DSA-2022-215: Dell PowerScale OneFS Security Update for Multiple Third-Party Component Vulnerabilities
Summary: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Bu makale şunlar için geçerlidir:
Bu makale şunlar için geçerli değildir:
Bu makale, belirli bir ürüne bağlı değildir.
Bu makalede tüm ürün sürümleri tanımlanmamıştır.
Impact
High
Details
| Third-party Component | CVEs | More Information |
| Bash | CVE-2019-18276 | See NVD (https://nvd.nist.gov/) for individual scores for each CVE. |
| CVE-2019-9924 | ||
| CVE-2016-9401 | ||
| CVE-2016-7543 |
| Third-party Component | CVEs | More Information |
| Bash | CVE-2019-18276 | See NVD (https://nvd.nist.gov/) for individual scores for each CVE. |
| CVE-2019-9924 | ||
| CVE-2016-9401 | ||
| CVE-2016-7543 |
Etkilenen Ürünler ve Düzeltme
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2019-9924 CVE-2019-18276 CVE-2016-7543 CVE-2016-9401 |
Dell PowerScale OneFS | 9.1.0.0 through 9.1.0.21 9.2.1.0 through 9.2.1.14 9.3.0.0 through 9.3.0.6 9.4.0.0 through 9.4.0.4 |
Download and install the latest RUP. >= 9.1.0.22 >= 9.2.1.15 >= 9.3.0.7 >= 9.4.0.5 |
PowerScale OneFS Downloads Area |
| Any other version | 1. Upgrade your version of PowerScale OneFS 2. If you cannot upgrade, follow the additional steps in the "Workarounds and Mitigations" section. |
Note: Bash is supplied with Dell PowerScale OneFS for those customers who use Bash in their environments. The version of Bash that was in the affected versions of Dell PowerScale OneFS listed above has been found to have a security vulnerability, which has been remediated. While Dell PowerScale OneFS does not use Bash by default, the remediated version is available in the updated Roll Up Patches (RUPs) for customers who do.
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2019-9924 CVE-2019-18276 CVE-2016-7543 CVE-2016-9401 |
Dell PowerScale OneFS | 9.1.0.0 through 9.1.0.21 9.2.1.0 through 9.2.1.14 9.3.0.0 through 9.3.0.6 9.4.0.0 through 9.4.0.4 |
Download and install the latest RUP. >= 9.1.0.22 >= 9.2.1.15 >= 9.3.0.7 >= 9.4.0.5 |
PowerScale OneFS Downloads Area |
| Any other version | 1. Upgrade your version of PowerScale OneFS 2. If you cannot upgrade, follow the additional steps in the "Workarounds and Mitigations" section. |
Note: Bash is supplied with Dell PowerScale OneFS for those customers who use Bash in their environments. The version of Bash that was in the affected versions of Dell PowerScale OneFS listed above has been found to have a security vulnerability, which has been remediated. While Dell PowerScale OneFS does not use Bash by default, the remediated version is available in the updated Roll Up Patches (RUPs) for customers who do.
Geçici Çözümler ve Risk Azaltma
| CVE | Workarounds |
| CVE-2019-18276 | Use any shell other than Bash shell. Dell PowerScale OneFS does not use the Bash shell by default. |
| CVE-2019-9924 | |
| CVE-2016-9401 | |
| CVE-2016-7543 |
Revision History
|
Revision |
Date |
Description |
|
1.0 |
2022-09-06 |
Initial Release |
| 1.1 | 2022-10-05 | Updated "Affected Products and Remediation" section |
Related Information
Yasal Uyarı
Etkilenen Ürünler
PowerScale OneFS, Product Security InformationMakale Özellikleri
Article Number: 000202887
Article Type: Dell Security Advisory
Son Değiştirme: 05 Eki 2022
Sorularınıza diğer Dell kullanıcılarından yanıtlar bulun
Destek Hizmetleri
Aygıtınızın Destek Hizmetleri kapsamında olup olmadığını kontrol edin.