DSA-2025-337: Security Update for Dell Enterprise SONiC Distribution Vulnerabilities
Summary: Dell Enterprise SONiC remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Impact
High
Details
|
Third-party Component |
CVEs |
More Information |
|
shadow |
CVE-2018-7169, CVE-2023-4641, CVE-2023-29383 |
|
|
busybox |
CVE-2018-20679, CVE-2021-28831, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386, CVE-2022-48174, CVE-2023-42364, CVE-2023-42365 |
|
|
openssh |
CVE-2025-26465, CVE-2025-32728 |
|
|
libxml2 |
CVE-2022-49043, CVE-2023-39615, CVE-2023-45322, CVE-2024-25062, CVE-2024-56171, CVE-2025-24928, CVE-2025-27113, CVE-2025-32414, CVE-2025-32415 |
|
|
krb5 |
CVE-2025-24528, CVE-2025-3576 |
|
|
libtasn1-6 |
CVE-2024-12133 |
|
|
gnutls28 |
CVE-2024-12243 |
|
|
libcap2 |
CVE-2023-2602, CVE-2023-2603, CVE-2025-1390 |
|
|
python 3.9 |
CVE-2022-0391, CVE-2025-0938, CVE-2025-1795 |
|
|
vim |
CVE-2021-3872, CVE-2021-4019, CVE-2021-4173, CVE-2021-4187, CVE-2022-0261, CVE-2022-0351, CVE-2022-0359, CVE-2022-0361, CVE-2022-0392, CVE-2022-0417, CVE-2022-0572, CVE-2022-1616, CVE-2022-1785, CVE-2022-1897, CVE-2022-1942, CVE-2022-2000, CVE-2022-2129, CVE-2022-2304, CVE-2022-3099, CVE-2022-3134, CVE-2022-3324, CVE-2022-4141, CVE-2023-0054, CVE-2023-1175, CVE-2023-2610, CVE-2023-4738, CVE-2023-4752, CVE-2023-4781, CVE-2023-5344, CVE-2024-22667, CVE-2024-43802, CVE-2024-47814 |
|
|
freetype |
CVE-2025-27363 |
|
|
libxslt |
CVE-2024-55549, CVE-2025-24855 |
|
|
wget |
CVE-2024-38428 |
|
|
hiredis |
CVE-2020-7105 |
|
|
libbpf |
CVE-2022-3534, CVE-2022-3606 |
|
|
curl |
CVE-2024-2398, CVE-2024-8096 |
|
|
glibc |
CVE-2025-0395, CVE-2025-4802 |
|
|
expat |
CVE-2024-50602 |
|
|
u-boot |
CVE-2019-14196, CVE-2022-2347, CVE-2022-30552, CVE-2022-30767, CVE-2022-30790, CVE-2022-33103, CVE-2022-33967, CVE-2022-34835, CVE-2024-57254, CVE-2024-57255, CVE-2024-57256, CVE-2024-57257, CVE-2024-57258, CVE-2024-57259 |
|
|
net-tools |
CVE-2025-46836 |
|
|
icu |
CVE-2025-5222 |
|
|
python 2.7 |
CVE-2023-27043, CVE-2024-0397, CVE-2024-6232, CVE-2024-6923, CVE-2024-7592, CVE-2024-11168, CVE-2025-0938 |
|
|
bind9 |
CVE-2024-11187 |
Affected Products & Remediation
|
Product |
Affected Versions |
Remediated Versions |
Link |
|
Dell Enterprise SONiC Distribution |
Versions prior to 4.4.3 |
Version 4.4.3 |
|
Product |
Affected Versions |
Remediated Versions |
Link |
|
Dell Enterprise SONiC Distribution |
Versions prior to 4.4.3 |
Version 4.4.3 |
- SONiC downloads are also available from My Account.
- The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Revision History
|
Revision |
Date |
Description |
|
1.0 |
2025-09-03 |
Initial Release |
|
2.0 |
2025-11-03 |
Added python 2.7 and corresponding CVEs to the list of Third-Party components. |
|
3.0 |
2025-11-05 |
Added bind9 and corresponding CVE to the list of Third-Party components. |