DSA-2023-198: Dell ECS Security Update for Multiple Vulnerabilities.

Summary: Dell ECS 3.7.0.6 remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

Medium

Details

Third Party Component CVE ID Details
apache2 CVE-2006-20001 https://suse.com/security/cve/CVE-2006-20001 This hyperlink is taking you to a website outside of Dell Technologies.
apache2 CVE-2022-36760 https://suse.com/security/cve/CVE-2022-36760 This hyperlink is taking you to a website outside of Dell Technologies.
apache2 CVE-2022-37436 https://suse.com/security/cve/CVE-2022-37436 This hyperlink is taking you to a website outside of Dell Technologies.
git CVE-2023-22490 https://suse.com/security/cve/CVE-2023-22490 This hyperlink is taking you to a website outside of Dell Technologies.
git CVE-2023-23946 https://suse.com/security/cve/CVE-2023-23946 This hyperlink is taking you to a website outside of Dell Technologies.
glib2 CVE-2021-28153 https://suse.com/security/cve/CVE-2021-28153 This hyperlink is taking you to a website outside of Dell Technologies.
glibc CVE-2015-8985 https://suse.com/security/cve/CVE-2015-8985 This hyperlink is taking you to a website outside of Dell Technologies.
libapr-util1 CVE-2022-25147 https://suse.com/security/cve/CVE-2022-25147 This hyperlink is taking you to a website outside of Dell Technologies.
libksba CVE-2022-47629 https://suse.com/security/cve/CVE-2022-47629 This hyperlink is taking you to a website outside of Dell Technologies.
libxslt CVE-2021-30560 https://suse.com/security/cve/CVE-2021-30560 This hyperlink is taking you to a website outside of Dell Technologies.
multipath-tools CVE-2022-41974 https://suse.com/security/cve/CVE-2022-41974 This hyperlink is taking you to a website outside of Dell Technologies.
openssl-1_0_0 CVE-2022-4304 https://suse.com/security/cve/CVE-2022-4304 This hyperlink is taking you to a website outside of Dell Technologies.
openssl-1_0_0 CVE-2023-0215 https://suse.com/security/cve/CVE-2023-0215 This hyperlink is taking you to a website outside of Dell Technologies.
openssl-1_0_0 CVE-2023-0286 https://suse.com/security/cve/CVE-2023-0286 This hyperlink is taking you to a website outside of Dell Technologies.
python3 CVE-2020-10735 https://suse.com/security/cve/CVE-2020-10735 This hyperlink is taking you to a website outside of Dell Technologies.
python3 CVE-2022-40899 https://suse.com/security/cve/CVE-2022-40899 This hyperlink is taking you to a website outside of Dell Technologies.
python3 CVE-2022-45061 https://suse.com/security/cve/CVE-2022-45061 This hyperlink is taking you to a website outside of Dell Technologies.
python-py CVE-2022-42969 https://suse.com/security/cve/CVE-2022-42969 This hyperlink is taking you to a website outside of Dell Technologies.
sudo CVE-2022-43995 https://suse.com/security/cve/CVE-2022-43995 This hyperlink is taking you to a website outside of Dell Technologies.
sudo CVE-2023-22809 https://suse.com/security/cve/CVE-2023-22809 This hyperlink is taking you to a website outside of Dell Technologies.
Third Party Component CVE ID Details
apache2 CVE-2006-20001 https://suse.com/security/cve/CVE-2006-20001 This hyperlink is taking you to a website outside of Dell Technologies.
apache2 CVE-2022-36760 https://suse.com/security/cve/CVE-2022-36760 This hyperlink is taking you to a website outside of Dell Technologies.
apache2 CVE-2022-37436 https://suse.com/security/cve/CVE-2022-37436 This hyperlink is taking you to a website outside of Dell Technologies.
git CVE-2023-22490 https://suse.com/security/cve/CVE-2023-22490 This hyperlink is taking you to a website outside of Dell Technologies.
git CVE-2023-23946 https://suse.com/security/cve/CVE-2023-23946 This hyperlink is taking you to a website outside of Dell Technologies.
glib2 CVE-2021-28153 https://suse.com/security/cve/CVE-2021-28153 This hyperlink is taking you to a website outside of Dell Technologies.
glibc CVE-2015-8985 https://suse.com/security/cve/CVE-2015-8985 This hyperlink is taking you to a website outside of Dell Technologies.
libapr-util1 CVE-2022-25147 https://suse.com/security/cve/CVE-2022-25147 This hyperlink is taking you to a website outside of Dell Technologies.
libksba CVE-2022-47629 https://suse.com/security/cve/CVE-2022-47629 This hyperlink is taking you to a website outside of Dell Technologies.
libxslt CVE-2021-30560 https://suse.com/security/cve/CVE-2021-30560 This hyperlink is taking you to a website outside of Dell Technologies.
multipath-tools CVE-2022-41974 https://suse.com/security/cve/CVE-2022-41974 This hyperlink is taking you to a website outside of Dell Technologies.
openssl-1_0_0 CVE-2022-4304 https://suse.com/security/cve/CVE-2022-4304 This hyperlink is taking you to a website outside of Dell Technologies.
openssl-1_0_0 CVE-2023-0215 https://suse.com/security/cve/CVE-2023-0215 This hyperlink is taking you to a website outside of Dell Technologies.
openssl-1_0_0 CVE-2023-0286 https://suse.com/security/cve/CVE-2023-0286 This hyperlink is taking you to a website outside of Dell Technologies.
python3 CVE-2020-10735 https://suse.com/security/cve/CVE-2020-10735 This hyperlink is taking you to a website outside of Dell Technologies.
python3 CVE-2022-40899 https://suse.com/security/cve/CVE-2022-40899 This hyperlink is taking you to a website outside of Dell Technologies.
python3 CVE-2022-45061 https://suse.com/security/cve/CVE-2022-45061 This hyperlink is taking you to a website outside of Dell Technologies.
python-py CVE-2022-42969 https://suse.com/security/cve/CVE-2022-42969 This hyperlink is taking you to a website outside of Dell Technologies.
sudo CVE-2022-43995 https://suse.com/security/cve/CVE-2022-43995 This hyperlink is taking you to a website outside of Dell Technologies.
sudo CVE-2023-22809 https://suse.com/security/cve/CVE-2023-22809 This hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product Affected Version(s) Updated Version(s) Link to Update
Dell ECS Version<= 3.7.0.5 ECS 3.7.0.6 Dell recommends all customers have their ECS systems upgraded at the earliest opportunity by opening a “Operating Environment Upgrade” Service Request.
Product Affected Version(s) Updated Version(s) Link to Update
Dell ECS Version<= 3.7.0.5 ECS 3.7.0.6 Dell recommends all customers have their ECS systems upgraded at the earliest opportunity by opening a “Operating Environment Upgrade” Service Request.
Note: Some CVEs fixed in ECS 3.7.0.6 are planned to be addressed in a future release of ECS 3.8.0.x. For the latest list of CVEs fixed in ECS 3.8.0.2, please see DSA-2023-109

Revision History

RevisionDateDescription
1.02023-05-31Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

ECS, ECS Appliance Hardware Gen3 EX5000, ECS Appliance, ECS Appliance Hardware Gen3 EXF900, ECS Appliance Software with Encryption, ECS Appliance Software without Encryption, ECS Software, Product Security Information
Article Properties
Article Number: 000214424
Article Type: Dell Security Advisory
Last Modified: 31 May 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.