DSA-2019-067: Dell EMC SRM and SMR Security Update for Multiple Third Party Component Vulnerabilities

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

Critical

Details

Summary:       
Multiple components within Dell EMC SRM and SMR require a security update to address various vulnerabilities.

The components are updated for the following vulnerabilities:      

  • Linux Binaries
    CVE-2017-16533    CVE-2017-1000407    CVE-2018-6554      CVE-2018-6555
    CVE-2018-9516      CVE-2018-10902        CVE-2018-10940    CVE-2018-12896
    CVE-2018-14617    CVE-2018-14633        CVE-2018-14634    CVE-2018-14734
    CVE-2018-15572    CVE-2018-15594        CVE-2018-16276    CVE-2018-16658
    CVE-2018-17182    CVE-2018-18281        CVE-2018-18386    CVE-2018-18710
    CVE-2018-20685    CVE-2019-6109          CVE-2019-6110      CVE-2019-6111

  • Oracle Java Run Time Environment (JRE)
    CVE-2015-5180      CVE-2017-7273          CVE-2017-15670    CVE-2017-15804
    CVE-2017-16533    CVE-2017-1000407    CVE-2018-6554      CVE-2018-6555
    CVE-2018-9516      CVE-2018-10902        CVE-2018-10940    CVE-2018-12896
    CVE-2018-14617    CVE-2018-14633        CVE-2018-14634    CVE-2018-14734
    CVE-2018-15572    CVE-2018-15594        CVE-2018-16276    CVE-2018-16658
    CVE-2018-17182    CVE-2018-18281        CVE-2018-18386    CVE-2018-18710
    CVE-2018-20685    CVE-2019-6109          CVE-2019-6110       CVE-2019-6111

  • MySQL
    CVE-2018-2755    CVE-2018-2758    CVE-2018-2759    CVE-2018-2761
    CVE-2018-2762    CVE-2018-2766    CVE-2018-2767    CVE-2018-2769
    CVE-2018-2771    CVE-2018-2773    CVE-2018-2775    CVE-2018-2776
    CVE-2018-2777    CVE-2018-2778    CVE-2018-2779    CVE-2018-2780
    CVE-2018-2781    CVE-2018-2782    CVE-2018-2784    CVE-2018-2786
    CVE-2018-2787    CVE-2018-2810    CVE-2018-2812    CVE-2018-2813
    CVE-2018-2816    CVE-2018-2817    CVE-2018-2818    CVE-2018-2819
    CVE-2018-2839    CVE-2018-2846    CVE-2018-3054    CVE-2018-3056
    CVE-2018-3058    CVE-2018-3060    CVE-2018-3061    CVE-2018-3062
    CVE-2018-3064    CVE-2018-3065    CVE-2018-3066    CVE-2018-3070
    CVE-2018-3071    CVE-2018-3077    CVE-2018-3081    CVE-2018-3133
    CVE-2018-3143    CVE-2018-3144    CVE-2018-3155    CVE-2018-3156
    CVE-2018-3161    CVE-2018-3162    CVE-2018-3171    CVE-2018-3173
    CVE-2018-3174    CVE-2018-3185    CVE-2018-3187    CVE-2018-3200
    CVE-2018-3247    CVE-2018-3251    CVE-2018-3276    CVE-2018-3277
    CVE-2018-3278    CVE-2018-3282    CVE-2018-3283    CVE-2018-3284

  • Apache Tomcat
    CVE-2018-11784

  • Jackson-Databind
    CVE-2017-7525    CVE-2017-17485    CVE-2018-5968 

For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.  

To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.

