DSA-2023-298: Security update for Dell ECS 3.8.0.3 Multiple vulnerabilities.

Summary: Dell ECS 3.8.0.3 remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

Critical

Details

Third-Party Component CVE’s More Information
apache2 CVE-2022-36760, CVE-2022-37436, CVE-2023-25690 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.
binutils CVE-2019-1010204, CVE-2021-3530, CVE-2021-3648, CVE-2021-3826, CVE-2021-45078, CVE-2021-46195, CVE-2022-27943, CVE-2022-38126, CVE-2022-38127, CVE-2022-38533 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.
Containerd CVE-2021-41089, CVE-2021-41092, CVE-2021-41103, CVE-2022-29162, CVE-2022-31030, CVE-2022-23471, CVE-2022-27191, CVE-2023-25153, CVE-2023-25173 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.
curl CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, CVE-2022-43552, CVE-2023-23916, CVE-2023-27533 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.
dbus CVE-2022-42010, CVE-2022-42011, CVE-2022-42012 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.
dmidecode CVE-2023-30630 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.
docker CVE-2019-5736, CVE-2022-36109 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.
emacs CVE-2022-45939, CVE-2022-48337, CVE-2022-48339 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.
expat CVE-2022-43680 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.
git CVE-2023-25652, CVE-2023-25815, CVE-2023-29007 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.
git-.i26 CVE-2022-23521, CVE-2022-41903, CVE-2023-22490, CVE-2023-23946 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.
glibc CVE-2015-8985 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.
 
grub2 CVE-2022-2601, CVE-2022-3775 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.
 
java CVE-2022-21540, CVE-2022-21541, CVE-2022-21549, CVE-2022-34169, CVE-2022-21618, CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628, CVE-2022-39399, CVE-2023-21830, CVE-2023-21835, CVE-2023-21843, CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.
 
Kernel CVE-2019-19377, CVE-2020-26541, CVE-2021-4157, CVE-2022-1184, CVE-2022-1679, CVE-2022-1729, CVE-2022-1974, CVE-2022-1975, CVE-2022-20132, CVE-2022-20141, CVE-2022-20154, CVE-2022-21499, CVE-2022-2318, CVE-2022-26365, CVE-2022-29900, CVE-2022-29901, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742, CVE-2022-33981, CVE-2021-26341, CVE-2021-33655, CVE-2021-33656, CVE-2022-1462, CVE-2020-36516, CVE-2020-36557, CVE-2020-36558, CVE-2021-4203, CVE-2022-20166, CVE-2022-20368, CVE-2022-20369, CVE-2022-21385, CVE-2022-2588, CVE-2022-26373, CVE-2022-2639, CVE-2022-2977, CVE-2022-3028, CVE-2022-36879, CVE-2022-36946, CVE-2022-2503, CVE-2022-2663, CVE-2022-3239, CVE-2022-39188, CVE-2022-41218, CVE-2021-4037, CVE-2022-2153, CVE-2022-28693, CVE-2022-28748, CVE-2022-2964, CVE-2022-3169, CVE-2022-3424, CVE-2022-3521, CVE-2022-3524, CVE-2022-3542, CVE-2022-3545, CVE-2022-3565, CVE-2022-3567, CVE-2022-3586, CVE-2022-3594, CVE-2022-3621, CVE-2022-3628, CVE-2022-3629, CVE-2022-3635, CVE-2022-3643, CVE-2022-3646, CVE-2022-3649, CVE-2022-3903, CVE-2022-40307, CVE-2022-40768, CVE-2022-4095, CVE-2022-41848, CVE-2022-41850, CVE-2022-41858, CVE-2022-42328, CVE-2022-42329, CVE-2022-42703, CVE-2022-42895, CVE-2022-42896, CVE-2022-43750, CVE-2022-4378, CVE-2022-43945, CVE-2022-45934, CVE-2022-3564, CVE-2022-4662, CVE-2022-47929, CVE-2023-23454, CVE-2022-2991, CVE-2022-4129, CVE-2022-36280, CVE-2022-38096, CVE-2023-0045, CVE-2023-0590, CVE-2023-23559, CVE-2023-26545, CVE-2017-5753, CVE-2020-36691, CVE-2021-3923, CVE-2022-20567, CVE-2023-0597, CVE-2023-1076, CVE-2023-1095, CVE-2023-1118, CVE-2023-1390, CVE-2023-1513, CVE-2023-1611, CVE-2023-1670, CVE-2023-1855, CVE-2023-1989, CVE-2023-1990, CVE-2023-1998, CVE-2023-2124, CVE-2023-2162, CVE-2023-23455, CVE-2023-2483, CVE-2023-28328, CVE-2023-28464, CVE-2023-28772, CVE-2023-30772, CVE-2023-0394 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.
krb CVE-2022-42898 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.
libapr CVE-2022-25147 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.
libksba CVE-2022-3515, CVE-2022-47629 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.
libpixman CVE-2022-44638 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.
libtiff CVE-2022-0561, CVE-2022-2519, CVE-2022-2520, CVE-2022-2521, CVE-2022-2867, CVE-2022-2868, CVE-2022-2869, CVE-2022-34266, CVE-2022-34526, CVE-2022-3599, CVE-2022-3626, CVE-2022-3627, CVE-2022-3970, CVE-2022-48281, CVE-2022-3597 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.
libtripc CVE-2021-46828 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.
libtsin1 CVE-2021-46848 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.
libxml2 CVE-2016-3709, CVE-2022-40303, CVE-2022-40304 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.
libxslt CVE-2021-30560 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.
openssl CVE-2022-4304, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.
python CVE-2022-42969, CVE-2020-25658, CVE-2022-40899, CVE-2023-24329, CVE-2015-2296 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.
python-urllib3 CVE-2020-26116, CVE-2020-26137, CVE-2021-33503 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.
runc CVE-2023-25809, CVE-2023-27561, CVE-2023-28642 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.
 
