DSA-2022-215: Dell PowerScale OneFS Security Update for Multiple Third-Party Component Vulnerabilities
Summary: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
| Third-party Component | CVEs | More Information |
| Bash | CVE-2019-18276 | See NVD (https://nvd.nist.gov/) for individual scores for each CVE. |
| CVE-2019-9924 | ||
| CVE-2016-9401 | ||
| CVE-2016-7543 |
| Third-party Component | CVEs | More Information |
| Bash | CVE-2019-18276 | See NVD (https://nvd.nist.gov/) for individual scores for each CVE. |
| CVE-2019-9924 | ||
| CVE-2016-9401 | ||
| CVE-2016-7543 |
Affected Products & Remediation
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2019-9924 CVE-2019-18276 CVE-2016-7543 CVE-2016-9401 |
Dell PowerScale OneFS | 9.1.0.0 through 9.1.0.21 9.2.1.0 through 9.2.1.14 9.3.0.0 through 9.3.0.6 9.4.0.0 through 9.4.0.4 |
Download and install the latest RUP. >= 9.1.0.22 >= 9.2.1.15 >= 9.3.0.7 >= 9.4.0.5 |
PowerScale OneFS Downloads Area |
| Any other version | 1. Upgrade your version of PowerScale OneFS 2. If you cannot upgrade, follow the additional steps in the "Workarounds and Mitigations" section. |
Note: Bash is supplied with Dell PowerScale OneFS for those customers who use Bash in their environments. The version of Bash that was in the affected versions of Dell PowerScale OneFS listed above has been found to have a security vulnerability, which has been remediated. While Dell PowerScale OneFS does not use Bash by default, the remediated version is available in the updated Roll Up Patches (RUPs) for customers who do.
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2019-9924 CVE-2019-18276 CVE-2016-7543 CVE-2016-9401 |
Dell PowerScale OneFS | 9.1.0.0 through 9.1.0.21 9.2.1.0 through 9.2.1.14 9.3.0.0 through 9.3.0.6 9.4.0.0 through 9.4.0.4 |
Download and install the latest RUP. >= 9.1.0.22 >= 9.2.1.15 >= 9.3.0.7 >= 9.4.0.5 |
PowerScale OneFS Downloads Area |
| Any other version | 1. Upgrade your version of PowerScale OneFS 2. If you cannot upgrade, follow the additional steps in the "Workarounds and Mitigations" section. |
Note: Bash is supplied with Dell PowerScale OneFS for those customers who use Bash in their environments. The version of Bash that was in the affected versions of Dell PowerScale OneFS listed above has been found to have a security vulnerability, which has been remediated. While Dell PowerScale OneFS does not use Bash by default, the remediated version is available in the updated Roll Up Patches (RUPs) for customers who do.
Workarounds & Mitigations
| CVE | Workarounds |
| CVE-2019-18276 | Use any shell other than Bash shell. Dell PowerScale OneFS does not use the Bash shell by default. |
| CVE-2019-9924 | |
| CVE-2016-9401 | |
| CVE-2016-7543 |
Revision History
|
Revision |
Date |
Description |
|
1.0 |
2022-09-06 |
Initial Release |
| 1.1 | 2022-10-05 | Updated "Affected Products and Remediation" section |
Related Information
Legal Disclaimer
Affected Products
PowerScale OneFS, Product Security InformationArticle Properties
Article Number: 000202887
Article Type: Dell Security Advisory
Last Modified: 05 Oct 2022
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.