DSA-2019-159: Dell EMC Data Computing Appliance (DCA) Security Update for Multiple Third Party Components

The components are updated for the following vulnerabilities:   

• Kernel

CVE-2017-17805    CVE-2018-17972    CVE-2019-1125    CVE-2019-5489

• bind

CVE-2018-5743

• vim

CVE-2019-12735

• libssh2

CVE-2019-3855    CVE-2019-3856    CVE-2019-3857    CVE-2019-3863

• OpenJDK

CVE-2019-2745    CVE-2019-2762    CVE-2019-2769    CVE-2019-2786
CVE-2019-2816    CVE-2019-2842                                                

• OpenSSH

CVE-2018-15473

• Python

CVE-2019-9636

• OpenSSL

CVE-2019-1559

For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.

To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.

Affected products:     
Dell EMC Data Computing Appliance (DCA) software versions prior to 3.5.4.0


Remediation:     
The following Dell EMC DCA release addresses these vulnerabilities:     

• Dell EMC DCA 3.5.4.0

For Dell EMC DCA software version 3.3.0.0, 3.4.0.0, 3.4.1.0, 3.4.2.0, 3.5.0.0, 3.5.1.0, 3.5.2.0, and 3.5.3.0, the security update is contained in release 3.5.4.0.

To upgrade an earlier DCA version, you must upgrade to version 3.3.0.0 and then to version 3.5.4.0.

Dell EMC recommends all customers upgrade at the earliest opportunity. Contact Dell EMC DCA customer support to download the required rpm file and install it.