DSA-2021-111: Dell VxRail Appliance Security Update for Multiple Third-Party Component Vulnerabilities
Resumen: Dell VxRail remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Este artículo se aplica a
Este artículo no se aplica a
Este artículo no está vinculado a ningún producto específico.
No se identifican todas las versiones del producto en este artículo.
Impacto
Critical
Detalles
Dell VxRail Appliance Security Update for Third-party components:
| Third-Party Component | CVE(s) | More information |
| VMware vCenter Server | CVE-2021-21985 | Severity: Critical, see VMSA-2021-0010 |
| VMware vCenter Server | CVE-2021-21986 | Severity: Medium, see VMSA-2021-0010 |
Third-Party components in VxRail Manager:
| Third-Party Component | CVE(s) | More information |
| bind-utils | CVE-2021-25214 |
Severity: Medium, see SUSE-SU-2021:1468-1 |
| CVE-2021-25215 | ||
| curl | CVE-2021-22876 | Severity: Medium, see SUSE-SU-2021:1396-1 |
| CVE-2021-22898 | ||
| glib2-tools | CVE-2021-27219 | Severity: High, see SUSE-SU-2021:801-1 |
| CVE-2021-27218 | ||
| glibc | CVE-2020-27618 | Severity: High, see SUSE-SU-2021:1165-1 |
| CVE-2020-29562 | ||
| CVE-2020-29573 | ||
| kernel | CVE-2020-36312 | Severity: High, see: SUSE-SU-2021:1210-1 SUSE-SU-2021:1595-1 |
| CVE-2021-29650 | ||
| CVE-2021-29155 | ||
| CVE-2020-36310 | ||
| CVE-2021-28950 | ||
| CVE-2020-36322 | ||
| CVE-2021-3444 | ||
| CVE-2021-3483 | ||
| CVE-2021-3444 | ||
| CVE-2021-3428 | ||
| CVE-2021-30002 | ||
| CVE-2021-29647 | ||
| CVE-2021-29265 | ||
| CVE-2021-29264 | ||
| CVE-2021-29154 | ||
| CVE-2021-28972 | ||
| CVE-2021-28971 | ||
| CVE-2021-28964 | ||
| CVE-2021-28688 | ||
| CVE-2021-28660 | ||
| CVE-2021-28038 | ||
| CVE-2021-27365 | ||
| CVE-2021-27364 | ||
| CVE-2021-27363 | ||
| CVE-2021-26932 | ||
| CVE-2021-26931 | ||
| CVE-2021-26930 | ||
| CVE-2021-20219 | ||
| CVE-2020-36311 | ||
| CVE-2020-35519 | ||
| CVE-2020-29368 | ||
| CVE-2020-27815 | ||
| CVE-2020-27171 | ||
| CVE-2020-27170 | ||
| CVE-2020-25673 | ||
| CVE-2020-25672 | ||
| CVE-2020-25671 | ||
| CVE-2020-25670 | ||
| CVE-2020-0433 | ||
| CVE-2020-29374 | ||
| json-smart | CVE-2021-27568 | Severity: Critical, see https://nvd.nist.gov/vuln/detail/CVE-2021-27568 |
| libnettle | CVE-2021-20305 | Severity: High, see SUSE-SU-2021:1399-1 |
| libxml2 | CVE-2021-3516 | Severity: High, see: SUSE-SU-2021:1658-1 SUSE-SU-2021:1524-1 |
| CVE-2021-3517 | ||
| CVE-2021-3518 | ||
| CVE-2021-3537 | ||
| nghttp2 | CVE-2018-1000168 | Severity: High, see SUSE-SU-2021:932-1 |
| CVE-2019-9511 | ||
| CVE-2019-9513 | ||
| CVE-2016-1544 | ||
| CVE-2020-11080 | ||
| pyca/cryptography | CVE-2020-36242 | Severity: Critical, see https://nvd.nist.gov/vuln/detail/CVE-2020-36242 |
| python | CVE-2019-18348 | Severity: Medium, see SUSE-SU-2021:794-1 |
| CVE-2021-23336 | ||
| pyYAML | CVE-2020-14343 | Severity: Critical, see https://nvd.nist.gov/vuln/detail/CVE-2020-14343 |
| sudo | CVE-2021-3156 | Severity: High, see SUSE-SU-2021:1274-1 |
| tar | CVE-2021-20193 | Severity: Low, see SUSE-SU-2021:0975-1 |
| tomcat | CVE-2021-25329 | Severity: High, see SUSE-SU-2021:0948-1 |
| CVE-2021-25122 | ||
| xorg-x11-server | CVE-2021-3472 | Severity: High, see SUSE-SU-2021:1181-1 |
Dell VxRail Appliance Security Update for Third-party components:
| Third-Party Component | CVE(s) | More information |
| VMware vCenter Server | CVE-2021-21985 | Severity: Critical, see VMSA-2021-0010 |
