Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Create and access a list of your products
Sign In Create an Account Premier Sign In Partner Program Sign In
Contact Us

DSA-2019-009: Dell EMC Unity Family Security Update for Multiple Vulnerabilities in Embedded Components

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

Critical

Details

Summary:  
Multiple embedded components within the Dell EMC Unity Product Family require security updates to address various vulnerabilities.

The embedded components are updated for the vulnerabilities listed below:  

  • Apache

CVE-2016-4975    CVE-2016-8743

  • Apache tomcat

CVE-2018-1304    CVE-2018-1305

  • binutils

CVE-2014-9939    CVE-2017-6965    CVE-2017-6966    CVE-2017-6969
CVE-2017-7209    CVE-2017-7210    CVE-2017-7223    CVE-2017-7224
CVE-2017-7225    CVE-2017-7226    CVE-2017-7227    CVE-2017-7299
CVE-2017-7300    CVE-2017-7301    CVE-2017-7302    CVE-2017-7303
CVE-2017-7304    CVE-2017-7614    CVE-2017-8392    CVE-2017-8393
CVE-2017-8394    CVE-2017-8395    CVE-2017-8396    CVE-2017-8397
CVE-2017-8398    CVE-2017-8421    CVE-2017-9038    CVE-2017-9039
CVE-2017-9040    CVE-2017-9041    CVE-2017-9042    CVE-2017-9043
CVE-2017-9044    CVE-2017-9746    CVE-2017-9747    CVE-2017-9748
CVE-2017-9750    CVE-2017-9755    CVE-2017-9756    CVE-2017-9954
CVE-2017-9955    CVE-2017-12448    CVE-2017-12450    CVE-2017-12452
CVE-2017-12453    CVE-2017-12454    CVE-2017-12456    CVE-2017-12799
CVE-2017-13757    CVE-2017-14128    CVE-2017-14129    CVE-2017-14130
CVE-2017-14333    CVE-2017-14529    CVE-2017-14729    CVE-2017-14745
CVE-2017-14974    CVE-2017-15938    CVE-2017-15939    CVE-2017-15996
CVE-2017-16826    CVE-2017-16827    CVE-2017-16828    CVE-2017-16829
CVE-2017-16830    CVE-2017-16831    CVE-2017-16832    CVE-2018-6323
CVE-2018-6543    CVE-2018-6759    CVE-2018-6872    CVE-2018-7208
CVE-2018-7568    CVE-2018-7569    CVE-2018-7570    CVE-2018-7642
CVE-2018-7643    CVE-2018-8945    CVE-2018-10372    CVE-2018-10373
CVE-2018-10534    CVE-2018-10535

  • curl

CVE-2018-1000301

  • glibc

CVE-2017-12132    CVE-2017-15670    CVE-2017-15671    CVE-2017-15804
CVE-2018-11236

  • gnutls

CVE-2017-10790    CVE-2018-10844    CVE-2018-10845    CVE-2018-10846

  • kernel

CVE-2017-1000365    CVE-2018-5391

  • Krb5

CVE-2017-7562

  • net-snmp

CVE-2018-18065

  • NTP

CVE-2018-7170    CVE-2018-12327

  • OpenSLP

CVE-2017-17833

  • OpenSSH

CVE-2008-1483

  • OpenSSL

CVE-2018-0732    CVE-2018-0737

  • Oracle Java SE

CVE-2018-2938    CVE-2018-2940    CVE-2018-2941    CVE-2018-2952
CVE-2018-2964    CVE-2018-2972    CVE-2018-2973    CVE-2018-3136
CVE-2018-3139    CVE-2018-3149    CVE-2018-3150    CVE-2018-3157
CVE-2018-3169    CVE-2018-3180    CVE-2018-3183    CVE-2018-3209
CVE-2018-3211    CVE-2018-3214    CVE-2018-13785

For more information about the Common Vulnerability and Exposure (CVE) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.

To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.

The embedded components are updated for the vulnerabilities listed below:  

