DSA-2023-136: Dell PowerScale OneFS Security Updates for Multiple Security Vulnerabilities

Samenvatting: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Dit artikel is van toepassing op Dit artikel is niet van toepassing op Dit artikel is niet gebonden aan een specifiek product. Niet alle productversies worden in dit artikel vermeld.
Bekijk andere hulpbronnen

Impact

High

Gegevens

Third-Party Component

CVEs

More Information
Bash CVE-2022-3715 See NVDThis hyperlink is taking you to a website outside of Dell Technologies.  for more details.
OpenSSL

CVE-2023-0286

CVE-2022-4304

CVE-2023-0215

See NVDThis hyperlink is taking you to a website outside of Dell Technologies. for more details.

See NVDThis hyperlink is taking you to a website outside of Dell Technologies. for more details.

See NVDThis hyperlink is taking you to a website outside of Dell Technologies. for more details.

Third-Party Component

CVEs

More Information
Bash CVE-2022-3715 See NVDThis hyperlink is taking you to a website outside of Dell Technologies.  for more details.
OpenSSL

CVE-2023-0286

CVE-2022-4304

CVE-2023-0215

See NVDThis hyperlink is taking you to a website outside of Dell Technologies. for more details.

See NVDThis hyperlink is taking you to a website outside of Dell Technologies. for more details.

See NVDThis hyperlink is taking you to a website outside of Dell Technologies. for more details.
Dell Technologies raadt aan dat alle klanten rekening houden met zowel de basisscore van CVSS als alle relevante tijdelijke en omgevingsscores die gevolgen kunnen hebben voor de mogelijke ernst van de specifieke beveiligingsproblemen.

Getroffen producten en herstel

CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-3715 PowerScale OneFS
 

9.5.0.0 through 9.5.0.1

Download and install the latest RUP

>= 9.5.0.2

 PowerScale OneFS Downloads Area

9.4.0.0 through 9.4.0.13

Download and install the latest RUP >= 9.4.0.14

9.2.1.0 through 9.2.1.22

Download and install the latest RUP >= 9.2.1.23

Any other version

Upgrade your version of PowerScale OneFS to >= 9.5.0.2

CVE-2023-0286

CVE-2022-4304

CVE-2023-0215

 

 

 PowerScale OneFS
 

9.5.0.0 through 9.5.0.1

Download and install the latest RUP.

>= 9.5.0.2

9.4.0.0 through 9.4.0.13

Download and install the latest RUP >= 9.4.0.14

9.2.1.0 through 9.2.1.22

Download and install the latest RUP >= 9.2.1.23

Any other version

Upgrade your version of PowerScale OneFS to >= 9.5.0.2


Note: Bash is supplied with PowerScale OneFS for those customers who use Bash in their environments.  The version of Bash that was included in the affected versions of PowerScale OneFS listed above has been found to have a security vulnerability(CVE-2022-3715), which has been remediated.  While PowerScale OneFS does not use Bash by default, the remediated version is available in the updated Roll Up Patches (RUP) for customers who use it.
CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-3715 PowerScale OneFS
 

9.5.0.0 through 9.5.0.1

Download and install the latest RUP

>= 9.5.0.2

 PowerScale OneFS Downloads Area

9.4.0.0 through 9.4.0.13

Download and install the latest RUP >= 9.4.0.14

9.2.1.0 through 9.2.1.22

Download and install the latest RUP >= 9.2.1.23

Any other version

Upgrade your version of PowerScale OneFS to >= 9.5.0.2

CVE-2023-0286

CVE-2022-4304

CVE-2023-0215

 

 

 PowerScale OneFS
 

9.5.0.0 through 9.5.0.1

Download and install the latest RUP.

>= 9.5.0.2

9.4.0.0 through 9.4.0.13

Download and install the latest RUP >= 9.4.0.14

9.2.1.0 through 9.2.1.22

Download and install the latest RUP >= 9.2.1.23

Any other version

Upgrade your version of PowerScale OneFS to >= 9.5.0.2


Note: Bash is supplied with PowerScale OneFS for those customers who use Bash in their environments.  The version of Bash that was included in the affected versions of PowerScale OneFS listed above has been found to have a security vulnerability(CVE-2022-3715), which has been remediated.  While PowerScale OneFS does not use Bash by default, the remediated version is available in the updated Roll Up Patches (RUP) for customers who use it.
Bash is supplied with Dell PowerScale OneFS for those customers who use Bash in their environments. The version of Bash that was included in the affected versions of Dell PowerScale OneFS listed above has been found to have a security vulnerability(CVE-2022-3715), which has been remediated. While Dell PowerScale OneFS does not use Bash by default, the remediated version is available in the updated Roll Up Patches (RUP) for customers who use it.

Tijdelijke oplossingen en risicobeperking

CVE  Workarounds
CVE-2022-3715 Please use any shell other than bash shell. PowerScale OneFS does not use the bash shell by default.

Revisiegeschiedenis

Revision

Date

Description

1.0

2023-05-02

Initial Release

1.12023-06-13Updated version details from Affected Products and Remediation. Updated for all CVEs for PowerScale Onefs 9.4.0.x
1.22024-03-14Modified updated version column.

Verwante informatie

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Juridische verklaring van afstand

Getroffen producten

PowerScale OneFS, Product Security Information
Artikeleigenschappen
Artikelnummer: 000212709
Artikeltype: Dell Security Advisory
Laatst aangepast: 19 sep. 2025
Vind antwoorden op uw vragen via andere Dell gebruikers
Support Services
Controleer of uw apparaat wordt gedekt door Support Services.