| VMware vCenter Server | CVE-2021-21986 | Severity: Medium, see VMSA-2021-0010 |
Third-Party components in VxRail Manager:
| Third-Party Component | CVE(s) | More information |
| bind-utils | CVE-2021-25214 |
Severity: Medium, see SUSE-SU-2021:1468-1 |
| CVE-2021-25215 | ||
| curl | CVE-2021-22876 | Severity: Medium, see SUSE-SU-2021:1396-1 |
| CVE-2021-22898 | ||
| glib2-tools | CVE-2021-27219 | Severity: High, see SUSE-SU-2021:801-1 |
| CVE-2021-27218 | ||
| glibc | CVE-2020-27618 | Severity: High, see SUSE-SU-2021:1165-1 |
| CVE-2020-29562 | ||
| CVE-2020-29573 | ||
| kernel | CVE-2020-36312 | Severity: High, see: SUSE-SU-2021:1210-1 SUSE-SU-2021:1595-1 |
| CVE-2021-29650 | ||
| CVE-2021-29155 | ||
| CVE-2020-36310 | ||
| CVE-2021-28950 | ||
| CVE-2020-36322 | ||
| CVE-2021-3444 | ||
| CVE-2021-3483 | ||
| CVE-2021-3444 | ||
| CVE-2021-3428 | ||
| CVE-2021-30002 | ||
| CVE-2021-29647 | ||
| CVE-2021-29265 | ||
| CVE-2021-29264 | ||
| CVE-2021-29154 | ||
| CVE-2021-28972 | ||
| CVE-2021-28971 | ||
| CVE-2021-28964 | ||
| CVE-2021-28688 | ||
| CVE-2021-28660 | ||
| CVE-2021-28038 | ||
| CVE-2021-27365 | ||
| CVE-2021-27364 | ||
| CVE-2021-27363 | ||
| CVE-2021-26932 | ||
| CVE-2021-26931 | ||
| CVE-2021-26930 | ||
| CVE-2021-20219 | ||
| CVE-2020-36311 | ||
| CVE-2020-35519 | ||
| CVE-2020-29368 | ||
| CVE-2020-27815 | ||
| CVE-2020-27171 | ||
| CVE-2020-27170 | ||
| CVE-2020-25673 | ||
| CVE-2020-25672 | ||
| CVE-2020-25671 | ||
| CVE-2020-25670 | ||
| CVE-2020-0433 | ||
| CVE-2020-29374 | ||
| json-smart | CVE-2021-27568 | Severity: Critical, see https://nvd.nist.gov/vuln/detail/CVE-2021-27568 |
| libnettle | CVE-2021-20305 | Severity: High, see SUSE-SU-2021:1399-1 |
| libxml2 | CVE-2021-3516 | Severity: High, see: SUSE-SU-2021:1658-1 SUSE-SU-2021:1524-1 |
| CVE-2021-3517 | ||
| CVE-2021-3518 | ||
| CVE-2021-3537 | ||
| nghttp2 | CVE-2018-1000168 | Severity: High, see SUSE-SU-2021:932-1 |
| CVE-2019-9511 | ||
| CVE-2019-9513 | ||
| CVE-2016-1544 | ||
| CVE-2020-11080 | ||
| pyca/cryptography | CVE-2020-36242 | Severity: Critical, see https://nvd.nist.gov/vuln/detail/CVE-2020-36242 |
| python | CVE-2019-18348 | Severity: Medium, see SUSE-SU-2021:794-1 |
| CVE-2021-23336 | ||
| pyYAML | CVE-2020-14343 | Severity: Critical, see https://nvd.nist.gov/vuln/detail/CVE-2020-14343 |
| sudo | CVE-2021-3156 | Severity: High, see SUSE-SU-2021:1274-1 |
| tar | CVE-2021-20193 | Severity: Low, see SUSE-SU-2021:0975-1 |
| tomcat | CVE-2021-25329 | Severity: High, see SUSE-SU-2021:0948-1 |
| CVE-2021-25122 | ||
| xorg-x11-server | CVE-2021-3472 | Severity: High, see SUSE-SU-2021:1181-1 |
Corrección y productos afectados
| CVE(s) Addressed | Product | Affected Version(s) | Updated Version(s) |
| See table above | Dell VxRail Appliance | 4.7.x versions prior to 4.7.531 | 4.7.531 |
| CVE(s) Addressed | Product | Affected Version(s) | Updated Version(s) |
| See table above | Dell VxRail Appliance | 4.7.x versions prior to 4.7.531 | 4.7.531 |
Soluciones alternativas y mitigaciones
See KB article 187489: VxRail: Information on VMSA-2021-0010 and VxRail environments
Historial de revisiones
| Revision | Date | Description |
| 1.0 | 2021-06-03 | Initial Release |
Información relacionada
Descargo de responsabilidad
Productos afectados
VxRail, Product Security InformationPropiedades del artículo
Número del artículo: 000187919
Tipo de artículo: Dell Security Advisory
Última modificación: 19 set. 2025
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.