DSA-2019-033: Dell EMC Data Domain Security Update for Oracle JRE Vulnerabilities

Multiple components within the Dell EMC Data Domain have been updated to address various vulnerabilities. The embedded components are updated for the following vulnerabilities:  

• CVE-2018-3180
  5.6 (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.  

To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.

Affected products:  
 Dell EMC Data Domain versions prior to: 

• DDOS 6.0.2.40

• DDOS 6.1.2.30

• DDOS 6.2.0.10

• DDMC 6.1.2.30

• DDMC 6.2.0.10

Dell EMC Data Domain versions:  

• DDMC 2.0.1.1 and earlier

Remediation:
The following Dell EMC  Data Domain releases address this vulnerability:  
 
Dell EMC Data Domain version:  

• DDOS 6.0.2.40

• DDOS 6.1.2.30

• DDOS 6.2.0.10

• DDMC 6.1.2.30

• DDMC 6.2.0.10

Dell EMC recommends all customers upgrade at the earliest opportunity. Contact Dell EMC Data Domain customer support to download the required rpm file and install it.

Dell EMC recommends all customers who currently using DDMC 2.0.1.1 or earlier, upgrade to DDMC 6.1.2.30 or DDMC 6.2.0.10

To upgrade your Dell EMC Data Domain system contact Dell EMC Data Domain Customer Support.
.