Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

Article Number: 000211636


DSA-2023-086: Dell Streaming Data Platform Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell Streaming Data Platform remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content


Impact

Critical

Details

Third-party Component CVEs More Information
Apache Portable Runtime CVE-2017-12613, CVE-2021-35940 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Apache Zookeeper CVE-2020-10663 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Berkeley DB CVE-2016-0682, CVE-2016-0689, CVE-2016-0694, CVE-2016-3418, CVE-2017-10140, CVE-2017-3604, CVE-2017-3605, CVE-2017-3606, CVE-2017-3607, CVE-2017-3608, CVE-2017-3609, CVE-2017-3610, CVE-2017-3612, CVE-2017-3613, CVE-2017-3614, CVE-2017-3615, CVE-2017-3616, CVE-2017-3617, CVE-2020-2981 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Bouncy Castle Provider - FIPS CVE-2022-45146 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
busybox CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
curl CVE-2022-22576, CVE-2022-27775, CVE-2022-27782, CVE-2022-42915 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
D-Bus CVE-2019-12749 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
GNU C Library CVE-2020-1752, CVE-2020-6096, CVE-2021-3326, CVE-2021-35942, CVE-2021-38604, CVE-2021-3999, CVE-2022-23219 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
GNU Compiler Collection CVE-2021-3826 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
GnuTLS CVE-2022-2509, CVE-2022-2509 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Google V8 JavaScript Engine CVE-2022-4262 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
go-restful CVE-2022-1996 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
gzip CVE-2022-1271 See NVD link below for individual scores for each CVE.https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
helm/helm CVE-2022-36049 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Jackson dataformats: Binary CVE-2020-28491 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
jackson-databind CVE-2020-10650, CVE-2020-36179, CVE-2020-36180, CVE-2020-36182, CVE-2020-36183, CVE-2020-36184, CVE-2020-36185, CVE-2020-36186, CVE-2020-36187, CVE-2020-36188, CVE-2020-36518, CVE-2021-20190, CVE-2022-42003, CVE-2022-42004 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
JDOM CVE-2021-33813 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Jettison - Json Stax implementation CVE-2022-40149, CVE-2022-40150 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server CVE-2020-27216, CVE-2021-28165 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
jQuery UI CVE-2016-7103 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
json-c CVE-2020-12762 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
json-smart CVE-2021-31684 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
jupyter-server/jupyter_server CVE-2022-29241 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
keycloak CVE-2021-3632, CVE-2021-4133, CVE-2022-1245, CVE-2022-3782 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
krb5/krb5 CVE-2020-28196, CVE-2021-36222, CVE-2022-42898 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libde265 CVE-2020-21595, CVE-2020-21596, CVE-2020-21597, CVE-2020-21598, CVE-2020-21600, CVE-2020-21601, CVE-2020-21602, CVE-2020-21603, CVE-2020-21604 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libexpat CVE-2022-25235, CVE-2022-25236, CVE-2022-25314, CVE-2022-25315, CVE-2022-40674, CVE-2022-43680, CVE-2022-43680 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libgcrypt CVE-2021-33560 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libjpeg CVE-2020-14152 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Libtasn1 CVE-2021-46848 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libTIFF CVE-2022-0891, CVE-2022-3970, CVE-2022-48281 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libxml2 CVE-2022-40303, CVE-2022-40304 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Linux-Pam CVE-2022-28321 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
lua CVE-2022-28805 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Netty Project CVE-2019-16869, CVE-2019-20444, CVE-2019-20445, CVE-2019-9512, CVE-2020-11612, CVE-2020-7238, CVE-2021-37136, CVE-2021-37137, CVE-2022-41881 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
nghttp2 CVE-2020-11080 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Node.js CVE-2018-7160, CVE-2021-22931, CVE-2021-22940, CVE-2021-44531, CVE-2022-0778, CVE-2022-21824, CVE-2022-32212, CVE-2022-35256, CVE-2022-3602, CVE-2022-3786, CVE-2022-43548 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
OpenJDK CVE-2022-34169 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
OpenSSL CVE-2022-0778, CVE-2022-1292, CVE-2022-1292 (BDSA-2022-1242) , CVE-2022-2068, CVE-2022-2068, CVE-2022-2068 (BDSA-2022-1716) , CVE-2022-3996 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
p11-kit CVE-2020-29361, CVE-2020-29363 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
PCRE CVE-2017-6004, CVE-2017-7186, CVE-2019-20838 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
PCRE2 CVE-2022-1586, CVE-2022-1587 See NVD link below for individual scores for each CVE.https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Perl CVE-2017-12814, CVE-2017-12837, CVE-2017-12883, CVE-2018-12015, CVE-2018-18311, CVE-2018-18312, CVE-2018-18313, CVE-2018-18314, CVE-2018-6797, CVE-2018-6798, CVE-2018-6913, CVE-2020-10543, CVE-2020-10878, CVE-2020-12723, CVE-2021-36770 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
PostgreSQL Database Server CVE-2021-23214, CVE-2022-1552, CVE-2022-2625 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Protobuf CVE-2022-1941, CVE-2022-3171 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Python programming language CVE-2007-4559, CVE-2020-10735, CVE-2022-37454, CVE-2022-42919, CVE-2022-45061 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
qs -  QS Querystring CVE-2022-24999 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
requests CVE-2018-18074 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
runc CVE-2022-29162 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
SnakeYAML CVE-2022-25857 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
SQLite CVE-2022-35737 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product Affected Versions Remediated Versions Link
Dell Streaming Data Platform Versions 1.1.x, 1.2.x, 1.3.x, 1.4.x, and 1.5.x Version 1.6
 
Dell recommends all customers to upgrade to SDP 1.6 available at Dell Support site
Product Affected Versions Remediated Versions Link
Dell Streaming Data Platform Versions 1.1.x, 1.2.x, 1.3.x, 1.4.x, and 1.5.x Version 1.6
 
Dell recommends all customers to upgrade to SDP 1.6 available at Dell Support site

Revision History

RevisionDateDescription
1.02023-03-27Initial Release
2.02023-09-01Updated for enhanced presentation with no changes to content.

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


Article Properties


Affected Product

Streaming Data Platform Family, Streaming Data Platform

Last Published Date

01 Sept 2023

Version

3

Article Type

Dell Security Advisory