Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000188563


DSA-2021-127: Dell VxRail Appliance Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell VxRail Appliance remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content


Impact

High

Details

Third-Party Component CVEs More information
avahi CVE-2021-3468 Severity: High, see SUSE-SU-2021:1493-1
bind CVE-2021-25214 Severity: Medium, see SUSE-SU-2021:1471-1
CVE-2021-25215
curl CVE-2021-22876 Severity: Medium, see:
SUSE-SU-2021:1006-1
SUSE-SU-2021:1762-1
CVE-2021-22898
fribidi N/A Severity: High, see SUSE-SU-2021:1655-1
giflib N/A Severity: Low, see SUSE-SU-2021:1409-1
gnutls CVE-2021-20231 Severity: High, see SUSE-SU-2021:0935-1
java-11-openjdk CVE-2021-2163 Severity: High, see SUSE-SU-2021:1554-1
CVE-2021-2161
kernel CVE-2019-18814 Severity: High, see:
SUSE-SU-2021:1238-1
SUSE-SU-2021:1574-1
CVE-2019-19769
CVE-2020-25670
CVE-2020-25671
CVE-2020-25672
CVE-2020-25673
CVE-2020-27170
CVE-2020-27171
CVE-2020-27815
CVE-2020-35519
CVE-2020-36310
CVE-2020-36311
CVE-2020-36312
CVE-2020-36322
CVE-2021-27363
CVE-2021-27364
CVE-2021-27365
CVE-2021-28038
CVE-2021-28375
CVE-2021-28660
CVE-2021-28688
CVE-2021-28950
CVE-2021-28964
CVE-2021-28971
CVE-2021-28972
CVE-2021-29154
CVE-2021-29264
CVE-2021-29265
CVE-2021-29647
CVE-2021-30002
CVE-2021-3428
CVE-2021-3444
CVE-2021-3483
CVE-2021-29650
CVE-2021-29155
kernel CVE-2021-29155 Severity: Low, see SUSE-SU-2021:1574-1
libnettle CVE-2021-20305 Severity: Medium, see SUSE-SU-2021:1412-1
libX11 CVE-2021-31535 Severity: Medium, see SUSE-SU-2021:1765-1
libxml2 CVE-2021-20305 Severity: High, see:
SUSE-SU-2021:1523-1
SUSE-SU-2021:1654-1
CVE-2021-3156
CVE-2021-3516
CVE-2021-3517
CVE-2021-3518
CVE-2021-3537
lz4 CVE-2021-3520 Severity: High, see SUSE-SU-2021:1647-1
MozillaFirefox CVE-2021-23981 Severity: Medium, see SUSE-SU-2021:1007-1
nghttp2 CVE-2020-11080 Severity: Medium, see SUSE-SU-2021:0930-1
openssl-1_1 CVE-2020-1971 Severity: Medium, see:
SUSE-SU-2020:3721-1
SUSE-SU-2021:0754-1
SUSE-SU-2021:0955-1
CVE-2021-23840
CVE-2021-23841
CVE-2021-3449
postgresql13 CVE-2021-3202 Severity: Medium, see SUSE-SU-2021:1785-1
CVE-2021-32029
CVE-2021-32027
python3 CVE-2021-23336 Severity: Medium, see:
SUSE-SU-2021:0947-1
SUSE-SU-2021:1557-1
SUSE-SU-2021:1557-1
CVE-2021-3426
ruby2.5 CVE-2020-25613 Severity: Medium, see:
SUSE-SU-2021:0933-1
SUSE-SU-2021:1280-1
CVE-2021-28965
shim N/A Severity: High, see SUSE-SU-2021:1564-1
sudo CVE-2021-3156 Severity: High, see SUSE-SU-2021:1275-1
tar CVE-2021-20193 Severity: Medium, see SUSE-SU-2021:0974-1
zstd CVE-2021-24031 Severity: Low, see SUSE-SU-2021:0948-1
CVE-2021-24032
Third-Party Component CVEs More information
avahi CVE-2021-3468 Severity: High, see SUSE-SU-2021:1493-1
bind CVE-2021-25214 Severity: Medium, see SUSE-SU-2021:1471-1
