DSA-2023-372: Dell Container Storage Modules Security Update for Multiple Third Party Vulnerabilities.

Summary: Dell Container Storage Modules remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

Critical

Details

Third-party Component CVEs More Information
bzip2-libs CVE-2019-12900 https://nvd.nist.gov/vuln/detail/cve-2019-12900 This hyperlink is taking you to a website outside of Dell Technologies.
Curl, libcurl CVE-2023-28321, CVE-2022-35252, CVE-2022-43552, CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-28321This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2022-35252This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2022-43552This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2023-27535This hyperlink is taking you to a website outside of Dell Technologies.
dbus CVE-2020-35512, CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2020-35512This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2023-34969 This hyperlink is taking you to a website outside of Dell Technologies.
expat CVE-2022-23990 https://nvd.nist.gov/vuln/detail/CVE-2022-23990 This hyperlink is taking you to a website outside of Dell Technologies.
gnupg2 CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 This hyperlink is taking you to a website outside of Dell Technologies.
gnutls CVE-2021-4209 https://nvd.nist.gov/vuln/detail/CVE-2021-4209 This hyperlink is taking you to a website outside of Dell Technologies.
krb5-libs CVE-2020-17049 https://nvd.nist.gov/vuln/detail/CVE-2020-17049 This hyperlink is taking you to a website outside of Dell Technologies.
libarchive CVE-2022-36227, CVE-2018-1000879, CVE-2018-1000880, CVE-2020-21674 https://nvd.nist.gov/vuln/detail/CVE-2022-36227This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2018-1000879This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2018-1000880This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2020-21674 This hyperlink is taking you to a website outside of Dell Technologies.
util-linux CVE-2023-29383 https://nvd.nist.gov/vuln/detail/CVE-2023-29383 This hyperlink is taking you to a website outside of Dell Technologies.
libgcrypt CVE-2019-12904 https://nvd.nist.gov/vuln/detail/CVE-2019-12904 This hyperlink is taking you to a website outside of Dell Technologies.
libxml2 CVE-2023-28484, CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-28484This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2023-29469 This hyperlink is taking you to a website outside of Dell Technologies.
libzstd CVE-2021-24032 https://nvd.nist.gov/vuln/detail/CVE-2021-24032 This hyperlink is taking you to a website outside of Dell Technologies.
libtasn1 CVE-2018-1000654 https://nvd.nist.gov/vuln/detail/CVE-2018-1000654 This hyperlink is taking you to a website outside of Dell Technologies.
lz4-libs CVE-2019-17543 https://nvd.nist.gov/vuln/detail/CVE-2019-17543 This hyperlink is taking you to a website outside of Dell Technologies.
Openssl
 		 CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-0464This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2023-0465This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2023-0466 This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2023-2650 This hyperlink is taking you to a website outside of Dell Technologies.
python3-unbound
unbound-libs
 		 CVE-2022-3204, CVE-2019-16866 https://nvd.nist.gov/vuln/detail/CVE-2022-3204 This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2019-16866 This hyperlink is taking you to a website outside of Dell Technologies.
sqlite-libs CVE-2020-24736, CVE-2019-19244, CVE-2019-9936, CVE-2019-9937 https://nvd.nist.gov/vuln/detail/CVE-2020-24736 This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2019-19244 This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2019-9936 This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2019-9937This hyperlink is taking you to a website outside of Dell Technologies.
systemd
 		 CVE-2023-26604, CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2023-26604This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2018-20839This hyperlink is taking you to a website outside of Dell Technologies.
platform-python
python3-libs
 		 CVE-2023-24329 https://nvd.nist.gov/vuln/detail/CVE-2023-24329This hyperlink is taking you to a website outside of Dell Technologies.
device-mapper-multipath
 		 CVE-2022-41973 https://nvd.nist.gov/vuln/detail/CVE-2022-41973 This hyperlink is taking you to a website outside of Dell Technologies.
aws-sdk-go CVE-2020-8911, CVE-2020-8912 https://nvd.nist.gov/vuln/detail/CVE-2020-8911This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2020-8912This hyperlink is taking you to a website outside of Dell Technologies.,
AWS S3 Crypto SDK CVE-2022-2582, GHSA-76wf-9vgp-pj7w https://nvd.nist.gov/vuln/detail/CVE-2022-2582This hyperlink is taking you to a website outside of Dell Technologies.,
https://github.com/advisories/GHSA-76wf-9vgp-pj7w This hyperlink is taking you to a website outside of Dell Technologies.
sftp PRISMA-2021-0214 https://nvd.nist.gov/vuln/detail/CVE-2021-0214This hyperlink is taking you to a website outside of Dell Technologies.
openssh-clients CVE-2018-15919, CVE-2019-6110 https://nvd.nist.gov/vuln/detail/CVE-2018-15919 This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2019-6110This hyperlink is taking you to a website outside of Dell Technologies.
tar CVE-2019-9923 https://nvd.nist.gov/vuln/detail/CVE-2019-9923This hyperlink is taking you to a website outside of Dell Technologies.
yaml CVE-2019-11254, CVE-2021-4235 https://nvd.nist.gov/vuln/detail/CVE-2019-11254 This hyperlink is taking you to a website outside of Dell Technologies.,
 https://nvd.nist.gov/vuln/detail/CVE-2021-4235This hyperlink is taking you to a website outside of Dell Technologies.
libgcc CVE-2021-42694, CVE-2021-20657, CVE-2019-14250, CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2021-42694This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2021-20657This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2019-14250This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2018-20657 This hyperlink is taking you to a website outside of Dell Technologies.
ncurses
 		 CVE-2021-39537, CVE-2018-19211, CVE-2018-19217 https://nvd.nist.gov/vuln/detail/CVE-2021-39537This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2018-19211This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2018-19217This hyperlink is taking you to a website outside of Dell Technologies.
go-restful/v3 PRISMA-2022-0227 https://discuss.hashicorp.com/t/security-vulnerability-prisma-2022-0227/51264 This hyperlink is taking you to a website outside of Dell Technologies.
lua CVE-2021-45985 https://nvd.nist.gov/vuln/detail/CVE-2021-45985This hyperlink is taking you to a website outside of Dell Technologies.
HTTP/1 CVE-2023-24906 https://nvd.nist.gov/vuln/detail/CVE-2023-29406 This hyperlink is taking you to a website outside of Dell Technologies.

