DSA-2022-112: DELL PowerFlex Security Update for Multiple Vulnerabilities
Samenvatting: Remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Dit artikel is van toepassing op
Dit artikel is niet van toepassing op
Dit artikel is niet gebonden aan een specifiek product.
Niet alle productversies worden in dit artikel vermeld.
Impact
High
Gegevens
| Component | CVEs | More Information |
| PowerFlex components using OpenSSL | CVE-2021-3711, CVE-2021-3712, CVE-2022-0778 |
OpenSSL is used by PowerFlex for Secure communication between its different components. |
| PowerFlex Gateway using Spring4Shell | CVE-2022-22965 | Spring article: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement  |
| PowerFlex Presentation server and Gateway using Java or OpenJDK | CVE-2022-21248, CVE-2022-21282, CVE-2022-21283, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296 |
Oracle article: https://www.oracle.com/security-alerts/cpujan2022.html#AppendixJAVA |
| PowerFlex Custom node R6525 | CVE-2021-26339, CVE-2021-26373, CVE-2021-26347, CVE-2021-26376, CVE-2021-26375, CVE-2021-26378, CVE-2021-26372, CVE-2021-26348, CVE-2021-26342, CVE-2021-26388, CVE-2021-26349, CVE-2021-26364, CVE-2021-26312, CVE-2021-26350 |
Dell article: https://www.dell.com/support/kbdoc/en-vn/000199269/dsa-2022-126-dell-poweredge-server-security-updates-for-amd-server-vulnerabilities |
| Component | CVEs | More Information |
| PowerFlex components using OpenSSL | CVE-2021-3711, CVE-2021-3712, CVE-2022-0778 |
OpenSSL is used by PowerFlex for Secure communication between its different components. |
| PowerFlex Gateway using Spring4Shell | CVE-2022-22965 | Spring article: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement |
| PowerFlex Presentation server and Gateway using Java or OpenJDK | CVE-2022-21248, CVE-2022-21282, CVE-2022-21283, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296 |
Oracle article: https://www.oracle.com/security-alerts/cpujan2022.html#AppendixJAVA |
| PowerFlex Custom node R6525 | CVE-2021-26339, CVE-2021-26373, CVE-2021-26347, CVE-2021-26376, CVE-2021-26375, CVE-2021-26378, CVE-2021-26372, CVE-2021-26348, CVE-2021-26342, CVE-2021-26388, CVE-2021-26349, CVE-2021-26364, CVE-2021-26312, CVE-2021-26350 |
Dell article: https://www.dell.com/support/kbdoc/en-vn/000199269/dsa-2022-126-dell-poweredge-server-security-updates-for-amd-server-vulnerabilities |
Getroffen producten en herstel
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update | |||||
| CVE-2021-3711, CVE-2021-3712 CVE-2022-0778 | OpenSSL used by PowerFlex Software |
PowerFlex versions before 3.6.0.4 or latest SVM patch bundle. | PowerFlex 3.6.0.4 OVA includes this updated OpenSSL package SVM Patch bundle from August 4, 2022 |
PowerFlex_3.6.0.4_107_Complete_Software.zip (with latest OVA) SVM_OS_Patching_package_04082022.zip (for use with manual SVM upgrade) For customer managed operating system, must upgrade with package openssl-libs-1.0.2k-24 based package, an example for CentOS7.9: openssl-libs-1.0.2k-24.el7_9.x86_64.rpm. |
|||||
| CVE-2022-22965 | PowerFlex Software | PowerFlex versions before 3.6.0.4 or 3.5.1.6 | PowerFlex 3.6.0.4 PowerFlex 3.5.1.6 and later versions |
PowerFlex_3.6.0.4_107_Complete_Software.zip (with latest PowerFlex Gateway rpm) PowerFlex_3.5.1.6_110_Complete_Software.zip (with latest PowerFlex Gateway rpm) |
|||||
