DSA-2021-111: Dell VxRail Appliance Security Update for Multiple Third-Party Component Vulnerabilities
Résumé: Dell VxRail remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Cet article concerne
Cet article ne concerne pas
Cet article n’est associé à aucun produit spécifique.
Toutes les versions du produit ne sont pas identifiées dans cet article.
Impact
Critical
Détails
Dell VxRail Appliance Security Update for Third-party components:
| Third-Party Component | CVE(s) | More information |
| VMware vCenter Server | CVE-2021-21985 | Severity: Critical, see VMSA-2021-0010 |
| VMware vCenter Server | CVE-2021-21986 | Severity: Medium, see VMSA-2021-0010 |
Third-Party components in VxRail Manager:
| Third-Party Component | CVE(s) | More information |
| bind-utils | CVE-2021-25214 |
Severity: Medium, see SUSE-SU-2021:1468-1 |
| CVE-2021-25215 | ||
| curl | CVE-2021-22876 | Severity: Medium, see SUSE-SU-2021:1396-1 |
| CVE-2021-22898 | ||
| glib2-tools | CVE-2021-27219 | Severity: High, see SUSE-SU-2021:801-1 |
| CVE-2021-27218 | ||
| glibc | CVE-2020-27618 | Severity: High, see SUSE-SU-2021:1165-1 |
| CVE-2020-29562 | ||
| CVE-2020-29573 | ||
| kernel | CVE-2020-36312 | Severity: High, see: SUSE-SU-2021:1210-1 SUSE-SU-2021:1595-1 |
| CVE-2021-29650 | ||
| CVE-2021-29155 | ||
| CVE-2020-36310 | ||
| CVE-2021-28950 | ||
| CVE-2020-36322 | ||
| CVE-2021-3444 | ||
| CVE-2021-3483 | ||
| CVE-2021-3444 | ||
| CVE-2021-3428 | ||
| CVE-2021-30002 | ||
| CVE-2021-29647 | ||
| CVE-2021-29265 | ||
| CVE-2021-29264 | ||
| CVE-2021-29154 | ||
| CVE-2021-28972 | ||
| CVE-2021-28971 | ||
| CVE-2021-28964 | ||
| CVE-2021-28688 | ||
| CVE-2021-28660 | ||
| CVE-2021-28038 | ||
| CVE-2021-27365 | ||
| CVE-2021-27364 | ||
| CVE-2021-27363 | ||
| CVE-2021-26932 | ||
| CVE-2021-26931 | ||
| CVE-2021-26930 | ||
| CVE-2021-20219 | ||
| CVE-2020-36311 | ||
| CVE-2020-35519 | ||
| CVE-2020-29368 | ||
| CVE-2020-27815 | ||
| CVE-2020-27171 | ||
| CVE-2020-27170 | ||
| CVE-2020-25673 | ||
| CVE-2020-25672 | ||
| CVE-2020-25671 | ||
| CVE-2020-25670 | ||
| CVE-2020-0433 | ||
| CVE-2020-29374 | ||
| json-smart | CVE-2021-27568 | Severity: Critical, see https://nvd.nist.gov/vuln/detail/CVE-2021-27568 |
| libnettle | CVE-2021-20305 | Severity: High, see SUSE-SU-2021:1399-1 |
| libxml2 | CVE-2021-3516 | Severity: High, see: SUSE-SU-2021:1658-1 SUSE-SU-2021:1524-1 |
| CVE-2021-3517 | ||
| CVE-2021-3518 | ||
| CVE-2021-3537 | ||
| nghttp2 | CVE-2018-1000168 | Severity: High, see SUSE-SU-2021:932-1 |
| CVE-2019-9511 | ||
| CVE-2019-9513 | ||
| CVE-2016-1544 | ||
| CVE-2020-11080 | ||
| pyca/cryptography | CVE-2020-36242 | Severity: Critical, see https://nvd.nist.gov/vuln/detail/CVE-2020-36242 |
| python | CVE-2019-18348 | Severity: Medium, see SUSE-SU-2021:794-1 |
| CVE-2021-23336 | ||
| pyYAML | CVE-2020-14343 | Severity: Critical, see https://nvd.nist.gov/vuln/detail/CVE-2020-14343 |
| sudo | CVE-2021-3156 | Severity: High, see SUSE-SU-2021:1274-1 |
| tar | CVE-2021-20193 | Severity: Low, see SUSE-SU-2021:0975-1 |
| tomcat | CVE-2021-25329 | Severity: High, see SUSE-SU-2021:0948-1 |
| CVE-2021-25122 | ||
| xorg-x11-server | CVE-2021-3472 | Severity: High, see SUSE-SU-2021:1181-1 |
Dell VxRail Appliance Security Update for Third-party components:
| Third-Party Component | CVE(s) | More information |
| VMware vCenter Server | CVE-2021-21985 | Severity: Critical, see VMSA-2021-0010 |
| VMware vCenter Server | CVE-2021-21986 | Severity: Medium, see VMSA-2021-0010 |
