Article Number: 000213152

DSA-2023-141: Dell Unity, Unity VSA and Unity XT Security Update for Multiple Vulnerability

Summary: Dell Unity, Unity VSA and Unity XT remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content

Impact

Critical

Details

Third-party Component	CVEs	More information
open-vm-tools	CVE-2022-31676	https://www.suse.com/security/cve/CVE-2022-31676.html
postgresql-jdbc	CVE-2022-41946	https://www.suse.com/security/cve/CVE-2022-41946.html
bind	CVE-2021-25220	https://www.suse.com/security/cve/CVE-2021-25220.html
libstdc	CVE-2020-13844, CVE-2019-15847, CVE-2019-14250	https://www.suse.com/security/cve/CVE-2020-13844.html, https://www.suse.com/security/cve/CVE-2019-15847.html, https://www.suse.com/security/cve/CVE-2019-14250.html
ntp	CVE-2020-15025, CVE-2020-13817, CVE-2018-8956, CVE-2020-11868	https://www.suse.com/security/cve/CVE-2020-15025.html, https://www.suse.com/security/cve/CVE-2020-13817.html, https://www.suse.com/security/cve/CVE-2018-8956.html, https://www.suse.com/security/cve/CVE-2020-11868.html
runc	CVE-2022-31030, CVE-2022-29162	https://www.suse.com/security/cve/CVE-2022-31030.html, https://www.suse.com/security/cve/CVE-2022-29162.html
sysstat	CVE-2019-16167, CVE-2018-19517, CVE-2018-19416	https://www.suse.com/security/cve/CVE-2019-16167.html, https://www.suse.com/security/cve/CVE-2018-19517.html, https://www.suse.com/security/cve/CVE-2018-19416.html
cpio	CVE-2021-38185	https://www.suse.com/security/cve/CVE-2021-38185.html
dnsmasq	CVE-2020-25687, CVE-2020-25686, CVE-2020-25682, CVE-2020-25681, CVE-2020-25685, CVE-2020-25684, CVE-2020-25683, CVE-2022-0934, CVE-2021-3448	https://www.suse.com/security/cve/CVE-2020-25687.html, https://www.suse.com/security/cve/CVE-2020-25686.html, https://www.suse.com/security/cve/CVE-2020-25682.html, https://www.suse.com/security/cve/CVE-2020-25681.html, https://www.suse.com/security/cve/CVE-2020-25685.html, https://www.suse.com/security/cve/CVE-2020-25684.html, https://www.suse.com/security/cve/CVE-2020-25683.html, https://www.suse.com/security/cve/CVE-2022-0934.html, https://www.suse.com/security/cve/CVE-2021-3448.html
git	CVE-2022-29187, CVE-2022-24765	https://www.suse.com/security/cve/CVE-2022-29187.html, https://www.suse.com/security/cve/CVE-2022-24765.html
krb5	CVE-2021-3672	https://www.suse.com/security/cve/CVE-2021-3672.html
Dbus	CVE-2020-35512, CVE-2020-12049	https://www.suse.com/security/cve/CVE-2020-35512.html, https://www.suse.com/security/cve/CVE-2020-12049.html
mozilla	CVE-2022-31741, CVE-2015-20107, CVE-2021-3572, CVE-2020-26116, CVE-2019-11324, CVE-2019-11236, CVE-2019-9740, CVE-2018-20060, CVE-2018-18074	https://www.suse.com/security/cve/CVE-2022-31741.html, https://www.suse.com/security/cve/CVE-2015-20107.html, https://www.suse.com/security/cve/CVE-2021-3572.html, https://www.suse.com/security/cve/CVE-2020-26116.html, https://www.suse.com/security/cve/CVE-2019-11324.html, https://www.suse.com/security/cve/CVE-2019-11236.html, https://www.suse.com/security/cve/CVE-2019-9740.html, https://www.suse.com/security/cve/CVE-2018-20060.html, https://www.suse.com/security/cve/CVE-2018-18074.html
root user	CVE-2019-5021	https://www.suse.com/security/cve/CVE-2019-5021.html
xstream	CVE-2021-21342	https://www.suse.com/security/cve/CVE-2021-21342.html
dom4j	CVE-2020-10683	https://www.suse.com/security/cve/CVE-2020-10683.html
vim	CVE-2021-3973	https://www.suse.com/security/cve/CVE-2021-3973.html
tomcat	CVE-2022-25762, CVE-2022-23181	https://www.suse.com/security/cve/CVE-2022-25762.html, https://www.suse.com/security/cve/CVE-2022-23181.html
apache2	CVE-2022-26373, CVE-2022-26377, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30522, CVE-2022-31813, CVE-2022-30556	https://www.suse.com/security/cve/CVE-2022-26373.html, https://www.suse.com/security/cve/CVE-2022-26377.html, https://www.suse.com/security/cve/CVE-2022-28614.html, https://www.suse.com/security/cve/CVE-2022-28615.html, https://www.suse.com/security/cve/CVE-2022-29404.html, https://www.suse.com/security/cve/CVE-2022-30522.html, https://www.suse.com/security/cve/CVE-2022-31813.html, https://www.suse.com/security/cve/CVE-2022-30556.html
libopenssl-1_1	CVE-2022-1292	https://www.suse.com/security/cve/CVE-2022-1292.html
avahi	CVE-2021-26720, CVE-2021-3468	https://www.suse.com/security/cve/CVE-2021-26720.html , https://www.suse.com/security/cve/CVE-2021-3468.html
Libgcrypt	CVE-2021-33560	https://www.suse.com/security/cve/CVE-2021-33560.html
Libnettle	CVE-2021-3580	https://www.suse.com/security/cve/CVE-2021-3580.html
pcre2	CVE-2022-1587, CVE-2019-20454	https://www.suse.com/security/cve/CVE-2022-1587.html, https://www.suse.com/security/cve/CVE-2019-20454.html
Cyrus	CVE-2022-24407	https://www.suse.com/security/cve/CVE-2022-24407.html
libopenssl-1_1	CVE-2022-2097, CVE-2022-2068	https://www.suse.com/security/cve/CVE-2022-2097.html, https://www.suse.com/security/cve/CVE-2022-2068.html
