DSA-2021-115: DELL Secure Remote Services Virtual Edition Security Update for Multiple Third-party component Vulnerabilities
Summary: DELL Secure Remote Services (SRS) Virtual Edition contains remediation for multiple third-party components that may be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Critical
Details
| Third-party Component | CVEs | More information | |
| Grub2 | CVE-2020-10713 CVE-2020-14309 CVE-2020-14372 CVE-2020-15705 CVE-2021-20225 CVE-2021-20233 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE. | |
| Openssl | CVE-2020-1971 CVE-2021-3449 CVE-2021-23840 CVE-2021-23841 CVE-2021-23899 CVE-2021-23900 |
||
| libX11 | CVE-2020-14363 | ||
| Python and bind | CVE-2020-8625 CVE-2019-20916 |
||
| python | CVE-2019-20916 CVE-2021-23336 |
||
| ldap | CVE-2020-25692 CVE-2020-25709 CVE-2020-25710 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2021-27212 |
||
| postgresql | CVE-2020-14349 CVE-2020-14350 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 CVE-2021-3393 CVE-2021-20229 |
||
| Krb | CVE-2020-28196 | ||
| Openssh | CVE-2020-14145 | ||
| cyrus-sasl | CVE-2019-19906 | ||
| Curl and libcurl | CVE-2014-9488 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 |
||
| Libproxy | CVE-2020-25219 CVE-2020-26154 |
||
| Sudo | CVE-2021-3156 | ||
| Kernel | CVE-2020-0433 CVE-2020-13844 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-27170 CVE-2020-27171 CVE-2020-27815 CVE-2020-29368 CVE-2020-29374 CVE-2020-35519 CVE-2020-36310 CVE-2020-36311 CVE-2020-36312 CVE-2020-36322 CVE-2021-3428 CVE-2021-3444 CVE-2021-3483 CVE-2021-20219 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28660 CVE-2021-28688 CVE-2021-28950 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29154 CVE-2021-29155 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-29650 CVE-2021-30002 |
||
| libfreetype6 | CVE-2020-15999 | ||
| libmspack0 | CVE-2018-18584 CVE-2018-18585 CVE-2019-1010305 |
||
| Tar | CVE-2021-20193 | ||
| libnghttp2 | CVE-2016-1544 CVE-2018-1000168 CVE-2019-9511 CVE-2019-9513 CVE-2020-11080 |
||
| unzip | CVE-2018-18384 | ||
| libgthread-32 bit | CVE-2019-13012 | ||
| Libxml2 | CVE-2021-3518 CVE-2021-3516 CVE-2021-3517 |
||
| Less | CVE-2014-9488 | ||
| Bind | CVE-2021-25214 CVE-2021-25215 |
||
| Java | CVE-2021-2161 CVE-2021-2163 |
https://www.oracle.com/security-alerts/cpuapr2021.html | |
| expat | CVE-2017-9233 CVE-2016-9063 CVE-2019-15903 |
||
| Util-linux and supported packages | CVE-2016-5011 CVE-2017-2616 |
||
| Glib and supported packages | CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2021-3326 CVE-2021-27218 CVE-2021-27219 |
||
| jquery | CVE-2020-11022 CVE-2020-11023 |
||
| avahi | CVE-2021-3468 CVE-2021-26720 |
||
| Third-party Component | CVEs | More information | |
| Grub2 | CVE-2020-10713 CVE-2020-14309 CVE-2020-14372 CVE-2020-15705 CVE-2021-20225 CVE-2021-20233 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE. | |
| Openssl | CVE-2020-1971 CVE-2021-3449 CVE-2021-23840 CVE-2021-23841 CVE-2021-23899 CVE-2021-23900 |
||
| libX11 | CVE-2020-14363 | ||
| Python and bind | CVE-2020-8625 CVE-2019-20916 |
||
| python | CVE-2019-20916 CVE-2021-23336 |
||
| ldap | CVE-2020-25692 CVE-2020-25709 CVE-2020-25710 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2021-27212 |
||
| postgresql | CVE-2020-14349 CVE-2020-14350 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 CVE-2021-3393 CVE-2021-20229 |
