DSA-2019-044: Dell EMC CloudBoost Virtual Appliance Update for Multiple Multiprocessor Side-Channel Vulnerabilities
Impact
Medium
Details
Summary:
Dell EMC CloudBoost Virtual Appliance contains a security update to the operating system to mitigate the side-channel vulnerabilities.
This advisory addresses the following vulnerabilities:
-
L1 Terminal Fault: SGX
CVE-2018-3615 -
L1 Terminal Fault: OS/SMM
CVE-2018-3620 -
Rogue System Register Read (RSRE) also known as Variant 3a
CVE-2018-3640 -
L1 Terminal Fault: VMM
CVE-2018-3646
For more information, please review Intel s security advisories INTEL-SA-00115 and INTEL-SA-00161.
See NVD (http://nvd.nist.gov/) for individual scores for each CVE
This advisory addresses the following vulnerabilities:
-
L1 Terminal Fault: SGX
CVE-2018-3615 -
L1 Terminal Fault: OS/SMM
CVE-2018-3620 -
Rogue System Register Read (RSRE) also known as Variant 3a
CVE-2018-3640 -
L1 Terminal Fault: VMM
CVE-2018-3646
For more information, please review Intel s security advisories INTEL-SA-00115 and INTEL-SA-00161.
See NVD (http://nvd.nist.gov/) for individual scores for each CVE
Affected Products & Remediation
Affected products:
Dell EMC Software: Dell EMC Networker with CloudBoost Virtual Appliance 18.1
Dell EMC Software: Dell EMC Networker with CloudBoost Virtual Appliance 18.2
Dell EMC Software: Dell EMC Networker with CloudBoost Virtual Appliance 2.2.3 or earlier
Dell EMC Software: Dell EMC Networker with CloudBoost Physical Appliance 2.2.3 or earlier
Remediation:
The following Dell EMC CloudBoost Virtual Appliance release addresses these vulnerabilities:
-
Dell EMC CloudBoost Virtual Appliance 18.2.0.1
Dell EMC recommends all customers upgrade at the earliest opportunity.
Dell recommends customers to follow security best practices for malware protection to help prevent possible exploitation of these vulnerabilities. These practices include, but are not limited to, promptly deploying software updates, avoiding unknown hyperlinks and websites, never downloading files or applications from unknown sources, and employing up-to-date anti-virus and advanced threat protection solutions.
For more information and access to the various CloudBoost releases, see
-
Dell EMC CloudBoost Virtual Appliance: https://support.emc.com/downloads/38770_CloudBoost-Virtual-Appliance
Note: CloudBoost Physical Appliance customers interested in receiving security updates should contact customer support to migrate to the CloudBoost Virtual Appliance. The CloudBoost Virtual Appliance 2.2.3 (or prior) customers should contact customer support to migrate to CloudBoost Virtual Appliance 18.x.
Affected products:
Dell EMC Software: Dell EMC Networker with CloudBoost Virtual Appliance 18.1
Dell EMC Software: Dell EMC Networker with CloudBoost Virtual Appliance 18.2
Dell EMC Software: Dell EMC Networker with CloudBoost Virtual Appliance 2.2.3 or earlier
Dell EMC Software: Dell EMC Networker with CloudBoost Physical Appliance 2.2.3 or earlier
Remediation:
The following Dell EMC CloudBoost Virtual Appliance release addresses these vulnerabilities:
-
Dell EMC CloudBoost Virtual Appliance 18.2.0.1
Dell EMC recommends all customers upgrade at the earliest opportunity.
Dell recommends customers to follow security best practices for malware protection to help prevent possible exploitation of these vulnerabilities. These practices include, but are not limited to, promptly deploying software updates, avoiding unknown hyperlinks and websites, never downloading files or applications from unknown sources, and employing up-to-date anti-virus and advanced threat protection solutions.
For more information and access to the various CloudBoost releases, see
-
Dell EMC CloudBoost Virtual Appliance: https://support.emc.com/downloads/38770_CloudBoost-Virtual-Appliance
Note: CloudBoost Physical Appliance customers interested in receiving security updates should contact customer support to migrate to the CloudBoost Virtual Appliance. The CloudBoost Virtual Appliance 2.2.3 (or prior) customers should contact customer support to migrate to CloudBoost Virtual Appliance 18.x.