Ir al contenido principal
Cerrar sesión

Le damos la bienvenida a Dell

Mi cuenta
  • Realice pedidos rápida y fácilmente.
  • Vea los pedidos y haga el seguimiento del estado del envío.
  • Cree una lista de sus productos y acceda a ella
  • Gestione sus sitios, productos y contactos a nivel de producto de Dell EMC con la administración de empresa.
Iniciar sesión Crear una cuenta Inicio de sesión en Premier Iniciar sesión en el programa para socios
Contáctenos

Sus carritos de Dell.com

Número de artículo: 000212709

DSA-2023-136: Dell PowerScale OneFS Security Updates for Multiple Security Vulnerabilities

Resumen: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Contenido del artículo

Impacto

High

Detalles

Third-Party Component

CVEs

More Information
Bash CVE-2022-3715 See NVDThis hyperlink is taking you to a website outside of Dell Technologies.  for more details.
OpenSSL

CVE-2023-0286

CVE-2022-4304

CVE-2023-0215

See NVDThis hyperlink is taking you to a website outside of Dell Technologies. for more details.

See NVDThis hyperlink is taking you to a website outside of Dell Technologies. for more details.

See NVDThis hyperlink is taking you to a website outside of Dell Technologies. for more details.

Third-Party Component

CVEs

More Information
Bash CVE-2022-3715 See NVDThis hyperlink is taking you to a website outside of Dell Technologies.  for more details.
OpenSSL

CVE-2023-0286

CVE-2022-4304

CVE-2023-0215

See NVDThis hyperlink is taking you to a website outside of Dell Technologies. for more details.

See NVDThis hyperlink is taking you to a website outside of Dell Technologies. for more details.

See NVDThis hyperlink is taking you to a website outside of Dell Technologies. for more details.
Dell Technologies recomienda que todos los clientes tengan en cuenta la puntuación base CVSS y las puntuaciones temporales o de entorno relevantes que puedan afectar a la posible gravedad asociada a una determinada vulnerabilidad de seguridad.

Productos afectados y corrección

CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-3715 PowerScale OneFS
 

9.5.0.0 through 9.5.0.1

Download and install the latest RUP.

>= 9.5.0.2

 PowerScale OneFS Downloads Area

9.4.0.0 through 9.4.0.13

Download and install the latest RUP >= 9.4.0.14

9.2.1.0 through 9.2.1.22

RUP expected in June 23. If a fix is needed sooner, upgrade your version of OneFS to >=9.5.0.2

Any other version

Upgrade your version of PowerScale OneFS to >= 9.5.0.2

CVE-2023-0286

CVE-2022-4304

CVE-2023-0215

 

 

 PowerScale OneFS
 

9.5.0.0 through 9.5.0.1

Download and install the latest RUP.

>= 9.5.0.2

9.4.0.0 through 9.4.0.13

Download and install the latest RUP >= 9.4.0.14

9.2.1.0 through 9.2.1.22

RUP expected in June 23. If a fix is needed sooner, upgrade your version of OneFS to >=9.5.0.2

Any other version

Upgrade your version of PowerScale OneFS to >= 9.5.0.2


Note: Bash is supplied with PowerScale OneFS for those customers who use Bash in their environments.  The version of Bash that was included in the affected versions of PowerScale OneFS listed above has been found to have a security vulnerability(CVE-2022-3715), which has been remediated.  While PowerScale OneFS does not use Bash by default, the remediated version is available in the updated Roll Up Patches (RUP) for customers who use it.
CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-3715 PowerScale OneFS
 

9.5.0.0 through 9.5.0.1

Download and install the latest RUP.

>= 9.5.0.2

 PowerScale OneFS Downloads Area

9.4.0.0 through 9.4.0.13

Download and install the latest RUP >= 9.4.0.14

9.2.1.0 through 9.2.1.22

RUP expected in June 23. If a fix is needed sooner, upgrade your version of OneFS to >=9.5.0.2

Any other version

Upgrade your version of PowerScale OneFS to >= 9.5.0.2

CVE-2023-0286

CVE-2022-4304

CVE-2023-0215

 

 

 PowerScale OneFS
 

9.5.0.0 through 9.5.0.1

Download and install the latest RUP.

>= 9.5.0.2

9.4.0.0 through 9.4.0.13

Download and install the latest RUP >= 9.4.0.14

9.2.1.0 through 9.2.1.22

RUP expected in June 23. If a fix is needed sooner, upgrade your version of OneFS to >=9.5.0.2

Any other version

Upgrade your version of PowerScale OneFS to >= 9.5.0.2


Note: Bash is supplied with PowerScale OneFS for those customers who use Bash in their environments.  The version of Bash that was included in the affected versions of PowerScale OneFS listed above has been found to have a security vulnerability(CVE-2022-3715), which has been remediated.  While PowerScale OneFS does not use Bash by default, the remediated version is available in the updated Roll Up Patches (RUP) for customers who use it.

Soluciones alternativas y mitigaciones

CVE  Workarounds
CVE-2022-3715 Please use any shell other than bash shell. PowerScale OneFS does not use the bash shell by default.

Historial de revisiones

Revision

Date

Description

1.0

2023-05-02

Initial Release

1.12023-06-13Updated version details from Affected Products and Remediation. Updated for all CVEs for PowerScale Onefs 9.4.0.x

Información relacionada

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Información adicional

Bash is supplied with Dell PowerScale OneFS for those customers who use Bash in their environments. The version of Bash that was included in the affected versions of Dell PowerScale OneFS listed above has been found to have a security vulnerability(CVE-2022-3715), which has been remediated. While Dell PowerScale OneFS does not use Bash by default, the remediated version is available in the updated Roll Up Patches (RUP) for customers who use it.

Información legal

Propiedades del artículo

Producto afectado

PowerScale OneFS, Product Security Information

Fecha de la última publicación

13 jun. 2023

Versión

3

Tipo de artículo

Dell Security Advisory

Volver al principio