DSA-2019-012: Dell EMC ESRS Virtual Edition Security Update for Multiple Embedded Component Vulnerabilities

The Dell EMC ESRS components have been updated to address the following vulnerabilities: 

• PL/SQL

CVE-2002-0560

• Curl

CVE-2016-8615    CVE-2016-8616    CVE-2016-8617    CVE-2016-8618
CVE-2016-8619    CVE-2016-8620    CVE-2016-8621    CVE-2016-8622
CVE-2016-8623    CVE-2016-8624

• Python

CVE-2016-5636

• Zlib

CVE-2016-9841

• Ncurses

CVE-2017-10684    CVE-2017-10685

• JRE

CVE-2018-3149    CVE-2018-3150    CVE-2018-3157    CVE-2018-3169
CVE-2018-3180    CVE-2018-3183    CVE-2018-3209    CVE-2018-3211
CVE-2018-3214    CVE-2018-3136    CVE-2018-3139    CVE-2018-13785

• Xmltool

CVE-2018-0489

• Kernel

CVE-2018-5390    CVE-2018-6922

For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.

To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.

Affected products:  
Dell EMC ESRS Virtual Edition versions prior to 3.34.00.04

Remediation:
The following Dell EMC ESRS Virtual Edition release addresses this vulnerability:  

• Dell EMC ESRS VE 3.34.00.04

Dell EMC recommends all customers upgrade at the earliest opportunity. Contact Dell EMC ESRS Virtual Edition Customer Support to download the required rpm file and install it.

Link to Remedies:
The ESRS VE patch is published in ESRS Virtual Lifecycle Management (vLM) repository and the existing process triggers an Email notification to customer s ESRS VE primary and secondary contacts. Email notification contains a link to Release notes (along with details of security updates) and a link to update the VE to the latest patch. Contact Dell EMC ESRS Virtual Edition Customer Support for any questions regarding upgrading Dell EMC ESRS Virtual Edition system.