Third-Party components in VxRail Manager:
| Third-Party Component | CVE(s) | More information |
| bind-utils | CVE-2021-25214 |
Severity: Medium, see SUSE-SU-2021:1468-1 |
| CVE-2021-25215 | ||
| curl | CVE-2021-22876 | Severity: Medium, see SUSE-SU-2021:1396-1 |
| CVE-2021-22898 | ||
| glib2-tools | CVE-2021-27219 | Severity: High, see SUSE-SU-2021:801-1 |
| CVE-2021-27218 | ||
| glibc | CVE-2020-27618 | Severity: High, see SUSE-SU-2021:1165-1 |
| CVE-2020-29562 | ||
| CVE-2020-29573 | ||
| kernel | CVE-2020-36312 | Severity: High, see: SUSE-SU-2021:1210-1 SUSE-SU-2021:1595-1 |
| CVE-2021-29650 | ||
| CVE-2021-29155 | ||
| CVE-2020-36310 | ||
| CVE-2021-28950 | ||
| CVE-2020-36322 | ||
| CVE-2021-3444 | ||
| CVE-2021-3483 | ||
| CVE-2021-3444 | ||
| CVE-2021-3428 | ||
| CVE-2021-30002 | ||
| CVE-2021-29647 | ||
| CVE-2021-29265 | ||
| CVE-2021-29264 | ||
| CVE-2021-29154 | ||
| CVE-2021-28972 | ||
| CVE-2021-28971 | ||
| CVE-2021-28964 | ||
| CVE-2021-28688 | ||
| CVE-2021-28660 | ||
| CVE-2021-28038 | ||
| CVE-2021-27365 | ||
| CVE-2021-27364 | ||
| CVE-2021-27363 | ||
| CVE-2021-26932 | ||
| CVE-2021-26931 | ||
| CVE-2021-26930 | ||
| CVE-2021-20219 | ||
| CVE-2020-36311 | ||
| CVE-2020-35519 | ||
| CVE-2020-29368 | ||
| CVE-2020-27815 | ||
| CVE-2020-27171 | ||
| CVE-2020-27170 | ||
| CVE-2020-25673 | ||
| CVE-2020-25672 | ||
| CVE-2020-25671 | ||
| CVE-2020-25670 | ||
| CVE-2020-0433 | ||
| CVE-2020-29374 | ||
| json-smart | CVE-2021-27568 | Severity: Critical, see https://nvd.nist.gov/vuln/detail/CVE-2021-27568 |
| libnettle | CVE-2021-20305 | Severity: High, see SUSE-SU-2021:1399-1 |
| libxml2 | CVE-2021-3516 | Severity: High, see: SUSE-SU-2021:1658-1 SUSE-SU-2021:1524-1 |
| CVE-2021-3517 | ||
| CVE-2021-3518 | ||
| CVE-2021-3537 | ||
| nghttp2 | CVE-2018-1000168 | Severity: High, see SUSE-SU-2021:932-1 |
| CVE-2019-9511 | ||
| CVE-2019-9513 | ||
| CVE-2016-1544 | ||
| CVE-2020-11080 | ||
| pyca/cryptography | CVE-2020-36242 | Severity: Critical, see https://nvd.nist.gov/vuln/detail/CVE-2020-36242 |
| python | CVE-2019-18348 | Severity: Medium, see SUSE-SU-2021:794-1 |
| CVE-2021-23336 | ||
| pyYAML | CVE-2020-14343 | Severity: Critical, see https://nvd.nist.gov/vuln/detail/CVE-2020-14343 |
| sudo | CVE-2021-3156 | Severity: High, see SUSE-SU-2021:1274-1 |
| tar | CVE-2021-20193 | Severity: Low, see SUSE-SU-2021:0975-1 |
| tomcat | CVE-2021-25329 | Severity: High, see SUSE-SU-2021:0948-1 |
| CVE-2021-25122 | ||
| xorg-x11-server | CVE-2021-3472 | Severity: High, see SUSE-SU-2021:1181-1 |
Produits concernés et mesure corrective
| CVE(s) Addressed | Product | Affected Version(s) | Updated Version(s) |
| See table above | Dell VxRail Appliance | 4.7.x versions prior to 4.7.531 | 4.7.531 |
| CVE(s) Addressed | Product | Affected Version(s) | Updated Version(s) |
| See table above | Dell VxRail Appliance | 4.7.x versions prior to 4.7.531 | 4.7.531 |
Solutions de contournement et mesures d’atténuation
See KB article 187489: VxRail: Information on VMSA-2021-0010 and VxRail environments
Historique des révisions
| Revision | Date | Description |
| 1.0 | 2021-06-03 | Initial Release |
Informations connexes
Mention légale
Produits concernés
VxRail, Product Security InformationPropriétés de l’article
Numéro d’article: 000187919
Type d’article: Dell Security Advisory
Dernière modification: 19 Sep 2025
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.