  • Apache

CVE-2016-4975    CVE-2016-8743

  • Apache tomcat

CVE-2018-1304    CVE-2018-1305

  • binutils

CVE-2014-9939    CVE-2017-6965    CVE-2017-6966    CVE-2017-6969
CVE-2017-7209    CVE-2017-7210    CVE-2017-7223    CVE-2017-7224
CVE-2017-7225    CVE-2017-7226    CVE-2017-7227    CVE-2017-7299
CVE-2017-7300    CVE-2017-7301    CVE-2017-7302    CVE-2017-7303
CVE-2017-7304    CVE-2017-7614    CVE-2017-8392    CVE-2017-8393
CVE-2017-8394    CVE-2017-8395    CVE-2017-8396    CVE-2017-8397
CVE-2017-8398    CVE-2017-8421    CVE-2017-9038    CVE-2017-9039
CVE-2017-9040    CVE-2017-9041    CVE-2017-9042    CVE-2017-9043
CVE-2017-9044    CVE-2017-9746    CVE-2017-9747    CVE-2017-9748
CVE-2017-9750    CVE-2017-9755    CVE-2017-9756    CVE-2017-9954
CVE-2017-9955    CVE-2017-12448    CVE-2017-12450    CVE-2017-12452
CVE-2017-12453    CVE-2017-12454    CVE-2017-12456    CVE-2017-12799
CVE-2017-13757    CVE-2017-14128    CVE-2017-14129    CVE-2017-14130
CVE-2017-14333    CVE-2017-14529    CVE-2017-14729    CVE-2017-14745
CVE-2017-14974    CVE-2017-15938    CVE-2017-15939    CVE-2017-15996
CVE-2017-16826    CVE-2017-16827    CVE-2017-16828    CVE-2017-16829
CVE-2017-16830    CVE-2017-16831    CVE-2017-16832    CVE-2018-6323
CVE-2018-6543    CVE-2018-6759    CVE-2018-6872    CVE-2018-7208
CVE-2018-7568    CVE-2018-7569    CVE-2018-7570    CVE-2018-7642
CVE-2018-7643    CVE-2018-8945    CVE-2018-10372    CVE-2018-10373
CVE-2018-10534    CVE-2018-10535

  • curl

CVE-2018-1000301

  • glibc

CVE-2017-12132    CVE-2017-15670    CVE-2017-15671    CVE-2017-15804
CVE-2018-11236

  • gnutls

CVE-2017-10790    CVE-2018-10844    CVE-2018-10845    CVE-2018-10846

  • kernel

CVE-2017-1000365    CVE-2018-5391

  • Krb5

CVE-2017-7562

  • net-snmp

CVE-2018-18065

  • NTP

CVE-2018-7170    CVE-2018-12327

  • OpenSLP

CVE-2017-17833

  • OpenSSH

CVE-2008-1483

  • OpenSSL

CVE-2018-0732    CVE-2018-0737

  • Oracle Java SE

CVE-2018-2938    CVE-2018-2940    CVE-2018-2941    CVE-2018-2952
CVE-2018-2964    CVE-2018-2972    CVE-2018-2973    CVE-2018-3136
CVE-2018-3139    CVE-2018-3149    CVE-2018-3150    CVE-2018-3157
CVE-2018-3169    CVE-2018-3180    CVE-2018-3183    CVE-2018-3209
CVE-2018-3211    CVE-2018-3214    CVE-2018-13785

For more information about the Common Vulnerability and Exposure (CVE) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.

To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Affected products:     
Dell EMC Unity Operating Environment (OE) versions prior to 4.5.0.0.5.096
Dell EMC Unity VSA Operating Environment (OE) versions prior to 4.5.0.0.5.096


Remediation:     
The following Dell EMC Unity releases address these vulnerabilities:      

  • Dell EMC Unity Operating Environment (OE) 4.5.0.0.5.096

  • Dell EMC UnityVSA Operating Environment (OE) 4.5.0.0.5.096

To take advantage of the latest security fixes and enhancements, Dell EMC recommends upgrading to the latest Unity OE code.

Customers can refer to Dell EMC target code information at https://support.emc.com/docu39695_Target_Revisions_and_Adoption_Rates.pdf?language=en_US&language=en_US.


Link to Remedies:     
Registered Dell EMC Support customers can download Unity software from the Dell EMC Online Support web site.



Affected products:     
Dell EMC Unity Operating Environment (OE) versions prior to 4.5.0.0.5.096
Dell EMC Unity VSA Operating Environment (OE) versions prior to 4.5.0.0.5.096


Remediation:     
The following Dell EMC Unity releases address these vulnerabilities:      

  • Dell EMC Unity Operating Environment (OE) 4.5.0.0.5.096

  • Dell EMC UnityVSA Operating Environment (OE) 4.5.0.0.5.096

To take advantage of the latest security fixes and enhancements, Dell EMC recommends upgrading to the latest Unity OE code.

Customers can refer to Dell EMC target code information at https://support.emc.com/docu39695_Target_Revisions_and_Adoption_Rates.pdf?language=en_US&language=en_US.


Link to Remedies:     
Registered Dell EMC Support customers can download Unity software from the Dell EMC Online Support web site.



Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

Dell EMC Unity Family

Products

Product Security Information, Dell Unity 300, Dell EMC Unity 300F, Dell EMC Unity 350F, Dell EMC Unity 400, Dell EMC Unity 400F, Dell EMC Unity 450F, Dell EMC Unity 500, Dell EMC Unity 500F, Dell EMC Unity 550F, Dell EMC Unity 600 , Dell EMC Unity 600F, Dell EMC Unity Family, Dell EMC Unity Hybrid ...
Article Properties
Article Number: 000001859
Article Type: Dell Security Advisory
Last Modified: 22 May 2021
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.