DSA-2021-111: Dell VxRail Appliance Security Update for Multiple Third-Party Component Vulnerabilities

摘要: Dell VxRail remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

本文适用于 本文不适用于 本文并非针对某种特定的产品。 本文并非包含所有产品版本。
查看其他资源

影响

Critical

详情

Dell VxRail Appliance Security Update for Third-party components:

Third-Party Component CVE(s) More information
VMware vCenter Server CVE-2021-21985 Severity: Critical, see VMSA-2021-0010
VMware vCenter Server CVE-2021-21986 Severity: Medium, see VMSA-2021-0010

Third-Party components in VxRail Manager:
Third-Party Component CVE(s) More information
bind-utils CVE-2021-25214

Severity: Medium, see SUSE-SU-2021:1468-1
CVE-2021-25215
curl CVE-2021-22876 Severity: Medium, see
SUSE-SU-2021:1396-1
CVE-2021-22898
glib2-tools CVE-2021-27219 Severity: High, see SUSE-SU-2021:801-1
CVE-2021-27218
glibc CVE-2020-27618 Severity: High, see
SUSE-SU-2021:1165-1
CVE-2020-29562
CVE-2020-29573
kernel CVE-2020-36312 Severity: High, see:
SUSE-SU-2021:1210-1
SUSE-SU-2021:1595-1
CVE-2021-29650
CVE-2021-29155
CVE-2020-36310
CVE-2021-28950
CVE-2020-36322
CVE-2021-3444
CVE-2021-3483
CVE-2021-3444
CVE-2021-3428
CVE-2021-30002
CVE-2021-29647
CVE-2021-29265
CVE-2021-29264
CVE-2021-29154
CVE-2021-28972
CVE-2021-28971
CVE-2021-28964
CVE-2021-28688
CVE-2021-28660
CVE-2021-28038
CVE-2021-27365
CVE-2021-27364
CVE-2021-27363
CVE-2021-26932
CVE-2021-26931
CVE-2021-26930
CVE-2021-20219
CVE-2020-36311
CVE-2020-35519
CVE-2020-29368
CVE-2020-27815
CVE-2020-27171
CVE-2020-27170
CVE-2020-25673
CVE-2020-25672
CVE-2020-25671
CVE-2020-25670
CVE-2020-0433
CVE-2020-29374
json-smart CVE-2021-27568 Severity: Critical, see https://nvd.nist.gov/vuln/detail/CVE-2021-27568
libnettle CVE-2021-20305 Severity: High, see SUSE-SU-2021:1399-1
libxml2 CVE-2021-3516 Severity: High, see:
SUSE-SU-2021:1658-1
SUSE-SU-2021:1524-1
CVE-2021-3517
CVE-2021-3518
CVE-2021-3537
nghttp2 CVE-2018-1000168 Severity: High, see
SUSE-SU-2021:932-1
CVE-2019-9511
CVE-2019-9513
CVE-2016-1544
CVE-2020-11080
pyca/cryptography CVE-2020-36242 Severity: Critical, see https://nvd.nist.gov/vuln/detail/CVE-2020-36242
python CVE-2019-18348 Severity: Medium, see SUSE-SU-2021:794-1
CVE-2021-23336
pyYAML CVE-2020-14343 Severity: Critical, see https://nvd.nist.gov/vuln/detail/CVE-2020-14343
sudo CVE-2021-3156 Severity: High, see SUSE-SU-2021:1274-1
tar CVE-2021-20193 Severity: Low, see SUSE-SU-2021:0975-1
tomcat CVE-2021-25329 Severity: High, see SUSE-SU-2021:0948-1
CVE-2021-25122
xorg-x11-server CVE-2021-3472 Severity: High, see SUSE-SU-2021:1181-1

Dell VxRail Appliance Security Update for Third-party components:

Third-Party Component CVE(s) More information
VMware vCenter Server CVE-2021-21985 Severity: Critical, see VMSA-2021-0010
VMware vCenter Server CVE-2021-21986 Severity: Medium, see VMSA-2021-0010

