DSA-2020-089: Dell EMC Data Computing Appliance (DCA) Security Update for Multiple Third-Party Component Vulnerabilities

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

Critical

Details

Summary:     
Multiple components within Dell EMC DCA require a security update to address various vulnerabilities. 

The components are updated for the following vulnerabilities:     

  • Openjdk

CVE-2019-2949     CVE-2019-2989     CVE-2019-2958     CVE-2019-2977     CVE-2019-11068
CVE-2019-2975     CVE-2019-2999     CVE-2019-2996     CVE-2019-2987     CVE-2019-2962     
CVE-2019-2988     CVE-2019-2992     CVE-2019-2964     CVE-2019-2973     CVE-2019-2981     
CVE-2019-2978     CVE-2019-2894     CVE-2019-2983     CVE-2019-2933     CVE-2019-2945

  • curl

CVE-2018-14618

  • kernel 
CVE-2019-14821   CVE-2019-15239  

  • systemd  

CVE-2018-15686   CVE-2018-16866   CVE-2018-16888

  • vim

CVE-2019-12735

  • ghostscript

CVE-2018-16863

  • libssh2

CVE-2019-3858    CVE-2019-3861

  • poitlk

CVE-2018-19788

  • NetworkManager 

CVE-2018-15688

  • Xorg

CVE-2018-14598   CVE-2018-14599   CVE-2018-14600   CVE-2018-15853
CVE-2018-15854   CVE-2018-15855   CVE-2018-15856   CVE-2018-15857
CVE-2018-15859   CVE-2018-15861   CVE-2018-15862   CVE-2018-15863
CVE-2018-15864   

  • elfutils

CVE-2018-16062   CVE-2018-16402   CVE-2018-16403   CVE-2018-18310
CVE-2018-18520   CVE-2018-18521   CVE-2019-7149     CVE-2019-7150
CVE-2019-7664     CVE-2019-7665

  • NTP    

CVE-2018-12327

  • pango

CVE-2019-1010238

  • Perl   

CVE-2018-18311

  • ruby    

CVE-2017-17742   CVE-2018-6914    CVE-2018-8777    CVE-2018-8778
CVE-2018-8779     CVE-2018-8780    CVE-2018-16396  CVE-2018-1000073 
CVE-2018-1000074  CVE-2018-1000075  CVE-2018-1000076  CVE-2018-1000077
CVE-2018-1000078  CVE-2018-1000079

  • wget  

CVE-2019-5953

  • sudo  

CVE-2019-14287                                         

For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.  

To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.

The components are updated for the following vulnerabilities:     

  • Openjdk

CVE-2019-2949     CVE-2019-2989     CVE-2019-2958     CVE-2019-2977     CVE-2019-11068
CVE-2019-2975     CVE-2019-2999     CVE-2019-2996     CVE-2019-2987     CVE-2019-2962     
CVE-2019-2988     CVE-2019-2992     CVE-2019-2964     CVE-2019-2973     CVE-2019-2981     
CVE-2019-2978     CVE-2019-2894     CVE-2019-2983     CVE-2019-2933     CVE-2019-2945

  • curl

CVE-2018-14618

  • kernel 
CVE-2019-14821   CVE-2019-15239  

  • systemd  

CVE-2018-15686   CVE-2018-16866   CVE-2018-16888

  • vim

CVE-2019-12735

  • ghostscript

CVE-2018-16863

  • libssh2

CVE-2019-3858    CVE-2019-3861

  • poitlk

CVE-2018-19788

  • NetworkManager 

CVE-2018-15688

  • Xorg

CVE-2018-14598   CVE-2018-14599   CVE-2018-14600   CVE-2018-15853
CVE-2018-15854   CVE-2018-15855   CVE-2018-15856   CVE-2018-15857
CVE-2018-15859   CVE-2018-15861   CVE-2018-15862   CVE-2018-15863
CVE-2018-15864   

  • elfutils

CVE-2018-16062   CVE-2018-16402   CVE-2018-16403   CVE-2018-18310
CVE-2018-18520   CVE-2018-18521   CVE-2019-7149     CVE-2019-7150
CVE-2019-7664     CVE-2019-7665

  • NTP    

CVE-2018-12327

  • pango

CVE-2019-1010238

  • Perl   

CVE-2018-18311

  • ruby    

CVE-2017-17742   CVE-2018-6914    CVE-2018-8777    CVE-2018-8778
CVE-2018-8779     CVE-2018-8780    CVE-2018-16396  CVE-2018-1000073 
CVE-2018-1000074  CVE-2018-1000075  CVE-2018-1000076  CVE-2018-1000077
CVE-2018-1000078  CVE-2018-1000079

  • wget  

CVE-2019-5953

  • sudo  

CVE-2019-14287                                         

For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.  

To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Affected products:    
Dell EMC Data Computing Appliance (DCA) versions prior to 4.0.0.0

Remediation:     
The following Dell EMC DCA release addresses these vulnerabilities:    

  • Dell EMC DCA 4.0.0.0

For Dell EMC DCA 4.0.0.0 and later, the security update is contained in the release 4.0.0.0.

Dell EMC recommends all customers upgrade at the earliest opportunity. Contact Dell EMC DCA customer support to download the required rpm file and install it.



Affected products:    
Dell EMC Data Computing Appliance (DCA) versions prior to 4.0.0.0

Remediation:     
The following Dell EMC DCA release addresses these vulnerabilities:    

  • Dell EMC DCA 4.0.0.0

For Dell EMC DCA 4.0.0.0 and later, the security update is contained in the release 4.0.0.0.

Dell EMC recommends all customers upgrade at the earliest opportunity. Contact Dell EMC DCA customer support to download the required rpm file and install it.



Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

Data Computing Appliance V2

Products

Data Computing Appliance V2, Data Computing Appliance V3, Product Security Information
Article Properties
Article Number: 000001834
Article Type: Dell Security Advisory
Last Modified: 20 Sept 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.