DSA-2019-087: Dell EMC Unity Family Security Update for Multiple Third Party Components
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Critical
Details
Summary:
Multiple components within the Dell EMC Unity Product Family require security updates to address various vulnerabilities.
The components are updated for the following vulnerabilities:
-
Apache2
CVE-2018-17199 CVE-2019-0217 CVE-2019-0220
-
Apache Tomcat
CVE-2018-1336 CVE-2018-8014 CVE-2018-8034 CVE-2018-11784
-
Bash
CVE-2019-9924
-
Curl
CVE-2018-16890 CVE-2019-3822 CVE-2019-3823
-
Graphite2
CVE-2017-5436
-
Krb5
CVE-2018-20217
-
libssh2_org
CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858
CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862
CVE-2019-3863
-
Mozilla Firefox
CVE-2018-0495 CVE-2018-12384 CVE-2018-12404 CVE-2018-12405
CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494
CVE-2018-18498 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505
-
NTP
CVE-2019-8936
-
OpenSSH
CVE-2018-15473 CVE-2018-15919 CVE-2018-20685 CVE-2019-6109
CVE-2019-6110 CVE-2019-6111
-
OpenSSL
CVE-2016-8610 CVE-2018-0734 CVE-2018-5407
-
Polkit
CVE-2018-19788
-
Procps
CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125
CVE-2018-1126
-
Python
CVE-2018-14647 CVE-2019-5010
-
RPM
CVE-2017-7500 CVE-2017-7501
-
Rrdtool
CVE-2013-2131
-
Sqlite3
CVE-2018-20346 CVE-2018-20506
-
Systemd
CVE-2018-15686 CVE-2018-16864 CVE-2018-16865 CVE-2019-6454
For more information about the Common Vulnerability and Exposure (CVE) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.
To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search
The components are updated for the following vulnerabilities:
-
Apache2
CVE-2018-17199 CVE-2019-0217 CVE-2019-0220
-
Apache Tomcat
CVE-2018-1336 CVE-2018-8014 CVE-2018-8034 CVE-2018-11784
-
Bash
CVE-2019-9924
-
Curl
CVE-2018-16890 CVE-2019-3822 CVE-2019-3823
-
Graphite2
CVE-2017-5436
-
Krb5
CVE-2018-20217
-
libssh2_org
CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858
CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862
CVE-2019-3863
-
Mozilla Firefox
CVE-2018-0495 CVE-2018-12384 CVE-2018-12404 CVE-2018-12405
CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494
CVE-2018-18498 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505
-
NTP
CVE-2019-8936
-
OpenSSH
CVE-2018-15473 CVE-2018-15919 CVE-2018-20685 CVE-2019-6109
CVE-2019-6110 CVE-2019-6111
-
OpenSSL
CVE-2016-8610 CVE-2018-0734 CVE-2018-5407
-
Polkit
CVE-2018-19788
-
Procps
CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125
CVE-2018-1126
-
Python
CVE-2018-14647 CVE-2019-5010
-
RPM
CVE-2017-7500 CVE-2017-7501
-
Rrdtool
CVE-2013-2131
-
Sqlite3
CVE-2018-20346 CVE-2018-20506
-
Systemd
CVE-2018-15686 CVE-2018-16864 CVE-2018-16865 CVE-2019-6454
For more information about the Common Vulnerability and Exposure (CVE) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.
To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search
Affected Products & Remediation
Affected products:
-
Dell EMC Unity Operating Environment (OE) versions prior to 5.0.0.0.5.116
- Dell EMC Unity VSA Operating Environment (OE) versions prior to 5.0.0.0.5.116
Remediation:
The following Dell EMC Unity releases address these vulnerabilities:
-
Dell EMC Unity Operating Environment (OE) version 5.0.0.0.5.116
-
Dell EMC UnityVSA Operating Environment (OE) version 5.0.0.0.5.116
To take advantage of the latest security fixes and enhancements, Dell EMC recommends upgrading to the latest Unity OE code.
Customers can refer to Dell EMC target code information at https://support.emc.com/docu39695_Target_Revisions_and_Adoption_Rates.pdf?language=en_US&language=en_US.
Link to Remedies:
Registered Dell EMC Support customers can download Dell EMC Unity software from the Dell EMC Online Support web site.
Affected products:
-
Dell EMC Unity Operating Environment (OE) versions prior to 5.0.0.0.5.116
- Dell EMC Unity VSA Operating Environment (OE) versions prior to 5.0.0.0.5.116
Remediation:
The following Dell EMC Unity releases address these vulnerabilities:
-
Dell EMC Unity Operating Environment (OE) version 5.0.0.0.5.116
-
Dell EMC UnityVSA Operating Environment (OE) version 5.0.0.0.5.116
To take advantage of the latest security fixes and enhancements, Dell EMC recommends upgrading to the latest Unity OE code.
Customers can refer to Dell EMC target code information at https://support.emc.com/docu39695_Target_Revisions_and_Adoption_Rates.pdf?language=en_US&language=en_US.
Link to Remedies:
Registered Dell EMC Support customers can download Dell EMC Unity software from the Dell EMC Online Support web site.
Related Information
Legal Disclaimer
Affected Products
Dell EMC Unity FamilyProducts
Product Security Information, Dell Unity 300, Dell EMC Unity 300F, Dell EMC Unity 350F, Dell EMC Unity XT 380, Dell EMC Unity 400, Dell EMC Unity 400F, Dell EMC Unity 450F, Dell EMC Unity XT 480, Dell EMC Unity 500, Dell EMC Unity 500F
, Dell EMC Unity 550F, Dell EMC Unity 600, Dell EMC Unity 600F, Dell EMC Unity 650F, Dell EMC Unity XT 680, Dell EMC Unity XT 680F, Dell EMC Unity XT 880, Dell EMC Unity XT 880F, Dell EMC Unity Family |Dell EMC Unity All Flash, Dell EMC Unity Family, Dell EMC Unity Hybrid
...
Article Properties
Article Number: 000001841
Article Type: Dell Security Advisory
Last Modified: 20 Sep 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.