Dell (Dell PowerScale OneFS) Products March 2024 1st Security Update Advisory
Overview
Dell(https://www.dell.com) has released a security update that fixes vulnerabilities in products it has been made. users of affected products are advised to update to the latest version.
Affected Products
PowerScale OneFS Version 9.6.1.0
PowerScale OneFS Versions 8.2.0 through 9.2.1.24
PowerScale OneFS Versions 8.2.0 t through 9.4.0.16
PowerScale OneFS Versions 9.3.0.0 through 9.4.0.16
PowerScale OneFS Versions 9.5.0.0 through 9.5.0.5
PowerScale OneFS Versions 9.5.0.0 through 9.5.0.6
Resolved Vulnerabilities
Vulnerability in Dell PowerScale OneFS due to insufficient use of an invalid cryptographic algorithm (CVE-2024-22463, CVSS 7.4) [1]
Insufficient management of logging information in Dell PowerScale OneFS (CVE-2024-24901, CVSS 3.0) [1]
Vulnerability Patches
Product-specific Vulnerability Patches were made available in the 03/04/2024 update. For more information about the Vulnerability Patches, please refer to the “Affected Products and Remediation” section of the product-specific Referenced Sites document.
PowerScale OneFS Version 9.2.1.25 or later
PowerScale OneFS Version 9.4.0.17 or later
PowerScale OneFS Version 9.5.0.7 or later
PowerScale OneFS Version 9.7.0.0 or later
PowerScale OneFS Version 9.4.0.17 or later
PowerScale OneFS Version 9.5.0.6 or later
Referenced Sites
[1] DSA-2024-062: Security Update for Dell PowerScale OneFS for Proprietary Code Vulnerabilities