Third-Party components in VxRail Manager:
Third-Party Component CVE(s) More information
bind-utils CVE-2021-25214

Severity: Medium, see SUSE-SU-2021:1468-1
CVE-2021-25215
curl CVE-2021-22876 Severity: Medium, see
SUSE-SU-2021:1396-1
CVE-2021-22898
glib2-tools CVE-2021-27219 Severity: High, see SUSE-SU-2021:801-1
CVE-2021-27218
glibc CVE-2020-27618 Severity: High, see
SUSE-SU-2021:1165-1
CVE-2020-29562
CVE-2020-29573
kernel CVE-2020-36312 Severity: High, see:
SUSE-SU-2021:1210-1
SUSE-SU-2021:1595-1
CVE-2021-29650
CVE-2021-29155
CVE-2020-36310
CVE-2021-28950
CVE-2020-36322
CVE-2021-3444
CVE-2021-3483
CVE-2021-3444
CVE-2021-3428
CVE-2021-30002
CVE-2021-29647
CVE-2021-29265
CVE-2021-29264
CVE-2021-29154
CVE-2021-28972
CVE-2021-28971
CVE-2021-28964
CVE-2021-28688
CVE-2021-28660
CVE-2021-28038
CVE-2021-27365
CVE-2021-27364
CVE-2021-27363
CVE-2021-26932
CVE-2021-26931
CVE-2021-26930
CVE-2021-20219
CVE-2020-36311
CVE-2020-35519
CVE-2020-29368
CVE-2020-27815
CVE-2020-27171
CVE-2020-27170
CVE-2020-25673
CVE-2020-25672
CVE-2020-25671
CVE-2020-25670
CVE-2020-0433
CVE-2020-29374
json-smart CVE-2021-27568 Severity: Critical, see https://nvd.nist.gov/vuln/detail/CVE-2021-27568
libnettle CVE-2021-20305 Severity: High, see SUSE-SU-2021:1399-1
libxml2 CVE-2021-3516 Severity: High, see:
SUSE-SU-2021:1658-1
SUSE-SU-2021:1524-1
CVE-2021-3517
CVE-2021-3518
CVE-2021-3537
nghttp2 CVE-2018-1000168 Severity: High, see
SUSE-SU-2021:932-1
CVE-2019-9511
CVE-2019-9513
CVE-2016-1544
CVE-2020-11080
pyca/cryptography CVE-2020-36242 Severity: Critical, see https://nvd.nist.gov/vuln/detail/CVE-2020-36242
python CVE-2019-18348 Severity: Medium, see SUSE-SU-2021:794-1
CVE-2021-23336
pyYAML CVE-2020-14343 Severity: Critical, see https://nvd.nist.gov/vuln/detail/CVE-2020-14343
sudo CVE-2021-3156 Severity: High, see SUSE-SU-2021:1274-1
tar CVE-2021-20193 Severity: Low, see SUSE-SU-2021:0975-1
tomcat CVE-2021-25329 Severity: High, see SUSE-SU-2021:0948-1
CVE-2021-25122
xorg-x11-server CVE-2021-3472 Severity: High, see SUSE-SU-2021:1181-1
Dell Technologies 建议所有客户考虑 CVSS 基本分数以及任何相关的时间和环境分数,这可能会影响与特定安全漏洞相关的潜在严重程度。

受影响的产品和补救措施

CVE(s) Addressed Product Affected Version(s) Updated Version(s)
See table above Dell VxRail Appliance  4.7.x versions prior to 4.7.531  4.7.531
CVE(s) Addressed Product Affected Version(s) Updated Version(s)
See table above Dell VxRail Appliance  4.7.x versions prior to 4.7.531  4.7.531

解决方法和缓解措施

See KB article 187489: VxRail: Information on VMSA-2021-0010 and VxRail environments   

修订历史记录

RevisionDateDescription
1.02021-06-03Initial Release

相关信息

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

法律免责声明

受影响的产品

VxRail, Product Security Information
文章属性
文章编号: 000187919
文章类型: Dell Security Advisory
上次修改时间: 19 9月 2025
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。