DSA-2019-159: Dell EMC Data Computing Appliance (DCA) Security Update for Multiple Third Party Components
Impacto
Critical
Detalles
Summary:
Multiple components within Dell EMC DCA require a security update to address various vulnerabilities.
The components are updated for the following vulnerabilities:
-
Kernel
CVE-2017-17805 CVE-2018-17972 CVE-2019-1125 CVE-2019-5489
-
bind
CVE-2018-5743
-
vim
CVE-2019-12735
-
libssh2
CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3863
-
OpenJDK
CVE-2019-2745 CVE-2019-2762 CVE-2019-2769 CVE-2019-2786
CVE-2019-2816 CVE-2019-2842
-
OpenSSH
CVE-2018-15473
-
Python
CVE-2019-9636
-
OpenSSL
CVE-2019-1559
For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.
To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.
The components are updated for the following vulnerabilities:
-
Kernel
CVE-2017-17805 CVE-2018-17972 CVE-2019-1125 CVE-2019-5489
-
bind
CVE-2018-5743
-
vim
CVE-2019-12735
-
libssh2
CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3863
-
OpenJDK
CVE-2019-2745 CVE-2019-2762 CVE-2019-2769 CVE-2019-2786
CVE-2019-2816 CVE-2019-2842
-
OpenSSH
CVE-2018-15473
-
Python
CVE-2019-9636
-
OpenSSL
CVE-2019-1559
For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.
To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.
Corrección y productos afectados
Affected products:
Dell EMC Data Computing Appliance (DCA) software versions prior to 3.5.4.0
Remediation:
The following Dell EMC DCA release addresses these vulnerabilities:
-
Dell EMC DCA 3.5.4.0
For Dell EMC DCA software version 3.3.0.0, 3.4.0.0, 3.4.1.0, 3.4.2.0, 3.5.0.0, 3.5.1.0, 3.5.2.0, and 3.5.3.0, the security update is contained in release 3.5.4.0.
To upgrade an earlier DCA version, you must upgrade to version 3.3.0.0 and then to version 3.5.4.0.
Dell EMC recommends all customers upgrade at the earliest opportunity. Contact Dell EMC DCA customer support to download the required rpm file and install it.
Affected products:
Dell EMC Data Computing Appliance (DCA) software versions prior to 3.5.4.0
Remediation:
The following Dell EMC DCA release addresses these vulnerabilities:
-
Dell EMC DCA 3.5.4.0
For Dell EMC DCA software version 3.3.0.0, 3.4.0.0, 3.4.1.0, 3.4.2.0, 3.5.0.0, 3.5.1.0, 3.5.2.0, and 3.5.3.0, the security update is contained in release 3.5.4.0.
To upgrade an earlier DCA version, you must upgrade to version 3.3.0.0 and then to version 3.5.4.0.
Dell EMC recommends all customers upgrade at the earliest opportunity. Contact Dell EMC DCA customer support to download the required rpm file and install it.