DSA-2019-007: Dell EMC VPLEX Security Update for Multiple Embedded Components Vulnerabilities
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Critical
Details
Summary:
Multiple components within Dell EMC VPLEX require a security update to address various vulnerabilities.
Multiple components within the Dell EMC VPLEX is updated to address various vulnerabilities:
-
Libjasper
-
Python
-
Samba
-
Libxml2
-
Pam-module
The embedded components are updated for the following vulnerabilities:
- Libjasper
CVE-2008-3522 CVE-2015-5203 CVE-2015-5221 CVE-2016-1577
CVE-2016-1867 CVE-2016-2089 CVE-2016-2116 CVE-2016-8690
CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 CVE-2016-8880
CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8884
CVE-2016-8885 CVE-2016-8886 CVE-2016-8887
- Python
CVE-2016-5636 CVE-2018-1060 CVE-2018-1061
-
Samba
CVE-2017-7494
-
Libxml2
CVE-2016-4658 CVE-2017-0663 CVE-2017-5969 CVE-2017-7375
CVE-2017-7376
CVE-2017-7376
-
Pam-module
CVE-2011-3172
For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.
To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.
Multiple components within the Dell EMC VPLEX is updated to address various vulnerabilities:
-
Libjasper
-
Python
-
Samba
-
Libxml2
-
Pam-module
The embedded components are updated for the following vulnerabilities:
- Libjasper
CVE-2008-3522 CVE-2015-5203 CVE-2015-5221 CVE-2016-1577
CVE-2016-1867 CVE-2016-2089 CVE-2016-2116 CVE-2016-8690
CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 CVE-2016-8880
CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8884
CVE-2016-8885 CVE-2016-8886 CVE-2016-8887
- Python
CVE-2016-5636 CVE-2018-1060 CVE-2018-1061
-
Samba
CVE-2017-7494
-
Libxml2
CVE-2016-4658 CVE-2017-0663 CVE-2017-5969 CVE-2017-7375
CVE-2017-7376
CVE-2017-7376
-
Pam-module
CVE-2011-3172
For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.
To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.
Affected Products & Remediation
Affected products:
Dell EMC VPLEX Software: GeoSynchrony versions prior to 6.1.0.01.00
Remediation:
The following Dell EMC VPLEX release address these vulnerabilities:
-
Dell EMC VPLEX Software: GeoSynchrony 6.1.0.01.00
For Dell EMC VPLEX version 5.4 and later, the security update is contained in the release 6.1.0.01.00.
Dell EMC recommends all customers upgrade at the earliest opportunity. Contact Dell EMC VPLEX customer support to download the required rpm file and install it.
To upgrade your Dell EMC VPLEX system contact Dell EMC VPLEX Customer Support.
Affected products:
Dell EMC VPLEX Software: GeoSynchrony versions prior to 6.1.0.01.00
Remediation:
The following Dell EMC VPLEX release address these vulnerabilities:
-
Dell EMC VPLEX Software: GeoSynchrony 6.1.0.01.00
For Dell EMC VPLEX version 5.4 and later, the security update is contained in the release 6.1.0.01.00.
Dell EMC recommends all customers upgrade at the earliest opportunity. Contact Dell EMC VPLEX customer support to download the required rpm file and install it.
To upgrade your Dell EMC VPLEX system contact Dell EMC VPLEX Customer Support.
Related Information
Legal Disclaimer
Affected Products
VPLEX GeoSynchronyProducts
Product Security Information, VPLEX GeoSynchronyArticle Properties
Article Number: 000153787
Article Type: Dell Security Advisory
Last Modified: 22 May 2021
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.