DSA-2020-089: Dell EMC Data Computing Appliance (DCA) Security Update for Multiple Third-Party Component Vulnerabilities

이 문서는 다음에 적용됩니다. 이 문서는 다음에 적용되지 않습니다. 이 문서는 특정 제품과 관련이 없습니다. 모든 제품 버전이 이 문서에 나와 있는 것은 아닙니다.
기타 리소스 확인

영향

Critical

세부 정보

Summary:     
Multiple components within Dell EMC DCA require a security update to address various vulnerabilities. 

The components are updated for the following vulnerabilities:     

  • Openjdk

CVE-2019-2949     CVE-2019-2989     CVE-2019-2958     CVE-2019-2977     CVE-2019-11068
CVE-2019-2975     CVE-2019-2999     CVE-2019-2996     CVE-2019-2987     CVE-2019-2962     
CVE-2019-2988     CVE-2019-2992     CVE-2019-2964     CVE-2019-2973     CVE-2019-2981     
CVE-2019-2978     CVE-2019-2894     CVE-2019-2983     CVE-2019-2933     CVE-2019-2945

  • curl

CVE-2018-14618

  • kernel 
CVE-2019-14821   CVE-2019-15239  

  • systemd  

CVE-2018-15686   CVE-2018-16866   CVE-2018-16888

  • vim

CVE-2019-12735

  • ghostscript

CVE-2018-16863

  • libssh2

CVE-2019-3858    CVE-2019-3861

  • poitlk

CVE-2018-19788

  • NetworkManager 

CVE-2018-15688

  • Xorg

CVE-2018-14598   CVE-2018-14599   CVE-2018-14600   CVE-2018-15853
CVE-2018-15854   CVE-2018-15855   CVE-2018-15856   CVE-2018-15857
CVE-2018-15859   CVE-2018-15861   CVE-2018-15862   CVE-2018-15863
CVE-2018-15864   

  • elfutils

CVE-2018-16062   CVE-2018-16402   CVE-2018-16403   CVE-2018-18310
CVE-2018-18520   CVE-2018-18521   CVE-2019-7149     CVE-2019-7150
CVE-2019-7664     CVE-2019-7665

  • NTP    

CVE-2018-12327

  • pango

CVE-2019-1010238

  • Perl   

CVE-2018-18311

  • ruby    

CVE-2017-17742   CVE-2018-6914    CVE-2018-8777    CVE-2018-8778
CVE-2018-8779     CVE-2018-8780    CVE-2018-16396  CVE-2018-1000073 
CVE-2018-1000074  CVE-2018-1000075  CVE-2018-1000076  CVE-2018-1000077
CVE-2018-1000078  CVE-2018-1000079

  • wget  

CVE-2019-5953

  • sudo  

CVE-2019-14287                                         

For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.  

To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.

The components are updated for the following vulnerabilities:     

  • Openjdk

CVE-2019-2949     CVE-2019-2989     CVE-2019-2958     CVE-2019-2977     CVE-2019-11068
CVE-2019-2975     CVE-2019-2999     CVE-2019-2996     CVE-2019-2987     CVE-2019-2962     
CVE-2019-2988     CVE-2019-2992     CVE-2019-2964     CVE-2019-2973     CVE-2019-2981     
CVE-2019-2978     CVE-2019-2894     CVE-2019-2983     CVE-2019-2933     CVE-2019-2945

  • curl

CVE-2018-14618

  • kernel 
CVE-2019-14821   CVE-2019-15239  

  • systemd  

CVE-2018-15686   CVE-2018-16866   CVE-2018-16888

  • vim

CVE-2019-12735

  • ghostscript

CVE-2018-16863

  • libssh2

CVE-2019-3858    CVE-2019-3861

  • poitlk

CVE-2018-19788

  • NetworkManager 

CVE-2018-15688

  • Xorg

CVE-2018-14598   CVE-2018-14599   CVE-2018-14600   CVE-2018-15853
CVE-2018-15854   CVE-2018-15855   CVE-2018-15856   CVE-2018-15857
CVE-2018-15859   CVE-2018-15861   CVE-2018-15862   CVE-2018-15863
CVE-2018-15864   

  • elfutils

CVE-2018-16062   CVE-2018-16402   CVE-2018-16403   CVE-2018-18310
CVE-2018-18520   CVE-2018-18521   CVE-2019-7149     CVE-2019-7150
CVE-2019-7664     CVE-2019-7665

  • NTP    

CVE-2018-12327

  • pango

CVE-2019-1010238

  • Perl   

CVE-2018-18311

  • ruby    

CVE-2017-17742   CVE-2018-6914    CVE-2018-8777    CVE-2018-8778
CVE-2018-8779     CVE-2018-8780    CVE-2018-16396  CVE-2018-1000073 
CVE-2018-1000074  CVE-2018-1000075  CVE-2018-1000076  CVE-2018-1000077
CVE-2018-1000078  CVE-2018-1000079

  • wget  

CVE-2019-5953

  • sudo  

CVE-2019-14287                                         

For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.  

To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.

Dell Technologies는 모든 고객이 CVSS 기본 점수와 관련 임시 및 환경 점수를 모두 고려할 것을 권장합니다. 이 경우 특정 보안 취약성과 관련된 잠재적인 심각도에 영향을 미칠 수 있습니다.

영향을 받는 제품 및 문제 해결

Affected products:    
Dell EMC Data Computing Appliance (DCA) versions prior to 4.0.0.0

Remediation:     
The following Dell EMC DCA release addresses these vulnerabilities:    

  • Dell EMC DCA 4.0.0.0

For Dell EMC DCA 4.0.0.0 and later, the security update is contained in the release 4.0.0.0.

Dell EMC recommends all customers upgrade at the earliest opportunity. Contact Dell EMC DCA customer support to download the required rpm file and install it.



Affected products:    
Dell EMC Data Computing Appliance (DCA) versions prior to 4.0.0.0

Remediation:     
The following Dell EMC DCA release addresses these vulnerabilities:    

  • Dell EMC DCA 4.0.0.0

For Dell EMC DCA 4.0.0.0 and later, the security update is contained in the release 4.0.0.0.

Dell EMC recommends all customers upgrade at the earliest opportunity. Contact Dell EMC DCA customer support to download the required rpm file and install it.



관련 정보

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

법적 고지 사항

해당 제품

Data Computing Appliance V2

제품

Data Computing Appliance V2, Data Computing Appliance V3, Product Security Information
문서 속성
문서 번호: 000001834
문서 유형: Dell Security Advisory
마지막 수정 시간: 20 9월 2024
다른 Dell 사용자에게 질문에 대한 답변 찾기
지원 서비스
디바이스에 지원 서비스가 적용되는지 확인하십시오.