Advisory for Dell Security Update

  • NIC-CERT/2022-10/442
  • Date: 2022-10-19
  • CVE ID: Multiple
  • Severity: High

Description:

Avulnerabilityhas been reported in Dell productwhich could allow anattacker tocompromise the affected system.

Security Issues Fixed:

Dell Data Protection Search remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Details:

Third-party Component

CVEs

More information

Oracle JRE

CVE-2022-21449
CVE-2022-21476
CVE-2022-21426
CVE-2022-21496
CVE-2022-21434
CVE-2022-21443

https://www.oracle.com/security-alerts/cpuapr2022.html
#AppendixJAVA

OpenSSL

CVE-2022-0778

https://www.suse.com/support/update/announcement/2022/suse-su-20220857-1/

Apache Log4j

CVE-2021-44228
CVE-2021-45046
CVE-2021-45105
CVE-2021-44832

Apache Log4j Remote Code Execution

Affected Products and Remediation:

Product

Affected Versions

Updated Version

Link to Update

Dell Data Protection Search

19.6.0 and earlier

19.6.1

https://dl.dell.com/downloads/DLD2447_Search-19.6.1-upgrade-package.zip

Dell Integrated Data Protection Appliance

2.7.2 and earlier

2.7.3

Dell Data Protection Central

19.7

19.7

To upgrade your Dell Data Protection Central system, see Dell KB article 34881:Data Protection Central: How to Install the Data Protection Central operating system Updatefor installation instructions.

Software
Release Notes

NOTE:The DPC version number is not updated by the DPC Operating System Update distribution that provides these fixes. Examine the /etc/dpc-osupdate file to confirm execution of DPC Operating System

Dell EMC Avamar Server Hardware Appliance Gen4S/ Gen4T/
Gen5A

Version 19.3/19.4/19.7 running SUSE Linux Enterprise 12 SP5

Version 19.3/19.4/19.7 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2022R3

AvPlatformOsRollup_2022-R3.avp

Dell EMC Avamar Virtual Edition

Version 19.3/19.4/ 19.7 running SUSE Linux Enterprise 12 SP5 (including Azure and AWS deployments)

Version 19.3/19.4/19.7 running SUSE Linux Enterprise 12 SP5 (including Azure and AWS deployments) with the latest OS Security Rollup 2022R3

AvPlatformOsRollup_2022-R3.avp

Dell EMC Avamar NDMP Accelerator

Version 19.3/19.4 running SUSE Linux Enterprise 12 SP4

Version 19.3/19.4 running SUSE Linux Enterprise 12 SP4 with the latest OS Security Rollup 2022R3

Version 19.3/19.4/ 19.7 running SUSE Linux Enterprise 12 SP5

Version 19.3/19.4/19.7 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2022R2

Dell EMC Avamar VMware Image Proxy

Version 19.3 running SUSE Linux Enterprise 12 SP4

Version 19.3 running SUSE Linux Enterprise 12 SP4 with the latest OS Security Rollup 2022R3

Avamar Proxy Bundle 2022-R3-v4.avp

Version 19.4/19.7 running SUSE Linux Enterprise 12 SP5

Version 19.4/19.7 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2022R3

Dell EMC NetWorker Virtual Edition (NVE)

Versions 19.4.x 19.5.x, 19.6.x and 19.7.x running SUSE Linux Enterprise 12 SP5

Versions 19.4, 19.5, 19.6 and 19.7 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2022R3

NvePlatformOsRollup_2022-R3-v4.avp

Dell EMC PowerProtect DP Series Appliance / Dell EMC Integrated Data Protection Appliance (IDPA)

Version 2.5 running on SLES12SP4

Version 2.5 running on SLES12SP4 with the latest OS Security Rollup 2022R3

AvPlatformOsRollup_2022-R3.avp

Version 2.6.x, 2.7.x running on SLES12SP5

Version 2.6.x, 2.7.x with the latest OS Security Rollup 2022R3

Dell recommends all customers upgrade at the earliest opportunity.

References:

https://www.dell.com/support/security/en-us