Advisory for Dell Security Update

NIC-CERT/2022-10/442
Date: 2022-10-19
CVE ID: Multiple
Severity: High

Advisory for Dell Security Update

Description:

Avulnerabilityhas been reported in Dell productwhich could allow anattacker tocompromise the affected system.

Security Issues Fixed:

Dell Data Protection Search remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Details:

Third-party Component	CVEs	More information
Oracle JRE	CVE-2022-21449 CVE-2022-21476 CVE-2022-21426 CVE-2022-21496 CVE-2022-21434 CVE-2022-21443	https://www.oracle.com/security-alerts/cpuapr2022.html #AppendixJAVA
OpenSSL	CVE-2022-0778	https://www.suse.com/support/update/announcement/2022/suse-su-20220857-1/
Apache Log4j	CVE-2021-44228 CVE-2021-45046 CVE-2021-45105 CVE-2021-44832	Apache Log4j Remote Code Execution

Affected Products and Remediation:

Product		Affected Versions		Updated Version	Link to Update
Dell Data Protection Search		19.6.0 and earlier		19.6.1	https://dl.dell.com/downloads/DLD2447_Search-19.6.1-upgrade-package.zip
Dell Integrated Data Protection Appliance		2.7.2 and earlier		2.7.3
	Dell Data Protection Central		19.7	19.7	To upgrade your Dell Data Protection Central system, see Dell KB article 34881:Data Protection Central: How to Install the Data Protection Central operating system Updatefor installation instructions. Software Release Notes NOTE:The DPC version number is not updated by the DPC Operating System Update distribution that provides these fixes. Examine the /etc/dpc-osupdate file to confirm execution of DPC Operating System

Dell EMC Avamar Server Hardware Appliance Gen4S/ Gen4T/ Gen5A	Version 19.3/19.4/19.7 running SUSE Linux Enterprise 12 SP5	Version 19.3/19.4/19.7 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2022R3	AvPlatformOsRollup_2022-R3.avp
Dell EMC Avamar Virtual Edition	Version 19.3/19.4/ 19.7 running SUSE Linux Enterprise 12 SP5 (including Azure and AWS deployments)	Version 19.3/19.4/19.7 running SUSE Linux Enterprise 12 SP5 (including Azure and AWS deployments) with the latest OS Security Rollup 2022R3	AvPlatformOsRollup_2022-R3.avp
Dell EMC Avamar NDMP Accelerator	Version 19.3/19.4 running SUSE Linux Enterprise 12 SP4	Version 19.3/19.4 running SUSE Linux Enterprise 12 SP4 with the latest OS Security Rollup 2022R3
Dell EMC Avamar NDMP Accelerator	Version 19.3/19.4/ 19.7 running SUSE Linux Enterprise 12 SP5	Version 19.3/19.4/19.7 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2022R2
Dell EMC Avamar VMware Image Proxy	Version 19.3 running SUSE Linux Enterprise 12 SP4	Version 19.3 running SUSE Linux Enterprise 12 SP4 with the latest OS Security Rollup 2022R3	Avamar Proxy Bundle 2022-R3-v4.avp
Dell EMC Avamar VMware Image Proxy	Version 19.4/19.7 running SUSE Linux Enterprise 12 SP5	Version 19.4/19.7 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2022R3	Avamar Proxy Bundle 2022-R3-v4.avp
Dell EMC NetWorker Virtual Edition (NVE)	Versions 19.4.x 19.5.x, 19.6.x and 19.7.x running SUSE Linux Enterprise 12 SP5	Versions 19.4, 19.5, 19.6 and 19.7 running SUSE Linux Enterprise 12 SP5 with the latest OS Security Rollup 2022R3	NvePlatformOsRollup_2022-R3-v4.avp
Dell EMC PowerProtect DP Series Appliance / Dell EMC Integrated Data Protection Appliance (IDPA)	Version 2.5 running on SLES12SP4	Version 2.5 running on SLES12SP4 with the latest OS Security Rollup 2022R3	AvPlatformOsRollup_2022-R3.avp
	Version 2.6.x, 2.7.x running on SLES12SP5	Version 2.6.x, 2.7.x with the latest OS Security Rollup 2022R3	AvPlatformOsRollup_2022-R3.avp

Dell recommends all customers upgrade at the earliest opportunity.

References:

https://www.dell.com/support/security/en-us