Article Number: 000216918

DSA-2023-308: Security Update for Dell Cloud Tiering Appliance for Multiple Third-Party Components Vulnerabilities

Summary: Dell Cloud Tiering Appliance remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

High

Details

Third-party Component	CVEs	More Information
bind-utils	CVE-2023-2828	https://nvd.nist.gov/vuln/detail/CVE-2023-2828
cups-libs	CVE-2023-32324	https://nvd.nist.gov/vuln/detail/CVE-2023-32324
curl	CVE-2022-43552, CVE-2023-23916, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322	See NVD link below for individual scores for each CVE https://nvd.nist.gov
dmidecode	CVE-2023-30630	https://nvd.nist.gov/vuln/detail/CVE-2023-30630
ghostscript	CVE-2023-36664	https://nvd.nist.gov/vuln/detail/CVE-2023-36664
java-1_8_0-openjdk	CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968	See NVD link below for individual scores for each CVE https://nvd.nist.gov
kernel-default	CVE-2022-3566, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919 , CVE-2023-1380, CVE-2023-2176, CVE-2023-2194, CVE-2023-2513, CVE-2023-31084, CVE-2023-31436, CVE-2023-32269, CVE-2017-5753, CVE-2020-36691, CVE-2021-3923, CVE-2021-4203, CVE-2022-20567, CVE-2022-43945, CVE-2023-0590, CVE-2023-0597, CVE-2023-1076, CVE-2023-1095, CVE-2023-1118, CVE-2023-1390, CVE-2023-1513, CVE-2023-1611, CVE-2023-1670, CVE-2023-1855, CVE-2023-1989, CVE-2023-1990, CVE-2023-1998, CVE-2023-2124, CVE-2023-2162, CVE-2023-23454, CVE-2023-23455, CVE-2023-2483, CVE-2023-28328, CVE-2023-28464, CVE-2023-28772	See NVD link below for individual scores for each CVE https://nvd.nist.gov
libX11	CVE-2023-3138	https://nvd.nist.gov/vuln/detail/CVE-2023-3138
bind	CVE-2023-2828	https://nvd.nist.gov/vuln/detail/CVE-2023-2828
libcares2	CVE-2023-31124, CVE-2023-31130, CVE-2023-31147, CVE-2023-32067	See NVD link below for individual scores for each CVE https://nvd.nist.gov
libopenssl1	CVE-2022-4304	https://nvd.nist.gov/vuln/detail/CVE-2022-4304
libsqlite3	CVE-2022-46908	https://nvd.nist.gov/vuln/detail/CVE-2022-46908
openssl	CVE-2022-4304	https://nvd.nist.gov/vuln/detail/CVE-2022-4304
openssl-1_0_0	CVE-2023-0465, CVE-2023-0466, CVE-2023-2650	See NVD link below for individual scores for each CVE https://nvd.nist.gov
perl	CVE-2023-31484	CVE-2023-31484
postgresql15	CVE-2023-2454, CVE-2023-2455	See NVD link below for individual scores for each CVE https://nvd.nist.gov
python	CVE-2023-24329	https://nvd.nist.gov/vuln/detail/CVE-2023-24329
python-bind	CVE-2023-2828	https://nvd.nist.gov/vuln/detail/CVE-2023-2828
samba	CVE-2022-2127	https://nvd.nist.gov/vuln/detail/CVE-2022-2127
shadow	CVE-2023-29383	https://nvd.nist.gov/vuln/detail/CVE-2023-29383
sqlite3	CVE-2022-46908	https://nvd.nist.gov/vuln/detail/CVE-2022-46908
ucode-intel	CVE-2022-33972	https://nvd.nist.gov/vuln/detail/CVE-2022-33972