shadow CVE-2023-29383 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.
sudo CVE-2023-22809, CVE-2023-28486, CVE-2023-28487 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.
systemd CVE-2022-3821, CVE-2022-4415, CVE-2023-26604 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.
telnet CVE-2022-39028 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.
ucode CVE-2022-21216, CVE-2022-33196, CVE-2022-38090 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.
ucode-intel CVE-2022-21233 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.
vim CVE-2023-1127, CVE-2023-1170, CVE-2023-1175, CVE-2021-3968, CVE-2021-3973, CVE-2021-3778, CVE-2021-3796, CVE-2021-3872, CVE-2021-3875, CVE-2021-3903, CVE-2021-3927, CVE-2021-3928, CVE-2021-3974, CVE-2021-3984, CVE-2021-4019, CVE-2021-4069, CVE-2021-4136, CVE-2021-4166, CVE-2021-4192, CVE-2021-4193, CVE-2022-0128, CVE-2022-0213, CVE-2022-0261, CVE-2022-0318, CVE-2022-0319, CVE-2022-0351, CVE-2022-0359, CVE-2022-0361, CVE-2022-0392, CVE-2022-0407, CVE-2022-0413, CVE-2022-0696, CVE-2022-1897, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2182, CVE-2022-2183, CVE-2022-2206, CVE-2022-2207, CVE-2022-2208, CVE-2022-2210, CVE-2022-2231, CVE-2022-2257, CVE-2022-2264, CVE-2022-2284, CVE-2022-2286, CVE-2022-2287, CVE-2022-2304, CVE-2022-2343, CVE-2022-2344, CVE-2022-2345, CVE-2022-2522, CVE-2022-2571, CVE-2022-2580, CVE-2022-2581, CVE-2022-2598, CVE-2022-2819, CVE-2022-2980, CVE-2022-3016, CVE-2022-3037, CVE-2022-3099, CVE-2022-3134, CVE-2022-3153, CVE-2022-3234, CVE-2022-3235, CVE-2022-3296, CVE-2022-3297, CVE-2022-3324, CVE-2022-3352, CVE-2022-3491, CVE-2022-3520, CVE-2022-3591, CVE-2022-3705, CVE-2022-4141, CVE-2022-4292, CVE-2022-4293, CVE-2023-0049, CVE-2023-0051, CVE-2023-0054, CVE-2023-0433 See SUSE link below for each CVE. 
https://www.suse.comThis hyperlink is taking you to a website outside of Dell Technologies.

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product Affected Versions Updated Versions Link
Dell ECS Versions prior to 3.8.0.3 ECS 3.8.0.3 Dell Technologies recommends all customers have their ECS systems upgraded at the earliest opportunity by opening a “Operating Environment Upgrade” Service Request.
Product Affected Versions Updated Versions Link
Dell ECS Versions prior to 3.8.0.3 ECS 3.8.0.3 Dell Technologies recommends all customers have their ECS systems upgraded at the earliest opportunity by opening a “Operating Environment Upgrade” Service Request.

Workarounds & Mitigations

None

Revision History

RevisionDateDescription
1.02023-08-31Initial Release

 

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

ECS, ECS Appliance, ECS Appliance Software with Encryption, ECS Appliance Software without Encryption, ECS Software
Article Properties
Article Number: 000217202
Article Type: Dell Security Advisory
Last Modified: 31 Aug 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.