Article Number: 000216919

DSA-2023-309: Security Update for Dell Cloud Tiering Appliance for Multiple Third-Party Components Vulnerabilities

Summary: Dell Cloud Tiering Appliance remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

High

Details

Third-party Component	CVEs	More Information
bind	CVE-2023-2828	https://nvd.nist.gov/vuln/detail/CVE-2023-2828
bind-utils	CVE-2023-1410, CVE-2023-1387, CVE-2022-46146, CVE-2022-41715, CVE-2022-36062, CVE-2022-35957, CVE-2022-32149, CVE-2022-31107, CVE-2022-31097, CVE-2022-27664, CVE-2022-0155, CVE-2021-43138, CVE-2021-3918, CVE-2021-3807, CVE-2020-7753	See NVD link below for individual scores for each CVE https://nvd.nist.gov
c-ares	CVE-2023-31124, CVE-2023-31130, CVE-2023-31147, CVE-2023-32067	See NVD link below for individual scores for each CVE https://nvd.nist.gov
cups	CVE-2023-32324, CVE-2023-34241	See NVD link below for individual scores for each CVE https://nvd.nist.gov
curl	CVE-2023-28320, -2023-28321, CVE-2023-28322	See NVD link below for individual scores for each CVE https://nvd.nist.gov
dmidecode	CVE-2023-30630	https://nvd.nist.gov/vuln/detail/CVE-2023-30630
giflib	CVE-2016-3977, CVE-2018-11490, CVE-2019-15133	See NVD link below for individual scores for each CVE https://nvd.nist.gov
java-11-openjdk	CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968	See NVD link below for individual scores for each CVE https://nvd.nist.gov
kernel-default	CVE-2020-36691, CVE-2022-2196, CVE-2022-43945, CVE-2023-1611, CVE-2023-1670, CVE-2023-1838, CVE-2023-1855, CVE-2023-1872, CVE-2023-1989, CVE-2023-1990, CVE-2023-1998, CVE-2023-2008, CVE-2023-2162, CVE-2023-2176, CVE-2023-30772, CVE-2020-36694, CVE-2021-29650, CVE-2022-3566, CVE-2022-4269, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886,CVE-2022-45887, CVE-2022-45919, CVE-2023-1079, CVE-2023-1380, CVE-2023-1637, CVE-2023-2124, CVE-2023-2194, CVE-2023-23586, CVE-2023-2483, CVE-2023-2513, CVE-2023-31084, CVE-2023-31436, CVE-2023-32233, CVE-2023-32269, CVE-2023-33288, CVE-2023-1077, CVE-2023-1249, CVE-2023-2002, CVE-2023-3090, CVE-2023-3141, CVE-2023-3159, CVE-2023-3161, CVE-2023-3268, CVE-2023-3358, CVE-2023-35788, CVE-2023-35823, CVE-2023-35824, CVE-2023-35828	See NVD link below for individual scores for each CVE https://nvd.nist.gov
kernel-firmware	CVE-2023-20593	https://nvd.nist.gov/vuln/detail/CVE-2023-20593
libX11	CVE-2023-3138	https://nvd.nist.gov/vuln/detail/CVE-2023-3138
libirs1601	CVE-2023-1410, CVE-2023-1387, CVE-2022-46146, CVE-2022-41715, CVE-2022-36062, CVE-2022-35957, CVE-2022-32149, CVE-2022-31107, CVE-2022-31097, CVE-2022-27664, CVE-2022-0155, CVE-2021-43138, CVE-2021-3918, CVE-2021-3807, CVE-2020-7753	See NVD link below for individual scores for each CVE https://nvd.nist.gov
libisccc1600	CVE-2023-1410, CVE-2023-1387, CVE-2022-46146, CVE-2022-41715, CVE-2022-36062, CVE-2022-35957, CVE-2022-32149, CVE-2022-31107, CVE-2022-31097, CVE-2022-27664, CVE-2022-0155, CVE-2021-43138, CVE-2021-3918, CVE-2021-3807, CVE-2020-7753	See NVD link below for individual scores for each CVE https://nvd.nist.gov
libsqlite3	CVE-2022-46908	https://nvd.nist.gov/vuln/detail/CVE-2022-46908
libxml2	CVE-2021-3541, CVE-2022-29824, CVE-2023-28484, CVE-2023-29469	See NVD link below for individual scores for each CVE https://nvd.nist.gov
http-cache-semantics	CVE-2022-25881	https://nvd.nist.gov/vuln/detail/CVE-2022-25881
openssh	CVE-2023-38408	https://nvd.nist.gov/vuln/detail/CVE-2023-38408
openssl-1_1	CVE-2023-2650	https://nvd.nist.gov/vuln/detail/CVE-2023-2650
postgresql13	CVE-2023-2454, CVE-2023-2455	See NVD link below for individual scores for each CVE https://nvd.nist.gov
postgresql15	CVE-2023-2454, CVE-2023-2455	See NVD link below for individual scores for each CVE https://nvd.nist.gov
shadow	CVE-2023-29383	https://nvd.nist.gov/vuln/detail/CVE-2023-29383
sqlite3	CVE-2022-46908	https://nvd.nist.gov/vuln/detail/CVE-2022-46908

