DSA-2022-218: Dell Data Computing Appliance Security Update for Multiple Third-Party Component Vulnerabilities

Table of Contents

Detailed Article

Impact

Details

Affected Products & Remediation

Workarounds & Mitigations

Revision History

Related Info

Legal Disclaimer

Affected Products

Provide Feedback

Summary: Dell Data Computing Appliance (DCA) contains remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Check out other resources

Impact

Critical

Details

Third-party Component	CVEs	More information
kernel	CVE-2021-4028	See NVD (http://nvd.nist.gov/ ) for individual scores for each CVE.
	CVE-2021-4083
	CVE-2022-0492
	CVE-2020-0465
	CVE-2020-0466
	CVE-2021-0920
	CVE-2021-3564
	CVE-2021-3573
	CVE-2021-3752
	CVE-2021-4155
	CVE-2022-0330
	CVE-2022-22942
libxml2	CVE-2016-4658
libX11	CVE-2021-31535
httpd	CVE-2021-40438
	CVE-2022-22720
	CVE-2021-26691
	CVE-2021-34798
	CVE-2021-39275
	CVE-2021-44790
nss	CVE-2021-43527
nss	CVE-2020-25648
sssd	CVE-2021-3621
xorg-x11-server	CVE-2021-3472
	CVE-2021-4008
	CVE-2021-4009
	CVE-2021-4010
	CVE-2021-4011
java-1.8.0-openjdk	CVE-2022-21248
	CVE-2022-21282
	CVE-2022-21283
	CVE-2022-21293
	CVE-2022-21294
	CVE-2022-21296
	CVE-2022-21299
	CVE-2022-21305
	CVE-2022-21340
	CVE-2022-21341
	CVE-2022-21360
	CVE-2022-21365
polkit	CVE-2021-4034
openssl	CVE-2021-3712
openssl	CVE-2022-0778
rpm	CVE-2021-20271
openldap	CVE-2020-25692
	CVE-2020-25709
	CVE-2020-25710
Ansible	CVE-2021-3620
openssh	CVE-2021-41617
nettle	CVE-2021-20305
nettle	CVE-2021-20305
binutils	CVE-2021-42574
bind	CVE-2021-25214
bind	CVE-2021-25215
microcode_ctl	CVE-2020-0543
	CVE-2020-0548
	CVE-2020-0549
	CVE-2020-24489
	CVE-2020-24511
	CVE-2020-24512
	CVE-2020-8695
	CVE-2020-8696
	CVE-2020-8698
	CVE-2020-24489
	CVE-2020-24511
	CVE-2020-24512
	CVE-2020-24513
Krb5	CVE-2021-37750
glib2	CVE-2021-27219
cyrus-sasl	CVE-2022-24407
gzip	CVE-2022-1271
zlib	CVE-2018-25032
rsyslog	CVE-2022-24903
postgresql	CVE-2019-10208
	CVE-2020-25694
	CVE-2020-25695
	CVE-2021-32027
	CVE-2022-1552
xz	CVE-2022-1271
expat	CVE-2021-45960
	CVE-2021-46143
	CVE-2022-22822
	CVE-2022-22823
	CVE-2022-22824
	CVE-2022-22825
	CVE-2022-22826
	CVE-2022-22827
	CVE-2022-23852
	CVE-2022-25235
	CVE-2022-25236
	CVE-2022-25315
INTEL-TA-00525	CVE-2020-0592
	CVE-2020-8738
	CVE-2020-8740
	CVE-2020-8764
	CVE-2020-12357
	CVE-2020-12360
	CVE-2021-0092
	CVE-2021-0144

