Ana içeriğe atla
  • Hızla ve kolayca sipariş verin
  • Siparişleri görüntüleyin ve kargonuzun durumunu izleyin
  • Ürünlerinizin listesini oluşturun ve listeye erişin
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000202087


DSA-2022-218: Dell Data Computing Appliance Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell Data Computing Appliance (DCA) contains remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content


Impact

Critical

Details

Third-party Component CVEs More information


kernel
CVE-2021-4028 See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
CVE-2021-4083
CVE-2022-0492
CVE-2020-0465
CVE-2020-0466
CVE-2021-0920
CVE-2021-3564
CVE-2021-3573
CVE-2021-3752
CVE-2021-4155
CVE-2022-0330
CVE-2022-22942
libxml2 CVE-2016-4658  
libX11 CVE-2021-31535  
httpd CVE-2021-40438  
CVE-2022-22720
CVE-2021-26691
CVE-2021-34798
CVE-2021-39275
CVE-2021-44790
nss CVE-2021-43527  
CVE-2020-25648
sssd CVE-2021-3621  
xorg-x11-server CVE-2021-3472  
CVE-2021-4008
CVE-2021-4009
CVE-2021-4010
CVE-2021-4011
java-1.8.0-openjdk CVE-2022-21248  
CVE-2022-21282
CVE-2022-21283
CVE-2022-21293
CVE-2022-21294
CVE-2022-21296
CVE-2022-21299
CVE-2022-21305
CVE-2022-21340
CVE-2022-21341
CVE-2022-21360
CVE-2022-21365
polkit CVE-2021-4034  
openssl CVE-2021-3712  
CVE-2022-0778
rpm  CVE-2021-20271  
openldap CVE-2020-25692  
CVE-2020-25709
CVE-2020-25710
Ansible CVE-2021-3620  
openssh CVE-2021-41617  
nettle CVE-2021-20305  
CVE-2021-20305
binutils CVE-2021-42574  
bind CVE-2021-25214  
CVE-2021-25215
microcode_ctl CVE-2020-0543  
CVE-2020-0548
CVE-2020-0549
CVE-2020-24489
CVE-2020-24511
CVE-2020-24512
CVE-2020-8695
CVE-2020-8696
CVE-2020-8698
CVE-2020-24489
CVE-2020-24511
CVE-2020-24512
CVE-2020-24513
Krb5 CVE-2021-37750  
glib2 CVE-2021-27219  
cyrus-sasl CVE-2022-24407  
gzip CVE-2022-1271  
zlib CVE-2018-25032  
rsyslog CVE-2022-24903  
postgresql CVE-2019-10208  
CVE-2020-25694
CVE-2020-25695
CVE-2021-32027
CVE-2022-1552
xz CVE-2022-1271  
expat CVE-2021-45960





                       
CVE-2021-46143
CVE-2022-22822
CVE-2022-22823
CVE-2022-22824
CVE-2022-22825
CVE-2022-22826
CVE-2022-22827
CVE-2022-23852
CVE-2022-25235
CVE-2022-25236
CVE-2022-25315
INTEL-TA-00525 CVE-2020-0592  
CVE-2020-8738
CVE-2020-8740
CVE-2020-8764
CVE-2020-12357
CVE-2020-12360
CVE-2021-0092
CVE-2021-0144
Third-party Component CVEs More information


