DSA-2023-136: Dell PowerScale OneFS Security Updates for Multiple Security Vulnerabilities

Resumen: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Este artículo se aplica a: Este artículo no se aplica a: Este artículo no está vinculado a ningún producto específico. En este artículo no se identifican todas las versiones de los productos.
Consultar otros recursos

Impacto

High

Detalles

Third-Party Component

CVEs

More Information
Bash CVE-2022-3715 See NVDThis hyperlink is taking you to a website outside of Dell Technologies.  for more details.
OpenSSL

CVE-2023-0286

CVE-2022-4304

CVE-2023-0215

See NVDThis hyperlink is taking you to a website outside of Dell Technologies. for more details.

See NVDThis hyperlink is taking you to a website outside of Dell Technologies. for more details.

See NVDThis hyperlink is taking you to a website outside of Dell Technologies. for more details.

Third-Party Component

CVEs

More Information
Bash CVE-2022-3715 See NVDThis hyperlink is taking you to a website outside of Dell Technologies.  for more details.
OpenSSL

CVE-2023-0286

CVE-2022-4304

CVE-2023-0215

See NVDThis hyperlink is taking you to a website outside of Dell Technologies. for more details.

See NVDThis hyperlink is taking you to a website outside of Dell Technologies. for more details.

See NVDThis hyperlink is taking you to a website outside of Dell Technologies. for more details.
Dell Technologies recomienda que todos los clientes tengan en cuenta la puntuación base CVSS y las puntuaciones temporales o de entorno relevantes que puedan afectar a la posible gravedad asociada a una determinada vulnerabilidad de seguridad.

Productos afectados y corrección

CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-3715 PowerScale OneFS
 

9.5.0.0 through 9.5.0.1

Download and install the latest RUP

>= 9.5.0.2

 PowerScale OneFS Downloads Area

9.4.0.0 through 9.4.0.13

Download and install the latest RUP >= 9.4.0.14

9.2.1.0 through 9.2.1.22

Download and install the latest RUP >= 9.2.1.23

Any other version

Upgrade your version of PowerScale OneFS to >= 9.5.0.2

CVE-2023-0286

CVE-2022-4304

CVE-2023-0215

 

 

 PowerScale OneFS
 

9.5.0.0 through 9.5.0.1

Download and install the latest RUP.

>= 9.5.0.2

9.4.0.0 through 9.4.0.13

Download and install the latest RUP >= 9.4.0.14

9.2.1.0 through 9.2.1.22

Download and install the latest RUP >= 9.2.1.23

Any other version

Upgrade your version of PowerScale OneFS to >= 9.5.0.2


Note: Bash is supplied with PowerScale OneFS for those customers who use Bash in their environments.  The version of Bash that was included in the affected versions of PowerScale OneFS listed above has been found to have a security vulnerability(CVE-2022-3715), which has been remediated.  While PowerScale OneFS does not use Bash by default, the remediated version is available in the updated Roll Up Patches (RUP) for customers who use it.
CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-3715 PowerScale OneFS
 

9.5.0.0 through 9.5.0.1

Download and install the latest RUP

>= 9.5.0.2

 PowerScale OneFS Downloads Area

9.4.0.0 through 9.4.0.13

Download and install the latest RUP >= 9.4.0.14

9.2.1.0 through 9.2.1.22

Download and install the latest RUP >= 9.2.1.23

Any other version

Upgrade your version of PowerScale OneFS to >= 9.5.0.2

CVE-2023-0286

CVE-2022-4304

CVE-2023-0215

 

 

 PowerScale OneFS
 

9.5.0.0 through 9.5.0.1

Download and install the latest RUP.

>= 9.5.0.2

9.4.0.0 through 9.4.0.13

Download and install the latest RUP >= 9.4.0.14

9.2.1.0 through 9.2.1.22

Download and install the latest RUP >= 9.2.1.23

Any other version

Upgrade your version of PowerScale OneFS to >= 9.5.0.2


Note: Bash is supplied with PowerScale OneFS for those customers who use Bash in their environments.  The version of Bash that was included in the affected versions of PowerScale OneFS listed above has been found to have a security vulnerability(CVE-2022-3715), which has been remediated.  While PowerScale OneFS does not use Bash by default, the remediated version is available in the updated Roll Up Patches (RUP) for customers who use it.
Bash is supplied with Dell PowerScale OneFS for those customers who use Bash in their environments. The version of Bash that was included in the affected versions of Dell PowerScale OneFS listed above has been found to have a security vulnerability(CVE-2022-3715), which has been remediated. While Dell PowerScale OneFS does not use Bash by default, the remediated version is available in the updated Roll Up Patches (RUP) for customers who use it.

Soluciones alternativas y mitigaciones

CVE  Workarounds
CVE-2022-3715 Please use any shell other than bash shell. PowerScale OneFS does not use the bash shell by default.

Historial de revisiones

Revision

Date

Description

1.0

2023-05-02

Initial Release

1.12023-06-13Updated version details from Affected Products and Remediation. Updated for all CVEs for PowerScale Onefs 9.4.0.x
1.22024-03-14Modified updated version column.

Información relacionada

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Aviso legal

Productos afectados

PowerScale OneFS, Product Security Information
Propiedades del artículo
Número de artículo: 000212709
Tipo de artículo: Dell Security Advisory
Última modificación: 19 sept 2025
Encuentra las respuestas que necesitas con la ayuda de otros usuarios de Dell
Servicios de asistencia
Comprueba si tu dispositivo está cubierto por los servicios de asistencia.