DSA-2022-215: Dell PowerScale OneFS Security Update for Multiple Third-Party Component Vulnerabilities
Samenvatting: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Dit artikel is van toepassing op
Dit artikel is niet van toepassing op
Dit artikel is niet gebonden aan een specifiek product.
Niet alle productversies worden in dit artikel vermeld.
Impact
High
Gegevens
| Third-party Component | CVEs | More Information |
| Bash | CVE-2019-18276 | See NVD (https://nvd.nist.gov/) for individual scores for each CVE. |
| CVE-2019-9924 | ||
| CVE-2016-9401 | ||
| CVE-2016-7543 |
| Third-party Component | CVEs | More Information |
| Bash | CVE-2019-18276 | See NVD (https://nvd.nist.gov/) for individual scores for each CVE. |
| CVE-2019-9924 | ||
| CVE-2016-9401 | ||
| CVE-2016-7543 |
Getroffen producten en herstel
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2019-9924 CVE-2019-18276 CVE-2016-7543 CVE-2016-9401 |
Dell PowerScale OneFS | 9.1.0.0 through 9.1.0.21 9.2.1.0 through 9.2.1.14 9.3.0.0 through 9.3.0.6 9.4.0.0 through 9.4.0.4 |
Download and install the latest RUP. >= 9.1.0.22 >= 9.2.1.15 >= 9.3.0.7 >= 9.4.0.5 |
PowerScale OneFS Downloads Area |
| Any other version | 1. Upgrade your version of PowerScale OneFS 2. If you cannot upgrade, follow the additional steps in the "Workarounds and Mitigations" section. |
Note: Bash is supplied with Dell PowerScale OneFS for those customers who use Bash in their environments. The version of Bash that was in the affected versions of Dell PowerScale OneFS listed above has been found to have a security vulnerability, which has been remediated. While Dell PowerScale OneFS does not use Bash by default, the remediated version is available in the updated Roll Up Patches (RUPs) for customers who do.
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2019-9924 CVE-2019-18276 CVE-2016-7543 CVE-2016-9401 |
Dell PowerScale OneFS | 9.1.0.0 through 9.1.0.21 9.2.1.0 through 9.2.1.14 9.3.0.0 through 9.3.0.6 9.4.0.0 through 9.4.0.4 |
Download and install the latest RUP. >= 9.1.0.22 >= 9.2.1.15 >= 9.3.0.7 >= 9.4.0.5 |
PowerScale OneFS Downloads Area |
| Any other version | 1. Upgrade your version of PowerScale OneFS 2. If you cannot upgrade, follow the additional steps in the "Workarounds and Mitigations" section. |
Note: Bash is supplied with Dell PowerScale OneFS for those customers who use Bash in their environments. The version of Bash that was in the affected versions of Dell PowerScale OneFS listed above has been found to have a security vulnerability, which has been remediated. While Dell PowerScale OneFS does not use Bash by default, the remediated version is available in the updated Roll Up Patches (RUPs) for customers who do.
Tijdelijke oplossingen en risicobeperking
| CVE | Workarounds |
| CVE-2019-18276 | Use any shell other than Bash shell. Dell PowerScale OneFS does not use the Bash shell by default. |
| CVE-2019-9924 | |
| CVE-2016-9401 | |
| CVE-2016-7543 |
Revisiegeschiedenis
|
Revision |
Date |
Description |
|
1.0 |
2022-09-06 |
Initial Release |
| 1.1 | 2022-10-05 | Updated "Affected Products and Remediation" section |
Verwante informatie
Juridische verklaring van afstand
Getroffen producten
PowerScale OneFS, Product Security InformationArtikeleigenschappen
Artikelnummer: 000202887
Artikeltype: Dell Security Advisory
Laatst aangepast: 05 okt. 2022
Vind antwoorden op uw vragen via andere Dell gebruikers
Support Services
Controleer of uw apparaat wordt gedekt door Support Services.