DSA-2022-112: DELL PowerFlex Security Update for Multiple Vulnerabilities
Podsumowanie: Remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Ten artykuł dotyczy
Ten artykuł nie dotyczy
Ten artykuł nie jest powiązany z żadnym konkretnym produktem.
Nie wszystkie wersje produktu zostały zidentyfikowane w tym artykule.
Skutki
High
Szczegóły
| Component | CVEs | More Information |
| PowerFlex components using OpenSSL | CVE-2021-3711, CVE-2021-3712, CVE-2022-0778 |
OpenSSL is used by PowerFlex for Secure communication between its different components. |
| PowerFlex Gateway using Spring4Shell | CVE-2022-22965 | Spring article: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement  |
| PowerFlex Presentation server and Gateway using Java or OpenJDK | CVE-2022-21248, CVE-2022-21282, CVE-2022-21283, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296 |
Oracle article: https://www.oracle.com/security-alerts/cpujan2022.html#AppendixJAVA |
| PowerFlex Custom node R6525 | CVE-2021-26339, CVE-2021-26373, CVE-2021-26347, CVE-2021-26376, CVE-2021-26375, CVE-2021-26378, CVE-2021-26372, CVE-2021-26348, CVE-2021-26342, CVE-2021-26388, CVE-2021-26349, CVE-2021-26364, CVE-2021-26312, CVE-2021-26350 |
Dell article: https://www.dell.com/support/kbdoc/en-vn/000199269/dsa-2022-126-dell-poweredge-server-security-updates-for-amd-server-vulnerabilities |
| Component | CVEs | More Information |
| PowerFlex components using OpenSSL | CVE-2021-3711, CVE-2021-3712, CVE-2022-0778 |
OpenSSL is used by PowerFlex for Secure communication between its different components. |
| PowerFlex Gateway using Spring4Shell | CVE-2022-22965 | Spring article: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement |
| PowerFlex Presentation server and Gateway using Java or OpenJDK | CVE-2022-21248, CVE-2022-21282, CVE-2022-21283, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296 |
Oracle article: https://www.oracle.com/security-alerts/cpujan2022.html#AppendixJAVA |
| PowerFlex Custom node R6525 | CVE-2021-26339, CVE-2021-26373, CVE-2021-26347, CVE-2021-26376, CVE-2021-26375, CVE-2021-26378, CVE-2021-26372, CVE-2021-26348, CVE-2021-26342, CVE-2021-26388, CVE-2021-26349, CVE-2021-26364, CVE-2021-26312, CVE-2021-26350 |
Dell article: https://www.dell.com/support/kbdoc/en-vn/000199269/dsa-2022-126-dell-poweredge-server-security-updates-for-amd-server-vulnerabilities |
Produkty, których dotyczy problem, i środki zaradcze
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update | |||||
| CVE-2021-3711, CVE-2021-3712 CVE-2022-0778 | OpenSSL used by PowerFlex Software |
PowerFlex versions before 3.6.0.4 or latest SVM patch bundle. | PowerFlex 3.6.0.4 OVA includes this updated OpenSSL package SVM Patch bundle from August 4, 2022 |
PowerFlex_3.6.0.4_107_Complete_Software.zip (with latest OVA) SVM_OS_Patching_package_04082022.zip (for use with manual SVM upgrade) For customer managed operating system, must upgrade with package openssl-libs-1.0.2k-24 based package, an example for CentOS7.9: openssl-libs-1.0.2k-24.el7_9.x86_64.rpm. |
|||||
| CVE-2022-22965 | PowerFlex Software | PowerFlex versions before 3.6.0.4 or 3.5.1.6 | PowerFlex 3.6.0.4 PowerFlex 3.5.1.6 and later versions |
PowerFlex_3.6.0.4_107_Complete_Software.zip (with latest PowerFlex Gateway rpm) PowerFlex_3.5.1.6_110_Complete_Software.zip (with latest PowerFlex Gateway rpm) |
|||||