| CVE-2021-21248 CVE-2021-21282 CVE-2021-21283 CVE-2021-21293 CVE-2021-21294 CVE-2021-21296 | PowerFlex Software | PowerFlex versions before 3.6.0.4 | PowerFlex 3.6.0.4 and later versions | PowerFlex_3.6.0.4_107_Complete_Software.zip (with latest OVA) For customer managed operating system, self-upgrade is required with package java-1.8.0-openjdk-headless-1.8.0.322 based package for the compatible operating system or the java compatible version, an example for CentOS7.9: java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el7_9 Guidelines: Java upgrade prerequisites. |
|||||
| CVE-2021-26373 CVE-2021-26339 CVE-2021-26344 CVE-2021-26347 CVE-2021-26376 CVE-2021-26375 CVE-2021-26378 CVE-2021-26372 CVE-2021-26348 CVE-2021-26342 CVE-2021-26388 CVE-2021-26349 CVE-2021-26328 |
R6525 custom node |
BIOS Versions before 2.6.6 for AMD |
AMD BIOS: 2.6.6 | Downloads (when upgrade is with using OME) Documents (when manual upgrade) |
|||||
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update | |||||
| CVE-2021-3711, CVE-2021-3712 CVE-2022-0778 | OpenSSL used by PowerFlex Software |
PowerFlex versions before 3.6.0.4 or latest SVM patch bundle. | PowerFlex 3.6.0.4 OVA includes this updated OpenSSL package SVM Patch bundle from August 4, 2022 |
PowerFlex_3.6.0.4_107_Complete_Software.zip (with latest OVA) SVM_OS_Patching_package_04082022.zip (for use with manual SVM upgrade) For customer managed operating system, must upgrade with package openssl-libs-1.0.2k-24 based package, an example for CentOS7.9: openssl-libs-1.0.2k-24.el7_9.x86_64.rpm. |
|||||
| CVE-2022-22965 | PowerFlex Software | PowerFlex versions before 3.6.0.4 or 3.5.1.6 | PowerFlex 3.6.0.4 PowerFlex 3.5.1.6 and later versions |
PowerFlex_3.6.0.4_107_Complete_Software.zip (with latest PowerFlex Gateway rpm) PowerFlex_3.5.1.6_110_Complete_Software.zip (with latest PowerFlex Gateway rpm) |
|||||
| CVE-2021-21248 CVE-2021-21282 CVE-2021-21283 CVE-2021-21293 CVE-2021-21294 CVE-2021-21296 | PowerFlex Software | PowerFlex versions before 3.6.0.4 | PowerFlex 3.6.0.4 and later versions | PowerFlex_3.6.0.4_107_Complete_Software.zip (with latest OVA) For customer managed operating system, self-upgrade is required with package java-1.8.0-openjdk-headless-1.8.0.322 based package for the compatible operating system or the java compatible version, an example for CentOS7.9: java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el7_9 Guidelines: Java upgrade prerequisites. |
|||||
| CVE-2021-26373 CVE-2021-26339 CVE-2021-26344 CVE-2021-26347 CVE-2021-26376 CVE-2021-26375 CVE-2021-26378 CVE-2021-26372 CVE-2021-26348 CVE-2021-26342 CVE-2021-26388 CVE-2021-26349 CVE-2021-26328 |
R6525 custom node |
BIOS Versions before 2.6.6 for AMD |
AMD BIOS: 2.6.6 | Downloads (when upgrade is with using OME) Documents (when manual upgrade) |
|||||
Revisiegeschiedenis
| Revision | Date | Description |
| 1.0 | 2022-05-02 | Initial Draft for review |
| 2.0 | 2022-05-03 | Clarified some OpenSSL upgrade info |
| 3.0 | 2022-05-06 | Updated CVEs for AMD issue based on new AMD-SN |
Verwante informatie
Juridische verklaring van afstand
Getroffen producten
PowerFlex custom node, PowerFlex custom node, PowerFlex custom node R650, PowerFlex custom node R6525Producten
Product Security InformationArtikeleigenschappen
Artikelnummer: 000199942
Artikeltype: Dell Security Advisory
Laatst aangepast: 05 nov. 2025
Vind antwoorden op uw vragen via andere Dell gebruikers
Support Services
Controleer of uw apparaat wordt gedekt door Support Services.