The components are updated for the following vulnerabilities:      

  • Linux Binaries
    CVE-2017-16533    CVE-2017-1000407    CVE-2018-6554      CVE-2018-6555
    CVE-2018-9516      CVE-2018-10902        CVE-2018-10940    CVE-2018-12896
    CVE-2018-14617    CVE-2018-14633        CVE-2018-14634    CVE-2018-14734
    CVE-2018-15572    CVE-2018-15594        CVE-2018-16276    CVE-2018-16658
    CVE-2018-17182    CVE-2018-18281        CVE-2018-18386    CVE-2018-18710
    CVE-2018-20685    CVE-2019-6109          CVE-2019-6110      CVE-2019-6111

  • Oracle Java Run Time Environment (JRE)
    CVE-2015-5180      CVE-2017-7273          CVE-2017-15670    CVE-2017-15804
    CVE-2017-16533    CVE-2017-1000407    CVE-2018-6554      CVE-2018-6555
    CVE-2018-9516      CVE-2018-10902        CVE-2018-10940    CVE-2018-12896
    CVE-2018-14617    CVE-2018-14633        CVE-2018-14634    CVE-2018-14734
    CVE-2018-15572    CVE-2018-15594        CVE-2018-16276    CVE-2018-16658
    CVE-2018-17182    CVE-2018-18281        CVE-2018-18386    CVE-2018-18710
    CVE-2018-20685    CVE-2019-6109          CVE-2019-6110       CVE-2019-6111

  • MySQL
    CVE-2018-2755    CVE-2018-2758    CVE-2018-2759    CVE-2018-2761
    CVE-2018-2762    CVE-2018-2766    CVE-2018-2767    CVE-2018-2769
    CVE-2018-2771    CVE-2018-2773    CVE-2018-2775    CVE-2018-2776
    CVE-2018-2777    CVE-2018-2778    CVE-2018-2779    CVE-2018-2780
    CVE-2018-2781    CVE-2018-2782    CVE-2018-2784    CVE-2018-2786
    CVE-2018-2787    CVE-2018-2810    CVE-2018-2812    CVE-2018-2813
    CVE-2018-2816    CVE-2018-2817    CVE-2018-2818    CVE-2018-2819
    CVE-2018-2839    CVE-2018-2846    CVE-2018-3054    CVE-2018-3056
    CVE-2018-3058    CVE-2018-3060    CVE-2018-3061    CVE-2018-3062
    CVE-2018-3064    CVE-2018-3065    CVE-2018-3066    CVE-2018-3070
    CVE-2018-3071    CVE-2018-3077    CVE-2018-3081    CVE-2018-3133
    CVE-2018-3143    CVE-2018-3144    CVE-2018-3155    CVE-2018-3156
    CVE-2018-3161    CVE-2018-3162    CVE-2018-3171    CVE-2018-3173
    CVE-2018-3174    CVE-2018-3185    CVE-2018-3187    CVE-2018-3200
    CVE-2018-3247    CVE-2018-3251    CVE-2018-3276    CVE-2018-3277
    CVE-2018-3278    CVE-2018-3282    CVE-2018-3283    CVE-2018-3284

  • Apache Tomcat
    CVE-2018-11784

  • Jackson-Databind
    CVE-2017-7525    CVE-2017-17485    CVE-2018-5968 

For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.  

To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Affected products:       
Dell EMC SRM and SMR versions prior to 4.3.1


Remediation:       
The following Dell EMC SRM and SMR release addresses these vulnerabilities:      

  • Dell EMC SRM and SMR version 4.3.1

Dell EMC recommends all customers upgrade at the earliest opportunity. Contact Dell EMC SRM and SMR customer support to download the required update file and install it.

To upgrade your Dell EMC SRM and SMR system, contact Dell EMC SRM and SMR customer support or download the software from https://support.emc.com/downloads/34247_SRM.



Affected products:       
Dell EMC SRM and SMR versions prior to 4.3.1


Remediation:       
The following Dell EMC SRM and SMR release addresses these vulnerabilities:      

  • Dell EMC SRM and SMR version 4.3.1

Dell EMC recommends all customers upgrade at the earliest opportunity. Contact Dell EMC SRM and SMR customer support to download the required update file and install it.

To upgrade your Dell EMC SRM and SMR system, contact Dell EMC SRM and SMR customer support or download the software from https://support.emc.com/downloads/34247_SRM.



Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

SRM

Products

Storage Monitoring and Reporting, Product Security Information, SRM
Article Properties
Article Number: 000153841
Article Type: Dell Security Advisory
Last Modified: 22 May 2021
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.