DSA-2019-121: Dell EMC Cyber Recovery Security Update for Multiple Third Party Components Vulnerabilities
Impact
Critical
Details
Summary:
Multiple components within Dell EMC Cyber Recovery require a security update to address various vulnerabilities. (These vulnerabilities pertain to Cyber Recovery Docker containers and not the management host itself.)
The components are updated for the following vulnerabilities:
-
bash
CVE-2019-9924
-
bind
CVE-2018-5743 CVE-2019-6467
-
dbus
CVE-2019-12749
-
dovecot
CVE-2019-11494 CVE-2019-11499
-
freeradius
CVE-2019-11234 CVE-2019-11235
-
libapparmor1
CVE-2019-11190
-
libcurl3
CVE-2019-5436
-
libcurl4
CVE-2018-16839 CVE-2019-5436
-
libdb5.3
CVE-2019-8457
-
libexpat1
CVE-2018-20843
-
libgnutls30
CVE-2018-10844 CVE-2018-10845 CVE-2018-10846
-
libopenssl1_0_0
CVE-2019-1559
-
libseccomp2
CVE-2019-9893
-
libsndfile
CVE-2018-19758
-
libsqlite3-0
CVE-2016-6153 CVE-2017-2518 CVE-2017-2519 CVE-2017-2520
CVE-2017-10989 CVE-2017-13685 CVE-2018-20346 CVE-2018-20506
CVE-2019-9936 CVE-2019-9937
-
libsqlite3
CVE-2017-10989 CVE-2018-8740 CVE-2018-20346 CVE-2019-8457
-
libssh2
CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858
CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862
CVE-2019-3863
-
libssl1.1
CVE-2019-1543
-
libsystemd0
CVE-2018-6954 CVE-2019-3842 CVE-2019-6454
-
libxslt
CVE-2019-11068
-
lua5.3
CVE-2019-6706
-
mercurial
CVE-2019-3902
-
php7
CVE-2019-11036
-
python2
CVE-2018-14647 CVE-2019-9636 CVE-2019-9948
-
vim
CVE-2019-12735
-
znc
CVE-2019-9917
See NVD (http://nvd.nist.gov/) for individual scores for each CVE
The components are updated for the following vulnerabilities:
-
bash
CVE-2019-9924
-
bind
CVE-2018-5743 CVE-2019-6467
-
dbus
CVE-2019-12749
-
dovecot
CVE-2019-11494 CVE-2019-11499
-
freeradius
CVE-2019-11234 CVE-2019-11235
-
libapparmor1
CVE-2019-11190
-
libcurl3
CVE-2019-5436
-
libcurl4
CVE-2018-16839 CVE-2019-5436
-
libdb5.3
CVE-2019-8457
-
libexpat1
CVE-2018-20843
-
libgnutls30
CVE-2018-10844 CVE-2018-10845 CVE-2018-10846
-
libopenssl1_0_0
CVE-2019-1559
-
libseccomp2
CVE-2019-9893
-
libsndfile
CVE-2018-19758
-
libsqlite3-0
CVE-2016-6153 CVE-2017-2518 CVE-2017-2519 CVE-2017-2520
CVE-2017-10989 CVE-2017-13685 CVE-2018-20346 CVE-2018-20506
CVE-2019-9936 CVE-2019-9937
-
libsqlite3
CVE-2017-10989 CVE-2018-8740 CVE-2018-20346 CVE-2019-8457
-
libssh2
CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858
CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862
CVE-2019-3863
-
libssl1.1
CVE-2019-1543
-
libsystemd0
CVE-2018-6954 CVE-2019-3842 CVE-2019-6454
-
libxslt
CVE-2019-11068
-
lua5.3
CVE-2019-6706
-
mercurial
CVE-2019-3902
-
php7
CVE-2019-11036
-
python2
CVE-2018-14647 CVE-2019-9636 CVE-2019-9948
-
vim
CVE-2019-12735
-
znc
CVE-2019-9917
See NVD (http://nvd.nist.gov/) for individual scores for each CVE
Affected Products & Remediation
Affected products:
Dell EMC Cyber Recovery versions prior to 18.1.1.2-8
Remediation:
The following Dell EMC Cyber Recovery release addresses these vulnerabilities:
-
Dell EMC Cyber Recovery version 18.1.1.2-8
For Dell EMC Cyber Recovery version 18.1.0-529 and later, the security update is contained in the release 18.1.1.2-8.
Dell EMC recommends all customers upgrade at the earliest opportunity.
Affected products:
Dell EMC Cyber Recovery versions prior to 18.1.1.2-8
Remediation:
The following Dell EMC Cyber Recovery release addresses these vulnerabilities:
-
Dell EMC Cyber Recovery version 18.1.1.2-8
For Dell EMC Cyber Recovery version 18.1.0-529 and later, the security update is contained in the release 18.1.1.2-8.
Dell EMC recommends all customers upgrade at the earliest opportunity.