1 Rookie
•
9 Posts
0
301
September 25th, 2024 19:43
VMSA-2024-0019
Is there a workaround for VMSA-2024-0019. Does anyone have information about the date for the release of the VxRAIL package?
I didn't see anything in the support documents kb's.
No Events found!
Omer Faruk
1 Rookie
•
9 Posts
0
November 8th, 2024 08:16
Hello;
VxRAIL 8.0.311 has been released.
DELL-Josh Cr
Moderator
•
9.2K Posts
0
September 26th, 2024 12:53
Hi,
Thanks for your question.
I do not see a fix for it yet for vxrail. Here is where you can check for security updates. https://dell.to/4gGl1v9
Let us know if you have any additional questions.
VH123
1 Rookie
•
1 Message
0
September 26th, 2024 17:57
@DELL-Josh Cr Hi Josh, there is no security update listed for VMSA-2024-0019 at Dell's security updates site.. Can you please advise on when the critical update will be released?
DELL-Josh Cr
Moderator
•
9.2K Posts
0
September 26th, 2024 18:00
I do not have any information on when it will be available.
Klaas--
1 Rookie
•
21 Posts
0
September 30th, 2024 09:57
So Dell has general "guidance" on how long they take https://www.dell.com/support/kbdoc/en-us/000182153 from a VMware release to their release - having said that I do also think they are too slow on security issues.
Omer Faruk
1 Rookie
•
9 Posts
0
October 19th, 2024 11:07
Hello;
A release has been released for the vulnerability.
It is announced to those who are interested.
Klaas--
1 Rookie
•
21 Posts
0
October 24th, 2024 06:59
@Omer Faruk this is actually not correct (anymore?) https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968 was updated.
"VMware by Broadcom has determined that the vCenter patches released on September 17, 2024 did not completely address CVE-2024-38812. The patches listed in the Response Matrix below are updated versions that contain additional fixes to fully address CVE-2024-38812."
Fixed versions have been changed to 8.0 U3d which is not included in VxRail 8.0.310, which is why I am guessing there has been no dell security announcement about VxRail 8.0.310 ?
Omer Faruk
1 Rookie
•
9 Posts
0
October 31st, 2024 13:21
@Klaas-- Yes, the vCenter vulnerability continues in the last package released for Vxrail. After the Vxrail team package was released, the Broadcom team announced that the previous patch could not fully patch the security weakness. And we are exposed again.Frankly, I think that no manufacturer has done enough tests and controls and has released security packages in a hurry. Our production systems have completely turned into a test environment. And this situation has become annoying.
Klaas--
1 Rookie
•
21 Posts
0
November 8th, 2024 10:31
https://www.dell.com/support/kbdoc/en-us/000245873/dsa-2024-431-security-update-for-dell-vxrail-8-0-311-multiple-third-party-component-vulnerabilities updates finally released