| CVE-2021-21248 CVE-2021-21282 CVE-2021-21283 CVE-2021-21293 CVE-2021-21294 CVE-2021-21296 | PowerFlex Software | PowerFlex versions before 3.6.0.4 | PowerFlex 3.6.0.4 and later versions | PowerFlex_3.6.0.4_107_Complete_Software.zip (with latest OVA) For customer managed operating system, self-upgrade is required with package java-1.8.0-openjdk-headless-1.8.0.322 based package for the compatible operating system or the java compatible version, an example for CentOS7.9: java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el7_9 Guidelines: Java upgrade prerequisites. |
|||||
| CVE-2021-26373 CVE-2021-26339 CVE-2021-26344 CVE-2021-26347 CVE-2021-26376 CVE-2021-26375 CVE-2021-26378 CVE-2021-26372 CVE-2021-26348 CVE-2021-26342 CVE-2021-26388 CVE-2021-26349 CVE-2021-26328 |
R6525 custom node |
BIOS Versions before 2.6.6 for AMD |
AMD BIOS: 2.6.6 | Downloads (when upgrade is with using OME) Documents (when manual upgrade) |
|||||
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update | |||||
| CVE-2021-3711, CVE-2021-3712 CVE-2022-0778 | OpenSSL used by PowerFlex Software |
PowerFlex versions before 3.6.0.4 or latest SVM patch bundle. | PowerFlex 3.6.0.4 OVA includes this updated OpenSSL package SVM Patch bundle from August 4, 2022 |
PowerFlex_3.6.0.4_107_Complete_Software.zip (with latest OVA) SVM_OS_Patching_package_04082022.zip (for use with manual SVM upgrade) For customer managed operating system, must upgrade with package openssl-libs-1.0.2k-24 based package, an example for CentOS7.9: openssl-libs-1.0.2k-24.el7_9.x86_64.rpm. |
|||||
| CVE-2022-22965 | PowerFlex Software | PowerFlex versions before 3.6.0.4 or 3.5.1.6 | PowerFlex 3.6.0.4 PowerFlex 3.5.1.6 and later versions |
PowerFlex_3.6.0.4_107_Complete_Software.zip (with latest PowerFlex Gateway rpm) PowerFlex_3.5.1.6_110_Complete_Software.zip (with latest PowerFlex Gateway rpm) |
|||||
| CVE-2021-21248 CVE-2021-21282 CVE-2021-21283 CVE-2021-21293 CVE-2021-21294 CVE-2021-21296 | PowerFlex Software | PowerFlex versions before 3.6.0.4 | PowerFlex 3.6.0.4 and later versions | PowerFlex_3.6.0.4_107_Complete_Software.zip (with latest OVA) For customer managed operating system, self-upgrade is required with package java-1.8.0-openjdk-headless-1.8.0.322 based package for the compatible operating system or the java compatible version, an example for CentOS7.9: java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el7_9 Guidelines: Java upgrade prerequisites. |
|||||
| CVE-2021-26373 CVE-2021-26339 CVE-2021-26344 CVE-2021-26347 CVE-2021-26376 CVE-2021-26375 CVE-2021-26378 CVE-2021-26372 CVE-2021-26348 CVE-2021-26342 CVE-2021-26388 CVE-2021-26349 CVE-2021-26328 |
R6525 custom node |
BIOS Versions before 2.6.6 for AMD |
AMD BIOS: 2.6.6 | Downloads (when upgrade is with using OME) Documents (when manual upgrade) |
|||||
Historia zmian
| Revision | Date | Description |
| 1.0 | 2022-05-02 | Initial Draft for review |
| 2.0 | 2022-05-03 | Clarified some OpenSSL upgrade info |
| 3.0 | 2022-05-06 | Updated CVEs for AMD issue based on new AMD-SN |
Powiązane informacje
Zastrzeżenie prawne
Produkty, których dotyczy problem
PowerFlex custom node, PowerFlex custom node, PowerFlex custom node R650, PowerFlex custom node R6525Produkty
Product Security InformationWłaściwości artykułu
Numer artykułu: 000199942
Typ artykułu: Dell Security Advisory
Ostatnia modyfikacja: 05 lis 2025
Znajdź odpowiedzi na swoje pytania u innych użytkowników produktów Dell
Usługi pomocy technicznej
Sprawdź, czy Twoje urządzenie jest objęte usługą pomocy technicznej.