DSA-2020-195: Dell EMC ECS Security Update for Multiple Third-Party Component Vulnerabilities
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Critical
Details
Summary:
Multiple components within Dell EMC ECS require security updates to address various vulnerabilities.
| Third-party Component | CVE | More Information |
| Intel | CVE-2019-0140 |
INTEL-SA-00255 Affects: ECS EX300 Fixed In: ECS v3.5 and later |
| Oracle | CVE-2019-2949 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. Fixed In: ECS v3.5 and later |
| CVE-2019-2989 | ||
| CVE-2019-2958 | ||
| CVE-2019-11068 | ||
| CVE-2019-2977 | ||
| CVE-2019-2975 | ||
| CVE-2019-2999 | ||
| CVE-2019-2996 | ||
| CVE-2019-2987 | ||
| CVE-2019-2962 | ||
| CVE-2019-2988 | ||
| CVE-2019-2992 | ||
| CVE-2019-2964 | ||
| CVE-2019-2973 | ||
| CVE-2019-2981 | ||
| CVE-2019-2978 | ||
| CVE-2019-2894 | ||
| CVE-2019-2983 | ||
| CVE-2019-2933 | ||
| CVE-2019-2945 | ||
| CVE-2020-2604 | ||
| CVE-2019-16168 | ||
| CVE-2019-13117 | ||
| CVE-2019-13118 | ||
| CVE-2020-2601 | ||
| CVE-2020-2585 | ||
| CVE-2020-2655 | ||
| CVE-2020-2593 | ||
| CVE-2020-2654 | ||
| CVE-2020-2590 | ||
| CVE-2020-2659 | ||
| CVE-2020-2583 | ||
| OpenSSL | CVE-2019-1563 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. Fixed In: ECS v3.5 and later |
| CVE-2019-1551 | ||
| CVE-2019-1547 | ||
| CVE-2019-1559 | ||
| SUSE Linux | CVE-2017-10989 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. Fixed In: ECS v3.5 and later |
| CVE-2018-16428 | ||
| CVE-2018-16839 | ||
| CVE-2018-18311 | ||
| CVE-2018-20836 | ||
| Apache Zookeeper |
CVE-2019-5029 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE. Fixed In: ECS v3.5.0.1 and later |
| CVE-2019-0201 | ||
| PyYAML | CVE-2020-1747 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE. Fixed In: ECS v3.5.0.1 and later |
For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.
To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.
| Third-party Component | CVE | More Information |
| Intel | CVE-2019-0140 |
INTEL-SA-00255 Affects: ECS EX300 Fixed In: ECS v3.5 and later |
| Oracle | CVE-2019-2949 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. Fixed In: ECS v3.5 and later |
| CVE-2019-2989 | ||
| CVE-2019-2958 | ||
| CVE-2019-11068 | ||
| CVE-2019-2977 | ||
| CVE-2019-2975 | ||
| CVE-2019-2999 | ||
| CVE-2019-2996 | ||
| CVE-2019-2987 | ||
| CVE-2019-2962 | ||
| CVE-2019-2988 | ||
| CVE-2019-2992 | ||
| CVE-2019-2964 | ||
| CVE-2019-2973 | ||
| CVE-2019-2981 | ||
| CVE-2019-2978 | ||
| CVE-2019-2894 | ||
| CVE-2019-2983 | ||
| CVE-2019-2933 | ||
| CVE-2019-2945 | ||
| CVE-2020-2604 | ||
| CVE-2019-16168 | ||
| CVE-2019-13117 | ||
| CVE-2019-13118 | ||
| CVE-2020-2601 | ||
| CVE-2020-2585 | ||
| CVE-2020-2655 | ||
| CVE-2020-2593 | ||
| CVE-2020-2654 | ||
| CVE-2020-2590 | ||
| CVE-2020-2659 | ||
| CVE-2020-2583 | ||
| OpenSSL | CVE-2019-1563 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. Fixed In: ECS v3.5 and later |
| CVE-2019-1551 | ||
| CVE-2019-1547 | ||
| CVE-2019-1559 | ||
| SUSE Linux | CVE-2017-10989 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. Fixed In: ECS v3.5 and later |
| CVE-2018-16428 | ||
| CVE-2018-16839 | ||
| CVE-2018-18311 | ||
| CVE-2018-20836 | ||
| Apache Zookeeper |
CVE-2019-5029 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE. Fixed In: ECS v3.5.0.1 and later |
| CVE-2019-0201 | ||
| PyYAML | CVE-2020-1747 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE. Fixed In: ECS v3.5.0.1 and later |
For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.
To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.
Affected Products & Remediation
Affected products:
Dell EMC ECS 3.5 and earlier
Remediation:
The following Dell EMC ECS release addresses this vulnerability:
-
Dell EMC ECS 3.5.0.1 and later
Dell EMC recommends all customers upgrade at the earliest opportunity to the latest ECS 3.5.x.x code version.
Note: Customers should open an Operating Environment Upgrade Service Request with the ECS Remote Proactive team using the following link:
https://www.dell.com/support/home
Affected products:
Dell EMC ECS 3.5 and earlier
Remediation:
The following Dell EMC ECS release addresses this vulnerability:
-
Dell EMC ECS 3.5.0.1 and later
Dell EMC recommends all customers upgrade at the earliest opportunity to the latest ECS 3.5.x.x code version.
Note: Customers should open an Operating Environment Upgrade Service Request with the ECS Remote Proactive team using the following link:
https://www.dell.com/support/home
Related Information
Legal Disclaimer
Affected Products
Elastic Cloud StorageProducts
ECS Appliance Hardware Gen3 EX300, Elastic Cloud Storage, Product Security InformationArticle Properties
Article Number: 000153755
Article Type: Dell Security Advisory
Last Modified: 20 Sep 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.