apache-commons-httpclient	CVE-2020-13956	https://www.suse.com/security/cve/CVE-2020-13956.html
openssh	CVE-2021-41617	https://www.suse.com/security/cve/CVE-2021-41617.html
e2fsprogs	CVE-2022-1304	https://www.suse.com/security/cve/CVE-2022-1304.html
containerd, docker	CVE-2021-43565, CVE-2022-27191, CVE-2022-24769, CVE-2022-23648	https://www.suse.com/security/cve/CVE-2021-43565.html, https://www.suse.com/security/cve/CVE-2022-27191.html, https://www.suse.com/security/cve/CVE-2022-24769.html, https://www.suse.com/security/cve/CVE-2022-23648.html
ucode-intel	CVE-2022-21151	https://www.suse.com/security/cve/CVE-2022-21151.html
openjdk	CVE-2022-21476, CVE-2022-21426, CVE-2022-21496, CVE-2022-21496, CVE-2022-21434, CVE-2022-21443	https://www.suse.com/security/cve/CVE-2022-21476.html, https://www.suse.com/security/cve/CVE-2022-21426.html, https://www.suse.com/security/cve/CVE-2022-21496.html, https://www.suse.com/security/cve/CVE-2022-21496.html, https://www.suse.com/security/cve/CVE-2022-21434.html, https://www.suse.com/security/cve/CVE-2022-21443.html
tiff	CVE-2022-0909, CVE-2022-0908, CVE-2022-0562, CVE-2022-0561, CVE-2022-0891, CVE-2022-0865, CVE-2022-1056, CVE-2022-0924	https://www.suse.com/security/cve/CVE-2022-0909.html, https://www.suse.com/security/cve/CVE-2022-0908.html, https://www.suse.com/security/cve/CVE-2022-0562.html, https://www.suse.com/security/cve/CVE-2022-0561.html, https://www.suse.com/security/cve/CVE-2022-0891.html, https://www.suse.com/security/cve/CVE-2022-0865.html, https://www.suse.com/security/cve/CVE-2022-1056.html, https://www.suse.com/security/cve/CVE-2022-0924.html
gzip, xz	CVE-2022-1271	https://www.suse.com/security/cve/CVE-2022-1271.html
mozilla-nss	CVE-2022-1097	https://www.suse.com/security/cve/CVE-2022-1097.html
util-linux	CVE-2021-37600	https://www.suse.com/security/cve/CVE-2021-37600.html
OpenSSL	CVE-2022-0778	https://www.suse.com/security/cve/CVE-2022-0778.html
fbindglibc	CVE-2021-3999, CVE-2022-23218, CVE-2022-23219, CVE-2015-8985	https://www.suse.com/security/cve/CVE-2021-3999.html, https://www.suse.com/security/cve/CVE-2022-23218.html, https://www.suse.com/security/cve/CVE-2022-23219.html, https://www.suse.com/security/cve/CVE-2015-8985.html
libxml2	CVE-2022-23308	https://www.suse.com/security/cve/CVE-2022-23308.html
binutils	CVE-2020-16591, CVE-2020-16599, CVE-2020-16598, CVE-2020-16592, CVE-2020-16593, CVE-2020-16590, CVE-2020-35448, CVE-2020-35496, CVE-2020-35493, CVE-2020-35507, CVE-2021-20197, CVE-2021-20284, CVE-2021-3487, CVE-2021-20294	https://www.suse.com/security/cve/CVE-2020-16591.html, https://www.suse.com/security/cve/CVE-2020-16599.html, https://www.suse.com/security/cve/CVE-2020-16598.html, https://www.suse.com/security/cve/CVE-2020-16592.html, https://www.suse.com/security/cve/CVE-2020-16593.html, https://www.suse.com/security/cve/CVE-2020-16590.html, https://www.suse.com/security/cve/CVE-2020-35448.html, https://www.suse.com/security/cve/CVE-2020-35496.html, https://www.suse.com/security/cve/CVE-2020-35493.html, https://www.suse.com/security/cve/CVE-2020-35507.html, https://www.suse.com/security/cve/CVE-2021-20197.html, https://www.suse.com/security/cve/CVE-2021-20284.html, https://www.suse.com/security/cve/CVE-2021-3487.html, https://www.suse.com/security/cve/CVE-2021-20294.html
pcre	CVE-2020-14155, CVE-2019-20838	https://www.suse.com/security/cve/CVE-2020-14155.html, https://www.suse.com/security/cve/CVE-2019-20838.html
kernel	CVE-2021-4149, CVE-2021-4197, CVE-2021-4202, CVE-2022-0322, CVE-2022-0330, CVE-2022-0435, CVE-2021-44879, CVE-2022-0001, CVE-2022-0002, CVE-2022-0487, CVE-2022-0492, CVE-2022-0617, CVE-2022-0644, CVE-2022-24448, CVE-2022-24959	https://www.suse.com/security/cve/CVE-2021-4149.html, https://www.suse.com/security/cve/CVE-2021-4197.html, https://www.suse.com/security/cve/CVE-2021-4202.html, https://www.suse.com/security/cve/CVE-2022-0322.html, https://www.suse.com/security/cve/CVE-2022-0330.html, https://www.suse.com/security/cve/CVE-2022-0435.html, https://www.suse.com/security/cve/CVE-2021-44879.html, https://www.suse.com/security/cve/CVE-2022-0001.html, https://www.suse.com/security/cve/CVE-2022-0002.html, https://www.suse.com/security/cve/CVE-2022-0487.html, https://www.suse.com/security/cve/CVE-2022-0492.html, https://www.suse.com/security/cve/CVE-2022-0617.html, https://www.suse.com/security/cve/CVE-2022-0644.html, https://www.suse.com/security/cve/CVE-2022-24448.html, https://www.suse.com/security/cve/CVE-2022-24959.html
libcroco	CVE-2020-12825	https://www.suse.com/security/cve/CVE-2020-12825.html
postgresql12	CVE-2021-23222, CVE-2021-23214	https://www.suse.com/security/cve/CVE-2021-23222.html, https://www.suse.com/security/cve/CVE-2021-23214.html
git	CVE-2021-40330	https://www.suse.com/security/cve/CVE-2021-40330.html

