DSA-2019-042: Dell EMC Isilon OneFS and IsilonSD Edge Security Update for Multiple Vulnerabilities

Multiple components within the Dell EMC Isilon OneFS have been updated to address various vulnerabilities. These components are updated for the following vulnerabilities:      

• Segment Smack TCP Reassembly Vulnerability
  CVE-2018-6922

• Fragment Smack IP Reassembly Vulnerability
  CVE-2018-6923

• OpenSSL Vulnerability for OneFS
  CVE-2018-0734

• OpenSSL Vulnerability for IsilonSD Edge
  CVE-2018-0734

• OpenSSH Vulnerability
  CVE-2018-15473

For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.  

To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.

Affected products:      
Dell EMC Isilon OneFS versions 8.1.2 and earlier
Dell EMC Isilon OneFS versions 8.1.0.4 and earlier
Dell EMC IsilonSD Edge versions 8.1.2 and earlier
Dell EMC IsilonSD Edge versions 8.1.0.4 and earlier


Remediation:       
For Dell EMC Isilon OneFS version 8.1.2.0, the security updates are contained in the following patches:      

• Patch-248570 for OneFS 8.1.2.0:  https://download.emc.com/downloads/DL93441

• Patch-248568 for OneFS 8.1.2.0: https://download.emc.com/downloads/DL93440

For Dell EMC Isilon OneFS version 8.1.0.4, the security updates are contained in the following patches:       

• Isilon OneFS 8.1.0.4 KGA 2019-04 Patch-248573: https://download.emc.com/downloads/DL93596

• Isilon OneFS 8.1.0.4 UGA 2019-04 Patch-248571: https://download.emc.com/downloads/DL93595

Dell EMC recommends all customers apply the patches containing the resolutions at the earliest opportunity.