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVEs Addressed Product Affected Versions Updated Versions Link
CVE-2019-12900, CVE-2023-28321, CVE-2022-35252, CVE-2022-43552, CVE-2023-27535, CVE-2020-35512, CVE-2022-23990, CVE-2022-3219, CVE-2021-4209, CVE-2020-17049, CVE-2022-36227, CVE-2023-29383, CVE-2019-12904,CVE-2023-28484, CVE-2023-29469, CVE-2021-24032, CVE-2018-1000654, CVE-2019-17543, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2022-3204, CVE-2019-16866, CVE-2020-24736, CVE-2019-19244, CVE-2019-9936, CVE-2019-9937, CVE-2023-26604, CVE-2023-24329, CVE-2022-41973, CVE-2020-8911, CVE-2022-2582, GHSA-76wf-9vgp-pj7w, PRISMA-2021-0214, CVE-2018-15919, CVE-2019-6110, CVE-2020-8912, CVE-2019-9923, CVE-2019-11254, CVE-2021-4235, CVE-2023-34969, CVE-2021-42694, CVE-2021-20657, CVE-2019-14250, CVE-2021-39537, CVE-2018-19211, CVE-2018-19217, CVE-2018-20839, PRISMA-2022-0227, CVE-2021-45985, CVE-2018-20657 , CVE-2018-1000879, CVE-2018-1000880, CVE-2020-21674, cve-2023-29406 Dell Container Storage Modules Versions prior to 1.8 1.8 https://github.com/dell/csmThis hyperlink is taking you to a website outside of Dell Technologies.
CVEs Addressed Product Affected Versions Updated Versions Link
CVE-2019-12900, CVE-2023-28321, CVE-2022-35252, CVE-2022-43552, CVE-2023-27535, CVE-2020-35512, CVE-2022-23990, CVE-2022-3219, CVE-2021-4209, CVE-2020-17049, CVE-2022-36227, CVE-2023-29383, CVE-2019-12904,CVE-2023-28484, CVE-2023-29469, CVE-2021-24032, CVE-2018-1000654, CVE-2019-17543, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2022-3204, CVE-2019-16866, CVE-2020-24736, CVE-2019-19244, CVE-2019-9936, CVE-2019-9937, CVE-2023-26604, CVE-2023-24329, CVE-2022-41973, CVE-2020-8911, CVE-2022-2582, GHSA-76wf-9vgp-pj7w, PRISMA-2021-0214, CVE-2018-15919, CVE-2019-6110, CVE-2020-8912, CVE-2019-9923, CVE-2019-11254, CVE-2021-4235, CVE-2023-34969, CVE-2021-42694, CVE-2021-20657, CVE-2019-14250, CVE-2021-39537, CVE-2018-19211, CVE-2018-19217, CVE-2018-20839, PRISMA-2022-0227, CVE-2021-45985, CVE-2018-20657 , CVE-2018-1000879, CVE-2018-1000880, CVE-2020-21674, cve-2023-29406 Dell Container Storage Modules Versions prior to 1.8 1.8 https://github.com/dell/csmThis hyperlink is taking you to a website outside of Dell Technologies.

Workarounds & Mitigations

None

Revision History

RevisionDateDescription
1.02023-09-20Initial Release
2.02023-10-05Minor Revision: style and formatting changes without any changes to the content itself.
3.02023-10-13Updated for enhanced presentation with no changes to content.
4.02023-11-24Updated content with new CVE-2023-24906 added as fixed

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

Container Storage Modules Family, Container Storage Modules
Article Properties
Article Number: 000218111
Article Type: Dell Security Advisory
Last Modified: 24 Nov 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.