A PHP Error was encountered

Severity: Warning

Message: fopen(/var/lib/php/sessions/ci_sessionnh2oi8sl34m1np8p7c5vud5ltdh7jt40): failed to open stream: No space left on device

Filename: drivers/Session_files_driver.php

Line Number: 176

Backtrace:

File: /var/www/html/application/core/MY_Controller.php
Line: 8
Function: __construct

File: /var/www/html/application/controllers/Frontend.php
Line: 10
Function: __construct

File: /var/www/html/index.php
Line: 315
Function: require_once

A PHP Error was encountered

Severity: Warning

Message: session_start(): Failed to read session data: user (path: /var/lib/php/sessions)

Filename: Session/Session.php

Line Number: 143

Backtrace:

File: /var/www/html/application/core/MY_Controller.php
Line: 8
Function: __construct

File: /var/www/html/application/controllers/Frontend.php
Line: 10
Function: __construct

File: /var/www/html/index.php
Line: 315
Function: require_once

Advisory for Dell Security Update


Advisory for Dell Security Update

  • NIC-CERT/2022-09/377
  • Date: 2022-09-01
  • CVE ID: Multiple
  • Severity: Critical

Description:

A vulnerability has been reported in Dell product which could allow an attacker to compromise the affected system.

Security Issues Fixed:

PowerPath Management Appliance contains remediation for OpenSSL vulnerability that may be exploited by malicious users to compromise the affected system. PowerPath Linux remediation is available for OpenSSL Vulnerability in the form of updated Security Configuration Guide (SCG) informing the customers to update OpenSSL package on the host system. For PowerPath Windows, OpenSSL_Configuration Utility contains remediation for OpenSSL vulnerability that may be exploited by malicious users to compromise the affected system. OpenSSL is used for communication between PowerPath Windows host and Management server.

Details:

Third-party Component

CVE

More information

OpenSSL

CVE-2022-0778

https://nvd.nist.gov/vuln/detail/CVE-2022-0778
https://www.openssl.org/news/secadv/20220315.txt

iDRAC9

CVE-2022-24422

See Dell KB article 199267:DSA-2022-068: Dell iDRAC9 Security Update for an Improper Authentication Vulnerability.

Intel BIOS

CVE-2021-0060

See Dell article 196007:DSA-2022-036: PowerEdge Server Security Update for Intel February 2022 Security Advisory Release.

CVE-2021-0147

CVE-2021-0127

CVE-2021-0103

CVE-2021-0114

CVE-2021-0115

CVE-2021-0116

CVE-2021-0117

CVE-2021-0118

CVE-2021-0099

CVE-2021-0111

CVE-2021-0107

CVE-2021-0125

CVE-2021-0124

CVE-2021-0119

CVE-2021-0092

CVE-2021-0091

CVE-2021-0093

CVE-2019-14584

See Dell article 198065:DSA-2022-088: Dell PowerEdge Server BIOS Security Update for Multiple Tianocore EDK2 Vulnerabilities.

CVE-2021-28210

CVE-2021-28211

OpenSSL

CVE-2022-0778

https://nvd.nist.gov/vuln/detail/CVE-2022-0778

OpenSSH

CVE-2021-41617

https://nvd.nist.gov/vuln/detail/CVE-2021-41617
https://nvd.nist.gov/vuln/detail/CVE-2020-14145
https://nvd.nist.gov/vuln/detail/CVE-2016-20012

CVE-2020-14145

CVE-2016-20012

NVIDIA GPU Display Driver

CVE‑2022‑28181

Security Bulletin: NVIDIA GPU Display Driver - May 2022

CVE‑2022‑28182

CVE‑2022‑28183

CVE‑2022‑28184

CVE‑2022‑28185

CVE‑2022‑28186

CVE‑2022‑28187

CVE‑2022‑28188

CVE‑2022‑28189

CVE‑2022‑28190

Affected Products and Remediation:

CVEs Addressed

Product

Affected Versions

Updated Versions

Link to Update

CVE-2022-0778

PowerPath Management Appliance

3.0
3.0 P01
3.1
3.2
3.2 P01
3.2 SP1

NA

NA

CVE-2022-0778

PowerPath Linux

7.4

NA

NA

CVE-2022-0778

PowerPath Windows

7.0
6.5
6.4

NA


NA


CVE-2022-24422

PowerProtect DD Appliance model: DD3300, DD6400, and DD6900, DD9400, and DD9900

7.0 to 7.8

7.9.0.0 and later
or
7.7.2 and later to stay on LTS 7.7

For more details about DDOS versions available for download, see the links to Dell articles below (requires log in to Dell Support to view articles):

81247:Data Domain: DD OS Software Versions.

14125:Data Domain Operating System Software Portal Availability Policy.

CVE-2021-0060

CVE-2021-0147

CVE-2021-0127

CVE-2021-0103

CVE-2021-0114

CVE-2021-0115

CVE-2021-0116

CVE-2021-0117

CVE-2021-0118

CVE-2021-0099

CVE-2021-0111

CVE-2021-0107

CVE-2021-0125

CVE-2021-0124

CVE-2021-0119

CVE-2021-0092

CVE-2021-0091

CVE-2021-0093

CVE-2019-14584

CVE-2021-28210

CVE-2021-28211

CVE-2022-0778

PowerProtect DD
DDOS and DDMC

7.0 to 7.8

7.9.0.0 and later
or
Next 7.7 release after 7.7.2, to stay on LTS

CVE-2021-41617

CVE-2020-14145

LTS 7.7.1 to 7.7.2

7.7.3 and later

CVE-2016-20012

6.2.1.80 and earlier

Available in next release

Dell recommends all customers upgrade at the earliest opportunity.

References:

https://www.dell.com/support/security/en-us