DSA-2019-024: Dell EMC Unisphere Central Security Update for Multiple Embedded Component Vulnerabilities
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
Summary:
Multiple embedded components within Dell EMC Unisphere Central require security updates to address various vulnerabilities.
The embedded components have been updated to remediate the following vulnerabilities:
-
Bind
The following CVEs affect Unisphere Central version 4.0.6 only:
CVE-2015-8000 CVE-2015-8704 CVE-2016-1285 CVE-2016-1286
CVE-2016-2775 CVE-2016-2776 CVE-2016-6170 CVE-2016-8864
CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 CVE-2017-3135
CVE-2017-3136 CVE-2017-3137 CVE-2017-3138 CVE-2017-3142
CVE-2017-3143
-
libtirpc
The following CVE affects Unisphere Central versions 4.0.5 and 4.0.6:
CVE-2017-8779
-
rpcbind
The following CVE affects Unisphere Central version 4.0.6 only:
CVE-2015-7236
The following CVE affects Unisphere Central version 4.0.5 only:
CVE-2017-8779
For more information about the Common Vulnerability and Exposure (CVE) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.
To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.
The embedded components have been updated to remediate the following vulnerabilities:
-
Bind
The following CVEs affect Unisphere Central version 4.0.6 only:
CVE-2015-8000 CVE-2015-8704 CVE-2016-1285 CVE-2016-1286
CVE-2016-2775 CVE-2016-2776 CVE-2016-6170 CVE-2016-8864
CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 CVE-2017-3135
CVE-2017-3136 CVE-2017-3137 CVE-2017-3138 CVE-2017-3142
CVE-2017-3143
-
libtirpc
The following CVE affects Unisphere Central versions 4.0.5 and 4.0.6:
CVE-2017-8779
-
rpcbind
The following CVE affects Unisphere Central version 4.0.6 only:
CVE-2015-7236
The following CVE affects Unisphere Central version 4.0.5 only:
CVE-2017-8779
For more information about the Common Vulnerability and Exposure (CVE) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.
To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.
Affected Products & Remediation
Affected products:
Dell EMC Unisphere Central versions 4.0.5 and 4.0.6
Remediation:
The following Dell EMC Unisphere Central release addresses these vulnerabilities:
-
Dell EMC Unisphere Central version 4.0.7 (4.0 SP7) available at https://support.emc.com/downloads/28224_Unisphere-Central
Dell EMC recommends all customers upgrade at the earliest opportunity.
Link to Remedies:
Registered Dell EMC Support customers can download Unisphere Central software from the Dell EMC Online Support web site.
Affected products:
Dell EMC Unisphere Central versions 4.0.5 and 4.0.6
Remediation:
The following Dell EMC Unisphere Central release addresses these vulnerabilities:
-
Dell EMC Unisphere Central version 4.0.7 (4.0 SP7) available at https://support.emc.com/downloads/28224_Unisphere-Central
Dell EMC recommends all customers upgrade at the earliest opportunity.
Link to Remedies:
Registered Dell EMC Support customers can download Unisphere Central software from the Dell EMC Online Support web site.
Related Information
Legal Disclaimer
Affected Products
Unisphere CentralProducts
Product Security Information, Unisphere CentralArticle Properties
Article Number: 000001845
Article Type: Dell Security Advisory
Last Modified: 22 May 2021
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.