Third-party Component	CVEs	More information
kernel	CVE-2021-4028	See NVD (http://nvd.nist.gov/ ) for individual scores for each CVE.
	CVE-2021-4083
	CVE-2022-0492
	CVE-2020-0465
	CVE-2020-0466
	CVE-2021-0920
	CVE-2021-3564
	CVE-2021-3573
	CVE-2021-3752
	CVE-2021-4155
	CVE-2022-0330
	CVE-2022-22942
libxml2	CVE-2016-4658
libX11	CVE-2021-31535
httpd	CVE-2021-40438
	CVE-2022-22720
	CVE-2021-26691
	CVE-2021-34798
	CVE-2021-39275
	CVE-2021-44790
nss	CVE-2021-43527
nss	CVE-2020-25648
sssd	CVE-2021-3621
xorg-x11-server	CVE-2021-3472
	CVE-2021-4008
	CVE-2021-4009
	CVE-2021-4010
	CVE-2021-4011
java-1.8.0-openjdk	CVE-2022-21248
	CVE-2022-21282
	CVE-2022-21283
	CVE-2022-21293
	CVE-2022-21294
	CVE-2022-21296
	CVE-2022-21299
	CVE-2022-21305
	CVE-2022-21340
	CVE-2022-21341
	CVE-2022-21360
	CVE-2022-21365
polkit	CVE-2021-4034
openssl	CVE-2021-3712
openssl	CVE-2022-0778
rpm	CVE-2021-20271
openldap	CVE-2020-25692
	CVE-2020-25709
	CVE-2020-25710
Ansible	CVE-2021-3620
openssh	CVE-2021-41617
nettle	CVE-2021-20305
nettle	CVE-2021-20305
binutils	CVE-2021-42574
bind	CVE-2021-25214
bind	CVE-2021-25215
microcode_ctl	CVE-2020-0543
	CVE-2020-0548
	CVE-2020-0549
	CVE-2020-24489
	CVE-2020-24511
	CVE-2020-24512
	CVE-2020-8695
	CVE-2020-8696
	CVE-2020-8698
	CVE-2020-24489
	CVE-2020-24511
	CVE-2020-24512
	CVE-2020-24513
Krb5	CVE-2021-37750
glib2	CVE-2021-27219
cyrus-sasl	CVE-2022-24407
gzip	CVE-2022-1271
zlib	CVE-2018-25032
rsyslog	CVE-2022-24903
postgresql	CVE-2019-10208
	CVE-2020-25694
	CVE-2020-25695
	CVE-2021-32027
	CVE-2022-1552
xz	CVE-2022-1271
expat	CVE-2021-45960
	CVE-2021-46143
	CVE-2022-22822
	CVE-2022-22823
	CVE-2022-22824
	CVE-2022-22825
	CVE-2022-22826
	CVE-2022-22827
	CVE-2022-23852
	CVE-2022-25235
	CVE-2022-25236
	CVE-2022-25315
INTEL-TA-00525	CVE-2020-0592
	CVE-2020-8738
	CVE-2020-8740
	CVE-2020-8764
	CVE-2020-12357
	CVE-2020-12360
	CVE-2021-0092
	CVE-2021-0144

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product	Affected Versions	Updated Versions	Link to Update
DCA	Versions before DCA 4.3.1.0	DCA 4.3.1.0	Download Greenplum-Data-Computing-Appliance-Software-Upgrade-to-4.3.1.0.bin package from https://dl.dell.com/downloads/
DCA	Versions before Firmware tool 3I00	DCA Firmware tool 3I00	Registered customers can access the update after logging in to Dell Support at https://dl.dell.com/downloads/DLD2955_3I00-Firmware-Update-Utility-for-DCAv3.tgz.

Product	Affected Versions	Updated Versions	Link to Update
DCA	Versions before DCA 4.3.1.0	DCA 4.3.1.0	Download Greenplum-Data-Computing-Appliance-Software-Upgrade-to-4.3.1.0.bin package from https://dl.dell.com/downloads/
DCA	Versions before Firmware tool 3I00	DCA Firmware tool 3I00	Registered customers can access the update after logging in to Dell Support at https://dl.dell.com/downloads/DLD2955_3I00-Firmware-Update-Utility-for-DCAv3.tgz.

Workarounds & Mitigations

Dell Software:
Only Dell Data Computing Appliance (DCA) version 4.0.0.0, 4.1.0.0, 4.2.0.0, and 4.2.1.0 can be upgraded to version 4.3.0.0 and then can be upgraded to 4.3.1.0.

To upgrade to an earlier DCA version, you must migrate to version 4.0.0.0 (THEL7), upgrade to version 4.3.0.0, and then upgrade to 4.3.1.0.

Revision History

Revision	Date	Description
1.0	2022-08-02	Initial release

Related Information

Legal Disclaimer

Affected Products

Data Computing Appliance V3, Product Security Information

Article Number: 000202087

Article Type: Dell Security Advisory

Last Modified: 08 Jun 2023

Check if your device is covered by Support Services.

DSA-2022-218: Dell Data Computing Appliance Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell Data Computing Appliance (DCA) contains remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Impact

Details

Affected Products & Remediation

Workarounds & Mitigations

Revision History

Related Information

Legal Disclaimer

Affected Products

Article Properties

Find answers to your questions from other Dell users

Support Services

Article Properties

Find answers to your questions from other Dell users

Support Services

Welcome

Welcome to Dell

DSA-2022-218: Dell Data Computing Appliance Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell Data Computing Appliance (DCA) contains remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Detailed Article

Impact

Details

Affected Products & Remediation

Workarounds & Mitigations

Revision History

Related Info

Legal Disclaimer

Affected Products

Impact

Details

Affected Products & Remediation

Workarounds & Mitigations

Revision History

Related Information

Legal Disclaimer

Affected Products

Article Properties

Find answers to your questions from other Dell users

Support Services

Article Properties

Find answers to your questions from other Dell users

Support Services