DSA-2023-109: Dell ECS security update for Multiple vulnerabilities.

Zusammenfassung: Dell ECS 3.8.0.2 remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Dieser Artikel gilt für Dieser Artikel gilt nicht für Dieser Artikel ist nicht an ein bestimmtes Produkt gebunden. In diesem Artikel werden nicht alle Produktversionen aufgeführt.
Andere Ressourcen ansehen

Auswirkungen

High

Details

Third-party Component CVEs More Information
bind CVE-2022-2795, CVE-2022-38177, CVE-2022-38178 https://suse.com/security/cve/CVE-2022-2795This hyperlink is taking you to a website outside of Dell Technologies., https://suse.com/security/cve/CVE-2022-38177This hyperlink is taking you to a website outside of Dell Technologies., https://suse.com/security/cve/CVE-2022-38178This hyperlink is taking you to a website outside of Dell Technologies.
curl CVE-2022-27781, CVE-2022-27782, CVE-2022-32206, CVE-2022-32208, CVE-2022-32221, CVE-2022-35252 https://suse.com/security/cve/CVE-2022-27781This hyperlink is taking you to a website outside of Dell Technologies., https://suse.com/security/cve/CVE-2022-27782This hyperlink is taking you to a website outside of Dell Technologies., https://suse.com/security/cve/CVE-2022-32206This hyperlink is taking you to a website outside of Dell Technologies., https://suse.com/security/cve/CVE-2022-32208This hyperlink is taking you to a website outside of Dell Technologies., https://suse.com/security/cve/CVE-2022-32221This hyperlink is taking you to a website outside of Dell Technologies., https://suse.com/security/cve/CVE-2022-35252This hyperlink is taking you to a website outside of Dell Technologies.
expat CVE-2022-40674 https://suse.com/security/cve/CVE-2022-40674This hyperlink is taking you to a website outside of Dell Technologies.
git CVE-2022-29187 https://suse.com/security/cve/CVE-2022-29187This hyperlink is taking you to a website outside of Dell Technologies.
glib CVE-2021-28153, CVE-2015-8985 https://suse.com/security/cve/CVE-2021-28153This hyperlink is taking you to a website outside of Dell Technologies., https://suse.com/security/cve/CVE-2015-8985This hyperlink is taking you to a website outside of Dell Technologies.
gpg2 CVE-2022-34903 https://suse.com/security/cve/CVE-2022-34903This hyperlink is taking you to a website outside of Dell Technologies.
kpartx CVE-2022-41974 https://suse.com/security/cve/CVE-2022-41974This hyperlink is taking you to a website outside of Dell Technologies.
libcroco CVE-2020-12825 https://suse.com/security/cve/CVE-2020-12825This hyperlink is taking you to a website outside of Dell Technologies.
libjson CVE-2020-12762 https://suse.com/security/cve/CVE-2020-12762This hyperlink is taking you to a website outside of Dell Technologies.
libpcre1 CVE-2022-1586 https://suse.com/security/cve/CVE-2022-1586This hyperlink is taking you to a website outside of Dell Technologies.
libpcre2 CVE-2022-1587 https://suse.com/security/cve/CVE-2022-1587This hyperlink is taking you to a website outside of Dell Technologies.
libz1 CVE-2022-37434 https://suse.com/security/cve/CVE-2022-37434This hyperlink is taking you to a website outside of Dell Technologies.
openssl CVE-2022-2068 https://suse.com/security/cve/CVE-2022-2068This hyperlink is taking you to a website outside of Dell Technologies.
python CVE-2021-28861, CVE-2020-10735, CVE-2022-45061 https://suse.com/security/cve/CVE-2021-28861This hyperlink is taking you to a website outside of Dell Technologies., https://suse.com/security/cve/CVE-2020-10735This hyperlink is taking you to a website outside of Dell Technologies., https://suse.com/security/cve/CVE-2022-45061This hyperlink is taking you to a website outside of Dell Technologies.
rsyslog CVE-2022-24903 https://suse.com/security/cve/CVE-2022-24903This hyperlink is taking you to a website outside of Dell Technologies.
sudo CVE-2022-43995 https://suse.com/security/cve/CVE-2022-43995This hyperlink is taking you to a website outside of Dell Technologies.
sqlite3 CVE-2021-36690, CVE-2022-35737 https://suse.com/security/cve/CVE-2021-36690This hyperlink is taking you to a website outside of Dell Technologies., https://suse.com/security/cve/CVE-2022-35737This hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVEs Description CVSS Score CVSS Vector String
CVE-2023-25934 DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request. 5.9  CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVEs Description CVSS Score CVSS Vector String
CVE-2023-25934 DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request. 5.9  CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies empfiehlt allen Kunden, sowohl die CVSS-Gesamtbewertung als auch alle relevanten zeitlichen und umweltbezogenen Bewertungen zu berücksichtigen, die sich auf den potenziellen Schweregrad einer bestimmten Sicherheitsschwachstelle auswirken können.

Betroffene Produkte und Korrektur

Product Affected Versions Remediated Versions Link
Dell ECS Versions prior to 3.8.0.2 Version 3.8.0.2 Dell recommends all customers have their ECS systems upgraded at the earliest opportunity by opening a “Operating Environment Upgrade” Service Request.
Product Affected Versions Remediated Versions Link
Dell ECS Versions prior to 3.8.0.2 Version 3.8.0.2 Dell recommends all customers have their ECS systems upgraded at the earliest opportunity by opening a “Operating Environment Upgrade” Service Request.

Workarounds und Korrekturmaßnahmen

None.

Revisionsverlauf

RevisionDateDescription
1.02023-05-02Initial Release
2.02023-05-08Updated Affect Products section under Article Properties
3.02023-09-01Updated for enhanced presentation with no changes to content. Added link to CVSS calculator.

Zugehörige Informationen

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Rechtlicher Hinweis

Betroffene Produkte

ECS, ECS Appliance Software with Encryption, ECS Appliance Software without Encryption, ECS Software
Artikeleigenschaften
Artikelnummer: 000212970
Artikeltyp: Dell Security Advisory
Zuletzt geändert: 01 Sept. 2023
Antworten auf Ihre Fragen erhalten Sie von anderen Dell NutzerInnen
Support Services
Prüfen Sie, ob Ihr Gerät durch Support Services abgedeckt ist.