CVE-2021-25215
curl CVE-2021-22876 Severity: Medium, see:
SUSE-SU-2021:1006-1
SUSE-SU-2021:1762-1
CVE-2021-22898
fribidi N/A Severity: High, see SUSE-SU-2021:1655-1
giflib N/A Severity: Low, see SUSE-SU-2021:1409-1
gnutls CVE-2021-20231 Severity: High, see SUSE-SU-2021:0935-1
java-11-openjdk CVE-2021-2163 Severity: High, see SUSE-SU-2021:1554-1
CVE-2021-2161
kernel CVE-2019-18814 Severity: High, see:
SUSE-SU-2021:1238-1
SUSE-SU-2021:1574-1
CVE-2019-19769
CVE-2020-25670
CVE-2020-25671
CVE-2020-25672
CVE-2020-25673
CVE-2020-27170
CVE-2020-27171
CVE-2020-27815
CVE-2020-35519
CVE-2020-36310
CVE-2020-36311
CVE-2020-36312
CVE-2020-36322
CVE-2021-27363
CVE-2021-27364
CVE-2021-27365
CVE-2021-28038
CVE-2021-28375
CVE-2021-28660
CVE-2021-28688
CVE-2021-28950
CVE-2021-28964
CVE-2021-28971
CVE-2021-28972
CVE-2021-29154
CVE-2021-29264
CVE-2021-29265
CVE-2021-29647
CVE-2021-30002
CVE-2021-3428
CVE-2021-3444
CVE-2021-3483
CVE-2021-29650
CVE-2021-29155
kernel CVE-2021-29155 Severity: Low, see SUSE-SU-2021:1574-1
libnettle CVE-2021-20305 Severity: Medium, see SUSE-SU-2021:1412-1
libX11 CVE-2021-31535 Severity: Medium, see SUSE-SU-2021:1765-1
libxml2 CVE-2021-20305 Severity: High, see:
SUSE-SU-2021:1523-1
SUSE-SU-2021:1654-1
CVE-2021-3156
CVE-2021-3516
CVE-2021-3517
CVE-2021-3518
CVE-2021-3537
lz4 CVE-2021-3520 Severity: High, see SUSE-SU-2021:1647-1
MozillaFirefox CVE-2021-23981 Severity: Medium, see SUSE-SU-2021:1007-1
nghttp2 CVE-2020-11080 Severity: Medium, see SUSE-SU-2021:0930-1
openssl-1_1 CVE-2020-1971 Severity: Medium, see:
SUSE-SU-2020:3721-1
SUSE-SU-2021:0754-1
SUSE-SU-2021:0955-1
CVE-2021-23840
CVE-2021-23841
CVE-2021-3449
postgresql13 CVE-2021-3202 Severity: Medium, see SUSE-SU-2021:1785-1
CVE-2021-32029
CVE-2021-32027
python3 CVE-2021-23336 Severity: Medium, see:
SUSE-SU-2021:0947-1
SUSE-SU-2021:1557-1
SUSE-SU-2021:1557-1
CVE-2021-3426
ruby2.5 CVE-2020-25613 Severity: Medium, see:
SUSE-SU-2021:0933-1
SUSE-SU-2021:1280-1
CVE-2021-28965
shim N/A Severity: High, see SUSE-SU-2021:1564-1
sudo CVE-2021-3156 Severity: High, see SUSE-SU-2021:1275-1
tar CVE-2021-20193 Severity: Medium, see SUSE-SU-2021:0974-1
zstd CVE-2021-24031 Severity: Low, see SUSE-SU-2021:0948-1
CVE-2021-24032

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs Addressed Product Affected Versions Updated Version
See below above Dell VxRail Appliance 7.0.x versions prior to 7.0.202 7.0.202
CVEs Addressed Product Affected Versions Updated Version
See below above Dell VxRail Appliance 7.0.x versions prior to 7.0.202 7.0.202
Revision History

RevisionDateDescription
1.02021-06-15Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


Article Properties


Affected Product

VxRail, Product Security Information

Last Published Date

16 Jun 2021

Version

1

Article Type

Dell Security Advisory