/home/en-us/   
Multiple Third-Party Components
See Release Notes		 Dell Avamar NDMP Accelerator Version 19.3, 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 Version 19.3, 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2023R2 Contact support team to install the latest OsRollup
https://www.dell.com/support/home/en-us/
Multiple Third-Party Components
See Release Notes		 Dell Avamar VMware Image Proxy Version 19.3 running SUSE Linux Enterprise 12 SP4 Version 19.3 running SUSE Linux Enterprise 12 SP4 with the latest OS Security Rollup 2023R2 Avamar Proxy Bundle 2023-R2-v5
Multiple Third-Party Components
See Release Notes		 Dell Avamar VMware Image Proxy Version 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 Version 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2023R2 Avamar Proxy Bundle 2023-R2-v5
Multiple Third-Party Components
See Release Notes		 Dell NetWorker Virtual Edition (NVE) Versions 19.4.x, 19.5.x, 19.6.x, 19.7.x, 19.8.x, 19.9.x running SUSE Linux Enterprise 12 SP5 Versions 19.4, 19.5, 19.6, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2023R2 NvePlatformOsRollup_2023-R2-v5.avp
Multiple Third-Party Components
See Release Notes		 Dell PowerProtect DP Series Appliance / Dell Integrated Data Protection Appliance (IDPA) Version 2.5 running on SLES12SP4 Version 2.5 running on SLES12SP4 with the latest OS Security Rollup 2023R2 Contact support team to install the latest OsRollup
https://www.dell.com/support/home/en-us/
Multiple Third-Party Components
See Release Notes		 Dell PowerProtect DP Series Appliance / Dell Integrated Data Protection Appliance (IDPA) Version 2.6.x, 2.7.x running on SLES12SP5 Version 2.6.x, 2.7.x with the latest OS Security Rollup 2023R2 Contact support team to install the latest OsRollup
https://www.dell.com/support/home/en-us/
 
CVEs Addressed Product Affected Versions Remediated Versions Link
Multiple Third-Party Components
See Release Notes		 Dell Avamar Server Hardware Appliance Gen4S, Gen4T, 
Gen5A 		 Version 19.3, 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 Version 19.3, 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2023R2 Contact support team to install the latest OsRollup
https://www.dell.com/support/home/en-us/
Multiple Third-Party Components
See Release Notes		 Dell Avamar Virtual Edition Version 19.3, 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 (including Azure and AWS deployments) Version 19.3, 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 (including Azure and AWS deployments) with the latest OS Security Rollup 2023R2 Contact support team to install the latest OsRollup
https://www.dell.com/support/home/en-us/
Multiple Third-Party Components
See Release Notes		 Dell Avamar NDMP Accelerator Version 19.3, 19.4 running SUSE Linux Enterprise 12 SP4 Version 19.3, 19.4 running SUSE Linux Enterprise 12 SP4 with the latest OS Security Rollup 2023R2 Contact support team to install the latest OsRollup
https://www.dell.com/support/home/en-us/   
Multiple Third-Party Components
See Release Notes		 Dell Avamar NDMP Accelerator Version 19.3, 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 Version 19.3, 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2023R2 Contact support team to install the latest OsRollup
https://www.dell.com/support/home/en-us/
Multiple Third-Party Components
See Release Notes		 Dell Avamar VMware Image Proxy Version 19.3 running SUSE Linux Enterprise 12 SP4 Version 19.3 running SUSE Linux Enterprise 12 SP4 with the latest OS Security Rollup 2023R2 Avamar Proxy Bundle 2023-R2-v5
Multiple Third-Party Components
See Release Notes		 Dell Avamar VMware Image Proxy Version 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 Version 19.4, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2023R2 Avamar Proxy Bundle 2023-R2-v5
Multiple Third-Party Components
See Release Notes		 Dell NetWorker Virtual Edition (NVE) Versions 19.4.x, 19.5.x, 19.6.x, 19.7.x, 19.8.x, 19.9.x running SUSE Linux Enterprise 12 SP5 Versions 19.4, 19.5, 19.6, 19.7, 19.8, 19.9 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2023R2 NvePlatformOsRollup_2023-R2-v5.avp
Multiple Third-Party Components
See Release Notes		 Dell PowerProtect DP Series Appliance / Dell Integrated Data Protection Appliance (IDPA) Version 2.5 running on SLES12SP4 Version 2.5 running on SLES12SP4 with the latest OS Security Rollup 2023R2 Contact support team to install the latest OsRollup
https://www.dell.com/support/home/en-us/
Multiple Third-Party Components
See Release Notes		 Dell PowerProtect DP Series Appliance / Dell Integrated Data Protection Appliance (IDPA) Version 2.6.x, 2.7.x running on SLES12SP5 Version 2.6.x, 2.7.x with the latest OS Security Rollup 2023R2 Contact support team to install the latest OsRollup
https://www.dell.com/support/home/en-us/
 
  • The CVEs remedied by this security update are listed in the Release Notes.  The Release Notes list not only the new CVEs remedied by this update, but all the past CVEs included in this cumulative update.  
  • The Security Update (Rollup) applies to all Avamar products running on the SLES platforms listed above. The products include Avamar single-node servers, multi-node servers, accelerator nodes, Avamar Virtual Edition systems, and Avamar Combined Proxy.
  • To schedule platform security patch installation, or to upgrade your server, contact Dell Customer Support at https://www.dell.com/support/home/en-us/.

Revision History

RevisionDateDescription
1.02023-08-02Initial Release
2.02023-08-03Updated for enhanced presentation with no change to content
3.02023-08-17Updated for enhanced presentation with no change to content
4.02023-09-13Updated the "Link" column under " Affected Products and Remediation" section with “Contact support team to install the latest OsRollup” along with URL.
5.02023-10-13Updated "Third Party Components" section

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Information

Article Properties

Affected Product
Avamar, NetWorker Family, PowerProtect Data Manager Appliance, Avamar, Avamar Data Store, Avamar Data Store Gen3, Avamar Data Store Gen4, Avamar Data Store Gen4S, Avamar Data Store Gen4T, Avamar Data Store Gen5A, Avamar Server, Avamar Virtual Edition , PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software, NetWorker Series, NetWorker Module, Product Security Information ...
Last Published Date

13 Oct 2023

Article Type

Dell Security Advisory

Back to Top