Article Number: 000001849
Critical
Summary:
Multiple components within Dell EMC DCA require a security update to address various vulnerabilities.
The components are updated for the following vulnerabilities:
Kernel
CVE-2017-17805 CVE-2018-17972 CVE-2019-1125 CVE-2019-5489
bind
CVE-2018-5743
vim
CVE-2019-12735
libssh2
CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3863
OpenJDK
CVE-2019-2745 CVE-2019-2762 CVE-2019-2769 CVE-2019-2786
CVE-2019-2816 CVE-2019-2842
OpenSSH
CVE-2018-15473
Python
CVE-2019-9636
OpenSSL
CVE-2019-1559
For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.
To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.
The components are updated for the following vulnerabilities:
Kernel
CVE-2017-17805 CVE-2018-17972 CVE-2019-1125 CVE-2019-5489
bind
CVE-2018-5743
vim
CVE-2019-12735
libssh2
CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3863
OpenJDK
CVE-2019-2745 CVE-2019-2762 CVE-2019-2769 CVE-2019-2786
CVE-2019-2816 CVE-2019-2842
OpenSSH
CVE-2018-15473
Python
CVE-2019-9636
OpenSSL
CVE-2019-1559
For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.
To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.
Affected products:
Dell EMC Data Computing Appliance (DCA) software versions prior to 3.5.4.0
Remediation:
The following Dell EMC DCA release addresses these vulnerabilities:
Dell EMC DCA 3.5.4.0
For Dell EMC DCA software version 3.3.0.0, 3.4.0.0, 3.4.1.0, 3.4.2.0, 3.5.0.0, 3.5.1.0, 3.5.2.0, and 3.5.3.0, the security update is contained in release 3.5.4.0.
To upgrade an earlier DCA version, you must upgrade to version 3.3.0.0 and then to version 3.5.4.0.
Dell EMC recommends all customers upgrade at the earliest opportunity. Contact Dell EMC DCA customer support to download the required rpm file and install it.
Affected products:
Dell EMC Data Computing Appliance (DCA) software versions prior to 3.5.4.0
Remediation:
The following Dell EMC DCA release addresses these vulnerabilities:
Dell EMC DCA 3.5.4.0
For Dell EMC DCA software version 3.3.0.0, 3.4.0.0, 3.4.1.0, 3.4.2.0, 3.5.0.0, 3.5.1.0, 3.5.2.0, and 3.5.3.0, the security update is contained in release 3.5.4.0.
To upgrade an earlier DCA version, you must upgrade to version 3.3.0.0 and then to version 3.5.4.0.
Dell EMC recommends all customers upgrade at the earliest opportunity. Contact Dell EMC DCA customer support to download the required rpm file and install it.
Data Computing Appliance V3
Data Computing Appliance V3, Product Security Information
22 May 2021
4
Dell Security Advisory