DSA-2023-136: Dell PowerScale OneFS Security Updates for Multiple Security Vulnerabilities

Summary: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

High

Details

Third-Party Component

CVEs

More Information
Bash CVE-2022-3715 See NVDThis hyperlink is taking you to a website outside of Dell Technologies.  for more details.
OpenSSL

CVE-2023-0286

CVE-2022-4304

CVE-2023-0215

See NVDThis hyperlink is taking you to a website outside of Dell Technologies. for more details.

See NVDThis hyperlink is taking you to a website outside of Dell Technologies. for more details.

See NVDThis hyperlink is taking you to a website outside of Dell Technologies. for more details.

Third-Party Component

CVEs

More Information
Bash CVE-2022-3715 See NVDThis hyperlink is taking you to a website outside of Dell Technologies.  for more details.
OpenSSL

CVE-2023-0286

CVE-2022-4304

CVE-2023-0215

See NVDThis hyperlink is taking you to a website outside of Dell Technologies. for more details.

See NVDThis hyperlink is taking you to a website outside of Dell Technologies. for more details.

See NVDThis hyperlink is taking you to a website outside of Dell Technologies. for more details.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-3715 PowerScale OneFS
 

9.5.0.0 through 9.5.0.1

Download and install the latest RUP

>= 9.5.0.2

 PowerScale OneFS Downloads Area

9.4.0.0 through 9.4.0.13

Download and install the latest RUP >= 9.4.0.14

9.2.1.0 through 9.2.1.22

Download and install the latest RUP >= 9.2.1.23

Any other version

Upgrade your version of PowerScale OneFS to >= 9.5.0.2

CVE-2023-0286

CVE-2022-4304

CVE-2023-0215

 

 

 PowerScale OneFS
 

9.5.0.0 through 9.5.0.1

Download and install the latest RUP.

>= 9.5.0.2

9.4.0.0 through 9.4.0.13

Download and install the latest RUP >= 9.4.0.14

9.2.1.0 through 9.2.1.22

Download and install the latest RUP >= 9.2.1.23

Any other version

Upgrade your version of PowerScale OneFS to >= 9.5.0.2


Note: Bash is supplied with PowerScale OneFS for those customers who use Bash in their environments.  The version of Bash that was included in the affected versions of PowerScale OneFS listed above has been found to have a security vulnerability(CVE-2022-3715), which has been remediated.  While PowerScale OneFS does not use Bash by default, the remediated version is available in the updated Roll Up Patches (RUP) for customers who use it.
CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-3715 PowerScale OneFS
 

9.5.0.0 through 9.5.0.1

Download and install the latest RUP

>= 9.5.0.2

 PowerScale OneFS Downloads Area

9.4.0.0 through 9.4.0.13

Download and install the latest RUP >= 9.4.0.14

9.2.1.0 through 9.2.1.22

Download and install the latest RUP >= 9.2.1.23

Any other version

Upgrade your version of PowerScale OneFS to >= 9.5.0.2

CVE-2023-0286

CVE-2022-4304

CVE-2023-0215

 

 

 PowerScale OneFS
 

9.5.0.0 through 9.5.0.1

Download and install the latest RUP.

>= 9.5.0.2

9.4.0.0 through 9.4.0.13

Download and install the latest RUP >= 9.4.0.14

9.2.1.0 through 9.2.1.22

Download and install the latest RUP >= 9.2.1.23

Any other version

Upgrade your version of PowerScale OneFS to >= 9.5.0.2


Note: Bash is supplied with PowerScale OneFS for those customers who use Bash in their environments.  The version of Bash that was included in the affected versions of PowerScale OneFS listed above has been found to have a security vulnerability(CVE-2022-3715), which has been remediated.  While PowerScale OneFS does not use Bash by default, the remediated version is available in the updated Roll Up Patches (RUP) for customers who use it.
Bash is supplied with Dell PowerScale OneFS for those customers who use Bash in their environments. The version of Bash that was included in the affected versions of Dell PowerScale OneFS listed above has been found to have a security vulnerability(CVE-2022-3715), which has been remediated. While Dell PowerScale OneFS does not use Bash by default, the remediated version is available in the updated Roll Up Patches (RUP) for customers who use it.

Workarounds & Mitigations

CVE  Workarounds
CVE-2022-3715 Please use any shell other than bash shell. PowerScale OneFS does not use the bash shell by default.

Revision History

Revision

Date

Description

1.0

2023-05-02

Initial Release

1.12023-06-13Updated version details from Affected Products and Remediation. Updated for all CVEs for PowerScale Onefs 9.4.0.x
1.22024-03-14Modified updated version column.

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

PowerScale OneFS, Product Security Information
Article Properties
Article Number: 000212709
Article Type: Dell Security Advisory
Last Modified: 19 Sep 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.