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product	Affected Versions	Remediated Versions	Link
Dell Unity Operating Environment (OE)	Versions prior to 5.3.0.0.5.120	Version 5.3.0.0.5.120	https://www.dell.com/support/home/product-support/product/unity-all-flash-family/drivers
Dell UnityVSA Operating Environment (OE)	Versions prior to 5.3.0.0.5.120	Version 5.3.0.0.5.120	https://www.dell.com/support/home/product-support/product/unity-all-flash-family/drivers
Dell Unity XT Operating Environment (OE)	Versions prior to 5.3.0.0.5.120	Version 5.3.0.0.5.120	https://www.dell.com/support/home/product-support/product/unity-all-flash-family/drivers

Product	Affected Versions	Remediated Versions	Link
Dell Unity Operating Environment (OE)	Versions prior to 5.3.0.0.5.120	Version 5.3.0.0.5.120	https://www.dell.com/support/home/product-support/product/unity-all-flash-family/drivers
Dell UnityVSA Operating Environment (OE)	Versions prior to 5.3.0.0.5.120	Version 5.3.0.0.5.120	https://www.dell.com/support/home/product-support/product/unity-all-flash-family/drivers
Dell Unity XT Operating Environment (OE)	Versions prior to 5.3.0.0.5.120	Version 5.3.0.0.5.120	https://www.dell.com/support/home/product-support/product/unity-all-flash-family/drivers

Revision History

Revision	Date	Description
1.0	2023-05-08	Initial Release
2.0	2023-09-01	Updated for enhanced presentation with no changes to content.

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Information

Article Properties

Affected Product

Dell EMC Unity, Dell Unity 300, Dell EMC Unity 300F, Dell EMC Unity 350F, Dell EMC Unity 400, Dell EMC Unity 400F, Dell Unity Operating Environment (OE), Dell EMC UnityVSA (Virtual Storage Appliance) , Dell EMC UnityVSA Professional Edition/Unity Cloud Edition ...

DSA-2023-141: Dell Unity, Unity VSA and Unity XT Security Update for Multiple Vulnerability

Summary: Dell Unity, Unity VSA and Unity XT remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content

Impact

Details

Affected Products and Remediation

Revision History

Related Information

Legal Information

Article Properties

Affected Product

Last Published Date

Version

Article Type

Welcome

Welcome to Dell

DSA-2023-141: Dell Unity, Unity VSA and Unity XT Security Update for Multiple Vulnerability

Summary: Dell Unity, Unity VSA and Unity XT remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content

Impact

Details

Affected Products and Remediation

Revision History

Related Information

Legal Information

Article Properties

Affected Product

Last Published Date

Version

Article Type