Dell patches virtual storage software against OpenSSL, Apache bugs – Security

Dell has been moved to patch vulnerabilities inherited from Apache and OpenSSL.

The fixes are for the Dell Virtual Storage Integrator for VMware vSphere client and are outlined in this advisory.

The Apache fix is for the Text4Shell vulnerability, CVE-2022-42889, revealed in mid-October. 

In some cases, the CVE advisory explained, Apache Commons versions 1.5 to 1.9 use a Java text manipulation library that can be attacked to gain access to the underlying host.

The OpenSSL bugs, CVE-2022-3602 and CVE-2022-3786, are buffer overruns in how the encryption library handles X.509 certificates and were disclosed and patched earlier this month.

Dell has also updated two older advisories covering its EMC VxRail software.

In one, fixes have been added for a number of VxM SUSE Linux bugs; and in the other, a number of CVEs have been added to the advisory.

Source link