DSA-2020-043: Dell EMC SRS Virtual Edition Security Update for Multiple Third Party Component Vulnerabilities
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Critical
Details
Summary:
Multiple components within Dell EMC SRS Virtual Edition require a security update to address various vulnerabilities.
The components are updated for the following vulnerabilities:
-
JRE
CVE-2019-2894 CVE-2019-2933 CVE-2019-2945 CVE-2019-2949
CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973
CVE-2019-2975 CVE-2019-2977 CVE-2019-2978 CVE-2019-2981
CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989
CVE-2019-2992 CVE-2019-2996 CVE-2019-2999 CVE-2019-7317
CVE-2019-11068
-
Apache2
CVE-2019-0196 CVE-2019-9517 CVE-2019-0220 CVE-2019-0211
CVE-2019-0217 CVE-2019-10081 CVE-2019-10082 CVE-2019-10092
CVE-2019-10098
-
Kernel
CVE-2016-10906 CVE-2017-18379 CVE-2017-18509 CVE-2017-18551
CVE-2017-18595 CVE-2018-12207 CVE-2018-20976 CVE-2019-0154
CVE-2019-0155 CVE-2019-10220 CVE-2019-11135 CVE-2019-13272
CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14821
CVE-2019-14835 CVE-2019-15098 CVE-2019-15211 CVE-2019-15212
CVE-2019-15214 CVE-2019-15215 CVE-2019-15216 CVE-2019-15217
CVE-2019-15218 CVE-2019-15219 CVE-2019-15220 CVE-2019-15221
CVE-2019-15239 CVE-2019-15290 CVE-2019-15291 CVE-2019-15505
CVE-2019-15666 CVE-2019-15807 CVE-2019-15902
For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.
To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.
The components are updated for the following vulnerabilities:
-
JRE
CVE-2019-2894 CVE-2019-2933 CVE-2019-2945 CVE-2019-2949
CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973
CVE-2019-2975 CVE-2019-2977 CVE-2019-2978 CVE-2019-2981
CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989
CVE-2019-2992 CVE-2019-2996 CVE-2019-2999 CVE-2019-7317
CVE-2019-11068
-
Apache2
CVE-2019-0196 CVE-2019-9517 CVE-2019-0220 CVE-2019-0211
CVE-2019-0217 CVE-2019-10081 CVE-2019-10082 CVE-2019-10092
CVE-2019-10098
-
Kernel
CVE-2016-10906 CVE-2017-18379 CVE-2017-18509 CVE-2017-18551
CVE-2017-18595 CVE-2018-12207 CVE-2018-20976 CVE-2019-0154
CVE-2019-0155 CVE-2019-10220 CVE-2019-11135 CVE-2019-13272
CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14821
CVE-2019-14835 CVE-2019-15098 CVE-2019-15211 CVE-2019-15212
CVE-2019-15214 CVE-2019-15215 CVE-2019-15216 CVE-2019-15217
CVE-2019-15218 CVE-2019-15219 CVE-2019-15220 CVE-2019-15221
CVE-2019-15239 CVE-2019-15290 CVE-2019-15291 CVE-2019-15505
CVE-2019-15666 CVE-2019-15807 CVE-2019-15902
For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.
To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.
Affected Products & Remediation
Affected products:
Dell EMC Secure Remote Services (SRS) Virtual Edition versions prior to 3.42.10.06
Remediation:
The following Dell EMC SRS Virtual Edition release addresses these vulnerabilities:
-
Dell EMC SRS Virtual Edition 3.42.10.06
For Dell EMC SRS Virtual Edition version 3.12.00.04 and later, the security update is contained in the release 3.42.10.06
Dell EMC recommends all customers upgrade at the earliest opportunity. Contact Dell EMC SRS Virtual Edition customer support to download the required rpm file and install it.
The SRS VE patch is published in SRS vLM (Virtual Life cycle Management) repository and the existing process triggers an Email notification to the customer s SRS VE primary and secondary contacts. Email notifications contain a link to Release notes (along with details of security updates) and a link to update the customer s VE to the latest patch. Contact Dell EMC SRS Virtual Edition Customer Support for any questions regarding upgrading your Dell EMC SRS Virtual Edition system.
Affected products:
Dell EMC Secure Remote Services (SRS) Virtual Edition versions prior to 3.42.10.06
Remediation:
The following Dell EMC SRS Virtual Edition release addresses these vulnerabilities:
-
Dell EMC SRS Virtual Edition 3.42.10.06
For Dell EMC SRS Virtual Edition version 3.12.00.04 and later, the security update is contained in the release 3.42.10.06
Dell EMC recommends all customers upgrade at the earliest opportunity. Contact Dell EMC SRS Virtual Edition customer support to download the required rpm file and install it.
The SRS VE patch is published in SRS vLM (Virtual Life cycle Management) repository and the existing process triggers an Email notification to the customer s SRS VE primary and secondary contacts. Email notifications contain a link to Release notes (along with details of security updates) and a link to update the customer s VE to the latest patch. Contact Dell EMC SRS Virtual Edition Customer Support for any questions regarding upgrading your Dell EMC SRS Virtual Edition system.
Related Information
Legal Disclaimer
Affected Products
Secure Remote Services Virtual EditionProducts
Secure Remote Services Virtual Edition, Product Security InformationArticle Properties
Article Number: 000153788
Article Type: Dell Security Advisory
Last Modified: 22 May 2021
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.