||
| Krb | CVE-2020-28196 | ||
| Openssh | CVE-2020-14145 | ||
| cyrus-sasl | CVE-2019-19906 | ||
| Curl and libcurl | CVE-2014-9488 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 |
||
| Libproxy | CVE-2020-25219 CVE-2020-26154 |
||
| Sudo | CVE-2021-3156 | ||
| Kernel | CVE-2020-0433 CVE-2020-13844 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-27170 CVE-2020-27171 CVE-2020-27815 CVE-2020-29368 CVE-2020-29374 CVE-2020-35519 CVE-2020-36310 CVE-2020-36311 CVE-2020-36312 CVE-2020-36322 CVE-2021-3428 CVE-2021-3444 CVE-2021-3483 CVE-2021-20219 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28660 CVE-2021-28688 CVE-2021-28950 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29154 CVE-2021-29155 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-29650 CVE-2021-30002 |
||
| libfreetype6 | CVE-2020-15999 | ||
| libmspack0 | CVE-2018-18584 CVE-2018-18585 CVE-2019-1010305 |
||
| Tar | CVE-2021-20193 | ||
| libnghttp2 | CVE-2016-1544 CVE-2018-1000168 CVE-2019-9511 CVE-2019-9513 CVE-2020-11080 |
||
| unzip | CVE-2018-18384 | ||
| libgthread-32 bit | CVE-2019-13012 | ||
| Libxml2 | CVE-2021-3518 CVE-2021-3516 CVE-2021-3517 |
||
| Less | CVE-2014-9488 | ||
| Bind | CVE-2021-25214 CVE-2021-25215 |
||
| Java | CVE-2021-2161 CVE-2021-2163 |
https://www.oracle.com/security-alerts/cpuapr2021.html | |
| expat | CVE-2017-9233 CVE-2016-9063 CVE-2019-15903 |
||
| Util-linux and supported packages | CVE-2016-5011 CVE-2017-2616 |
||
| Glib and supported packages | CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2021-3326 CVE-2021-27218 CVE-2021-27219 |
||
| jquery | CVE-2020-11022 CVE-2020-11023 |
||
| avahi | CVE-2021-3468 CVE-2021-26720 |
||
Affected Products & Remediation
| Product | Affected Versions | Updated Version | Link to Update |
| Dell SRS Virtual Edition | 3.40.00.14 3.42.10.06 3.44.00.08 3.46.00.04 3.48.00.04 3.50.00.06 3.50.10.06 3.50.20.06 |
3.52.00.08 | The SRS-VE patch is published in SRS SUSE Manager (SUMA) repository and the existing process triggers an Email notification to customer’s SRS-VE primary and secondary contacts. Email notification contains a link to Release notes (along with details of security updates) and a link to update the customer’s VE to the latest patch. Contact Dell SRS Virtual Edition Customer Support for any questions regarding upgrading your Dell SRS Virtual Edition system. |
| Product | Affected Versions | Updated Version | Link to Update |
| Dell SRS Virtual Edition | 3.40.00.14 3.42.10.06 3.44.00.08 3.46.00.04 3.48.00.04 3.50.00.06 3.50.10.06 3.50.20.06 |
3.52.00.08 | The SRS-VE patch is published in SRS SUSE Manager (SUMA) repository and the existing process triggers an Email notification to customer’s SRS-VE primary and secondary contacts. Email notification contains a link to Release notes (along with details of security updates) and a link to update the customer’s VE to the latest patch. Contact Dell SRS Virtual Edition Customer Support for any questions regarding upgrading your Dell SRS Virtual Edition system. |
Revision History
| Revision | Date | Description |
| 1.0 | 2021-06-07 | Initial Release |
Related Information
Legal Disclaimer
Article Properties
Article Number: 000188032
Article Type: Dell Security Advisory
Last Modified: 19 Sep 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.