DSA-2023-068: Dell ECS Security Update for Multiple Vulnerabilities

Summary: Dell ECS 3.7.0.5 remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

High

Details

Third-party Component CVEs More Information
bind CVE-2022-2795, CVE-2022-38177, CVE-2022-38178 https://suse.com/security/cve/CVE-2022-2795This hyperlink is taking you to a website outside of Dell Technologies., https://suse.com/security/cve/CVE-2022-38177This hyperlink is taking you to a website outside of Dell Technologies., https://suse.com/security/cve/CVE-2022-38178This hyperlink is taking you to a website outside of Dell Technologies.
curl CVE-2022-27781, CVE-2022-27782, CVE-2022-32206, CVE-2022-32208, CVE-2022-32221, CVE-2022-35252 https://suse.com/security/cve/CVE-2022-27781This hyperlink is taking you to a website outside of Dell Technologies., https://suse.com/security/cve/CVE-2022-27782This hyperlink is taking you to a website outside of Dell Technologies., https://suse.com/security/cve/CVE-2022-32206This hyperlink is taking you to a website outside of Dell Technologies., https://suse.com/security/cve/CVE-2022-32208This hyperlink is taking you to a website outside of Dell Technologies., https://suse.com/security/cve/CVE-2022-32221This hyperlink is taking you to a website outside of Dell Technologies., https://suse.com/security/cve/CVE-2022-35252This hyperlink is taking you to a website outside of Dell Technologies.
expat CVE-2022-40674 https://suse.com/security/cve/CVE-2022-40674This hyperlink is taking you to a website outside of Dell Technologies.
git CVE-2022-29187 https://suse.com/security/cve/CVE-2022-29187This hyperlink is taking you to a website outside of Dell Technologies.
gpg2 CVE-2022-34903 https://suse.com/security/cve/CVE-2022-34903This hyperlink is taking you to a website outside of Dell Technologies.
libcroco CVE-2020-12825 https://suse.com/security/cve/CVE-2020-12825This hyperlink is taking you to a website outside of Dell Technologies.
libjson CVE-2020-12762 https://suse.com/security/cve/CVE-2020-12762This hyperlink is taking you to a website outside of Dell Technologies.
libpcre1 CVE-2022-1586 https://suse.com/security/cve/CVE-2022-1586This hyperlink is taking you to a website outside of Dell Technologies.
libpcre2 CVE-2022-1587 https://suse.com/security/cve/CVE-2022-1587This hyperlink is taking you to a website outside of Dell Technologies.
libz1 CVE-2022-37434 https://suse.com/security/cve/CVE-2022-37434This hyperlink is taking you to a website outside of Dell Technologies.
python3 CVE-2021-28861 https://suse.com/security/cve/CVE-2021-28861This hyperlink is taking you to a website outside of Dell Technologies.
rsyslog CVE-2022-24903 https://suse.com/security/cve/CVE-2022-24903This hyperlink is taking you to a website outside of Dell Technologies.
sqlite3 CVE-2021-36690, CVE-2022-35737 https://suse.com/security/cve/CVE-2021-36690This hyperlink is taking you to a website outside of Dell Technologies., https://suse.com/security/cve/CVE-2022-35737This hyperlink is taking you to a website outside of Dell Technologies.

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product Affected Versions Remediated Versions Link
Dell ECS Versions prior to 3.7.0.5 Version 3.7.0.5

 		 Dell recommends all customers have their ECS systems upgraded at the earliest opportunity by opening a “Operating Environment Upgrade” Service Request.
Product Affected Versions Remediated Versions Link
Dell ECS Versions prior to 3.7.0.5 Version 3.7.0.5

 		 Dell recommends all customers have their ECS systems upgraded at the earliest opportunity by opening a “Operating Environment Upgrade” Service Request.
NOTE: Some CVEs fixed in ECS 3.7.0.5 are planned to be addressed in a future release of ECS 3.8.0.x. For the latest list of CVEs fixed in ECS 3.8.0.1, please see DSA-2022-294.

Revision History

RevisionDateDescription
1.02023-03-02Initial Release
2.02023-09-01Updated for enhanced presentation with no changes to content.

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

ECS Appliance Hardware Gen3 EX300, ECS Appliance Hardware Gen3 EX3000, ECS Appliance Hardware Gen2 C-Series, ECS Appliance Hardware Gen2 D-Series, ECS Appliance Hardware Gen2 U-Series, ECS Appliance Hardware Gen3 EX500, ECS Appliance Hardware Series , ECS Appliance Software with Encryption, ECS Appliance Software without Encryption, Elastic Cloud Storage ...

Products

Product Security Information
Article Properties
Article Number: 000210730
Article Type: Dell Security Advisory
Last Modified: 01 Sep 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.