DSA-2019-114: Dell EMC Unisphere Central Security Update for Multiple Embedded Component Vulnerabilities

The embedded components have been updated to remediate the following vulnerabilities:      

• curl

CVE-2016-7167    CVE-2016-8615    CVE-2016-8616    CVE-2016-8617
CVE-2016-8618    CVE-2016-8619    CVE-2016-8620    CVE-2016-8621
CVE-2016-8622    CVE-2016-8623    CVE-2016-8624    CVE-2016-9586
CVE-2017-7407    CVE-2017-1000100    CVE-2017-1000254    CVE-2018-1000007
CVE-2018-1000120    CVE-2018-1000121    CVE-2018-1000122    CVE-2018-1000301
CVE-2018-14618        CVE-2018-16840        CVE-2018-16842

• glibc

CVE-2015-5180      CVE-2017-12133    CVE-2017-15670    CVE-2017-15671
CVE-2017-15804    CVE-2018-11236

• OpenSSL

CVE-2017-0739

For more information about the Common Vulnerability and Exposure (CVE) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.

To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.

Affected products:      
Dell EMC Unisphere Central versions prior to 4.0.8.23220


Remediation:       
The following Dell EMC Unisphere Central release addresses these vulnerabilities:      

• Dell EMC Unisphere Central 4.0.8.23220 (4.0 SP8)

Dell EMC recommends all customers upgrade at the earliest opportunity.


Link to Remedies:       
Registered Dell EMC Support customers can download Unisphere Central software from the Dell EMC Online Support web site at: https://support.emc.com/downloads/28224_Unisphere-Central