Third-party Component	CVEs	More Information
bind-utils	CVE-2023-2828	https://nvd.nist.gov/vuln/detail/CVE-2023-2828
cups-libs	CVE-2023-32324	https://nvd.nist.gov/vuln/detail/CVE-2023-32324
curl	CVE-2022-43552, CVE-2023-23916, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322	See NVD link below for individual scores for each CVE https://nvd.nist.gov
dmidecode	CVE-2023-30630	https://nvd.nist.gov/vuln/detail/CVE-2023-30630
ghostscript	CVE-2023-36664	https://nvd.nist.gov/vuln/detail/CVE-2023-36664
java-1_8_0-openjdk	CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968	See NVD link below for individual scores for each CVE https://nvd.nist.gov
kernel-default	CVE-2022-3566, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919 , CVE-2023-1380, CVE-2023-2176, CVE-2023-2194, CVE-2023-2513, CVE-2023-31084, CVE-2023-31436, CVE-2023-32269, CVE-2017-5753, CVE-2020-36691, CVE-2021-3923, CVE-2021-4203, CVE-2022-20567, CVE-2022-43945, CVE-2023-0590, CVE-2023-0597, CVE-2023-1076, CVE-2023-1095, CVE-2023-1118, CVE-2023-1390, CVE-2023-1513, CVE-2023-1611, CVE-2023-1670, CVE-2023-1855, CVE-2023-1989, CVE-2023-1990, CVE-2023-1998, CVE-2023-2124, CVE-2023-2162, CVE-2023-23454, CVE-2023-23455, CVE-2023-2483, CVE-2023-28328, CVE-2023-28464, CVE-2023-28772	See NVD link below for individual scores for each CVE https://nvd.nist.gov
libX11	CVE-2023-3138	https://nvd.nist.gov/vuln/detail/CVE-2023-3138
bind	CVE-2023-2828	https://nvd.nist.gov/vuln/detail/CVE-2023-2828
libcares2	CVE-2023-31124, CVE-2023-31130, CVE-2023-31147, CVE-2023-32067	See NVD link below for individual scores for each CVE https://nvd.nist.gov
libopenssl1	CVE-2022-4304	https://nvd.nist.gov/vuln/detail/CVE-2022-4304
libsqlite3	CVE-2022-46908	https://nvd.nist.gov/vuln/detail/CVE-2022-46908
openssl	CVE-2022-4304	https://nvd.nist.gov/vuln/detail/CVE-2022-4304
openssl-1_0_0	CVE-2023-0465, CVE-2023-0466, CVE-2023-2650	See NVD link below for individual scores for each CVE https://nvd.nist.gov
perl	CVE-2023-31484	CVE-2023-31484
postgresql15	CVE-2023-2454, CVE-2023-2455	See NVD link below for individual scores for each CVE https://nvd.nist.gov
python	CVE-2023-24329	https://nvd.nist.gov/vuln/detail/CVE-2023-24329
python-bind	CVE-2023-2828	https://nvd.nist.gov/vuln/detail/CVE-2023-2828
samba	CVE-2022-2127	https://nvd.nist.gov/vuln/detail/CVE-2022-2127
shadow	CVE-2023-29383	https://nvd.nist.gov/vuln/detail/CVE-2023-29383
sqlite3	CVE-2022-46908	https://nvd.nist.gov/vuln/detail/CVE-2022-46908
ucode-intel	CVE-2022-33972	https://nvd.nist.gov/vuln/detail/CVE-2022-33972

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product	Software/Firmware	Affected Versions	Updated Version	Link to Update
Cloud Tiering Appliance	CTA and CTA-HA	Versions prior to 13.1.0.2.33	Version 13.1.0.2.33	https://www.dell.com/support/home/product-support/product/cloud-tiering-appliance/drivers
Cloud Tiering Appliance	CTA/VE and CTA-HA/VE	Versions prior to 13.1.0.2.33	Version 13.1.0.2.33	https://www.dell.com/support/home/product-support/product/cloud-tiering-applianceve/drivers

Product	Software/Firmware	Affected Versions	Updated Version	Link to Update
Cloud Tiering Appliance	CTA and CTA-HA	Versions prior to 13.1.0.2.33	Version 13.1.0.2.33	https://www.dell.com/support/home/product-support/product/cloud-tiering-appliance/drivers
Cloud Tiering Appliance	CTA/VE and CTA-HA/VE	Versions prior to 13.1.0.2.33	Version 13.1.0.2.33	https://www.dell.com/support/home/product-support/product/cloud-tiering-applianceve/drivers

Revision History

Revision	Date	Description
1.0	2023-08-22	Initial Release
2.0	2024-02-26	Updated for enhancement with no change to content

Related Information

Legal Information

Article Properties

Affected Product

Cloud Tiering Appliance, Cloud Tiering Appliance Platform, Cloud Tiering Appliance/VE

DSA-2023-308: Security Update for Dell Cloud Tiering Appliance for Multiple Third-Party Components Vulnerabilities

Summary: Dell Cloud Tiering Appliance remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Details

Affected Products and Remediation

Revision History

Related Information

Legal Information

Article Properties

Affected Product

Last Published Date

Version

Article Type

Welcome

Welcome to Dell

DSA-2023-308: Security Update for Dell Cloud Tiering Appliance for Multiple Third-Party Components Vulnerabilities

Summary: Dell Cloud Tiering Appliance remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Details

Affected Products and Remediation

Revision History

Related Information

Legal Information

Article Properties

Affected Product

Last Published Date

Version

Article Type