DSA-2019-012: Dell EMC ESRS Virtual Edition Security Update for Multiple Embedded Component Vulnerabilities
Impacto
Medium
Detalles
Summary:
Multiple components within Dell EMC ESRS Virtual Edition require a security update to address various vulnerabilities.
The Dell EMC ESRS components have been updated to address the following vulnerabilities:
-
PL/SQL
CVE-2002-0560
-
Curl
CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618
CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622
CVE-2016-8623 CVE-2016-8624
-
Python
CVE-2016-5636
-
Zlib
CVE-2016-9841
-
Ncurses
CVE-2017-10684 CVE-2017-10685
-
JRE
CVE-2018-3149 CVE-2018-3150 CVE-2018-3157 CVE-2018-3169
CVE-2018-3180 CVE-2018-3183 CVE-2018-3209 CVE-2018-3211
CVE-2018-3214 CVE-2018-3136 CVE-2018-3139 CVE-2018-13785
-
Xmltool
CVE-2018-0489
-
Kernel
CVE-2018-5390 CVE-2018-6922
For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.
To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.
The Dell EMC ESRS components have been updated to address the following vulnerabilities:
-
PL/SQL
CVE-2002-0560
-
Curl
CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618
CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622
CVE-2016-8623 CVE-2016-8624
-
Python
CVE-2016-5636
-
Zlib
CVE-2016-9841
-
Ncurses
CVE-2017-10684 CVE-2017-10685
-
JRE
CVE-2018-3149 CVE-2018-3150 CVE-2018-3157 CVE-2018-3169
CVE-2018-3180 CVE-2018-3183 CVE-2018-3209 CVE-2018-3211
CVE-2018-3214 CVE-2018-3136 CVE-2018-3139 CVE-2018-13785
-
Xmltool
CVE-2018-0489
-
Kernel
CVE-2018-5390 CVE-2018-6922
For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.
To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.
Corrección y productos afectados
Affected products:
Dell EMC ESRS Virtual Edition versions prior to 3.34.00.04
Remediation:
The following Dell EMC ESRS Virtual Edition release addresses this vulnerability:
-
Dell EMC ESRS VE 3.34.00.04
Dell EMC recommends all customers upgrade at the earliest opportunity. Contact Dell EMC ESRS Virtual Edition Customer Support to download the required rpm file and install it.
Link to Remedies:
The ESRS VE patch is published in ESRS Virtual Lifecycle Management (vLM) repository and the existing process triggers an Email notification to customer s ESRS VE primary and secondary contacts. Email notification contains a link to Release notes (along with details of security updates) and a link to update the VE to the latest patch. Contact Dell EMC ESRS Virtual Edition Customer Support for any questions regarding upgrading Dell EMC ESRS Virtual Edition system.
Affected products:
Dell EMC ESRS Virtual Edition versions prior to 3.34.00.04
Remediation:
The following Dell EMC ESRS Virtual Edition release addresses this vulnerability:
-
Dell EMC ESRS VE 3.34.00.04
Dell EMC recommends all customers upgrade at the earliest opportunity. Contact Dell EMC ESRS Virtual Edition Customer Support to download the required rpm file and install it.
Link to Remedies:
The ESRS VE patch is published in ESRS Virtual Lifecycle Management (vLM) repository and the existing process triggers an Email notification to customer s ESRS VE primary and secondary contacts. Email notification contains a link to Release notes (along with details of security updates) and a link to update the VE to the latest patch. Contact Dell EMC ESRS Virtual Edition Customer Support for any questions regarding upgrading Dell EMC ESRS Virtual Edition system.