kernel
CVE-2021-4028 See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
CVE-2021-4083
CVE-2022-0492
CVE-2020-0465
CVE-2020-0466
CVE-2021-0920
CVE-2021-3564
CVE-2021-3573
CVE-2021-3752
CVE-2021-4155
CVE-2022-0330
CVE-2022-22942
libxml2 CVE-2016-4658  
libX11 CVE-2021-31535  
httpd CVE-2021-40438  
CVE-2022-22720
CVE-2021-26691
CVE-2021-34798
CVE-2021-39275
CVE-2021-44790
nss CVE-2021-43527  
CVE-2020-25648
sssd CVE-2021-3621  
xorg-x11-server CVE-2021-3472  
CVE-2021-4008
CVE-2021-4009
CVE-2021-4010
CVE-2021-4011
java-1.8.0-openjdk CVE-2022-21248  
CVE-2022-21282
CVE-2022-21283
CVE-2022-21293
CVE-2022-21294
CVE-2022-21296
CVE-2022-21299
CVE-2022-21305
CVE-2022-21340
CVE-2022-21341
CVE-2022-21360
CVE-2022-21365
polkit CVE-2021-4034  
openssl CVE-2021-3712  
CVE-2022-0778
rpm  CVE-2021-20271  
openldap CVE-2020-25692  
CVE-2020-25709
CVE-2020-25710
Ansible CVE-2021-3620  
openssh CVE-2021-41617  
nettle CVE-2021-20305  
CVE-2021-20305
binutils CVE-2021-42574  
bind CVE-2021-25214  
CVE-2021-25215
microcode_ctl CVE-2020-0543  
CVE-2020-0548
CVE-2020-0549
CVE-2020-24489
CVE-2020-24511
CVE-2020-24512
CVE-2020-8695
CVE-2020-8696
CVE-2020-8698
CVE-2020-24489
CVE-2020-24511
CVE-2020-24512
CVE-2020-24513
Krb5 CVE-2021-37750  
glib2 CVE-2021-27219  
cyrus-sasl CVE-2022-24407  
gzip CVE-2022-1271  
zlib CVE-2018-25032  
rsyslog CVE-2022-24903  
postgresql CVE-2019-10208  
CVE-2020-25694
CVE-2020-25695
CVE-2021-32027
CVE-2022-1552
xz CVE-2022-1271  
expat CVE-2021-45960





                       
CVE-2021-46143
CVE-2022-22822
CVE-2022-22823
CVE-2022-22824
CVE-2022-22825
CVE-2022-22826
CVE-2022-22827
CVE-2022-23852
CVE-2022-25235
CVE-2022-25236
CVE-2022-25315
INTEL-TA-00525 CVE-2020-0592  
CVE-2020-8738
CVE-2020-8740
CVE-2020-8764
CVE-2020-12357
CVE-2020-12360
CVE-2021-0092
CVE-2021-0144

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product Affected Versions Updated Versions Link to Update
DCA Versions before DCA 4.3.1.0 DCA 4.3.1.0 Download Greenplum-Data-Computing-Appliance-Software-Upgrade-to-4.3.1.0.bin package from https://dl.dell.com/downloads/
DCA Versions before Firmware tool 3I00 DCA Firmware tool 3I00 https://dl.dell.com/downloads/DLD2955_3I00-Firmware-Update-Utility-for-DCAv3.tgz.
Product Affected Versions Updated Versions Link to Update
DCA Versions before DCA 4.3.1.0 DCA 4.3.1.0 Download Greenplum-Data-Computing-Appliance-Software-Upgrade-to-4.3.1.0.bin package from https://dl.dell.com/downloads/
DCA Versions before Firmware tool 3I00 DCA Firmware tool 3I00 https://dl.dell.com/downloads/DLD2955_3I00-Firmware-Update-Utility-for-DCAv3.tgz.

Workarounds and Mitigations

Dell Software:
Only Dell Data Computing Appliance (DCA) version 4.0.0.0, 4.1.0.0, 4.2.0.0, and 4.2.1.0 can be upgraded to version 4.3.0.0 and then can be upgraded to 4.3.1.0. To upgrade to an earlier DCA version, you must migrate to version 4.0.0.0 (THEL7), upgrade to version 4.3.0.0, and then upgrade to 4.3.1.0.

Revision History

RevisionDateDescription
1.02022-08-02Initial release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


Article Properties


Affected Product

Data Computing Appliance V3, Product Security Information

Last Published Date

02 Ağu 2022

Version

1

Article Type

Dell Security Advisory