Third-party Component	CVEs	More Information
bind	CVE-2023-2828	https://nvd.nist.gov/vuln/detail/CVE-2023-2828
bind-utils	CVE-2023-1410, CVE-2023-1387, CVE-2022-46146, CVE-2022-41715, CVE-2022-36062, CVE-2022-35957, CVE-2022-32149, CVE-2022-31107, CVE-2022-31097, CVE-2022-27664, CVE-2022-0155, CVE-2021-43138, CVE-2021-3918, CVE-2021-3807, CVE-2020-7753	See NVD link below for individual scores for each CVE https://nvd.nist.gov
c-ares	CVE-2023-31124, CVE-2023-31130, CVE-2023-31147, CVE-2023-32067	See NVD link below for individual scores for each CVE https://nvd.nist.gov
cups	CVE-2023-32324, CVE-2023-34241	See NVD link below for individual scores for each CVE https://nvd.nist.gov
curl	CVE-2023-28320, -2023-28321, CVE-2023-28322	See NVD link below for individual scores for each CVE https://nvd.nist.gov
dmidecode	CVE-2023-30630	https://nvd.nist.gov/vuln/detail/CVE-2023-30630
giflib	CVE-2016-3977, CVE-2018-11490, CVE-2019-15133	See NVD link below for individual scores for each CVE https://nvd.nist.gov
java-11-openjdk	CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968	See NVD link below for individual scores for each CVE https://nvd.nist.gov
kernel-default	CVE-2020-36691, CVE-2022-2196, CVE-2022-43945, CVE-2023-1611, CVE-2023-1670, CVE-2023-1838, CVE-2023-1855, CVE-2023-1872, CVE-2023-1989, CVE-2023-1990, CVE-2023-1998, CVE-2023-2008, CVE-2023-2162, CVE-2023-2176, CVE-2023-30772, CVE-2020-36694, CVE-2021-29650, CVE-2022-3566, CVE-2022-4269, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886,CVE-2022-45887, CVE-2022-45919, CVE-2023-1079, CVE-2023-1380, CVE-2023-1637, CVE-2023-2124, CVE-2023-2194, CVE-2023-23586, CVE-2023-2483, CVE-2023-2513, CVE-2023-31084, CVE-2023-31436, CVE-2023-32233, CVE-2023-32269, CVE-2023-33288, CVE-2023-1077, CVE-2023-1249, CVE-2023-2002, CVE-2023-3090, CVE-2023-3141, CVE-2023-3159, CVE-2023-3161, CVE-2023-3268, CVE-2023-3358, CVE-2023-35788, CVE-2023-35823, CVE-2023-35824, CVE-2023-35828	See NVD link below for individual scores for each CVE https://nvd.nist.gov
kernel-firmware	CVE-2023-20593	https://nvd.nist.gov/vuln/detail/CVE-2023-20593
libX11	CVE-2023-3138	https://nvd.nist.gov/vuln/detail/CVE-2023-3138
libirs1601	CVE-2023-1410, CVE-2023-1387, CVE-2022-46146, CVE-2022-41715, CVE-2022-36062, CVE-2022-35957, CVE-2022-32149, CVE-2022-31107, CVE-2022-31097, CVE-2022-27664, CVE-2022-0155, CVE-2021-43138, CVE-2021-3918, CVE-2021-3807, CVE-2020-7753	See NVD link below for individual scores for each CVE https://nvd.nist.gov
libisccc1600	CVE-2023-1410, CVE-2023-1387, CVE-2022-46146, CVE-2022-41715, CVE-2022-36062, CVE-2022-35957, CVE-2022-32149, CVE-2022-31107, CVE-2022-31097, CVE-2022-27664, CVE-2022-0155, CVE-2021-43138, CVE-2021-3918, CVE-2021-3807, CVE-2020-7753	See NVD link below for individual scores for each CVE https://nvd.nist.gov
libsqlite3	CVE-2022-46908	https://nvd.nist.gov/vuln/detail/CVE-2022-46908
libxml2	CVE-2021-3541, CVE-2022-29824, CVE-2023-28484, CVE-2023-29469	See NVD link below for individual scores for each CVE https://nvd.nist.gov
http-cache-semantics	CVE-2022-25881	https://nvd.nist.gov/vuln/detail/CVE-2022-25881
openssh	CVE-2023-38408	https://nvd.nist.gov/vuln/detail/CVE-2023-38408
openssl-1_1	CVE-2023-2650	https://nvd.nist.gov/vuln/detail/CVE-2023-2650
postgresql13	CVE-2023-2454, CVE-2023-2455	See NVD link below for individual scores for each CVE https://nvd.nist.gov
postgresql15	CVE-2023-2454, CVE-2023-2455	See NVD link below for individual scores for each CVE https://nvd.nist.gov
shadow	CVE-2023-29383	https://nvd.nist.gov/vuln/detail/CVE-2023-29383
sqlite3	CVE-2022-46908	https://nvd.nist.gov/vuln/detail/CVE-2022-46908

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product	Software/Firmware	Affected Versions	Updated Version	Link to Update
Cloud Tiering Appliance	CTA and CTA-HA	Versions prior to 13.2.0.2.24	Version 13.2.0.2.24	https://www.dell.com/support/home/product-support/product/cloud-tiering-appliance/drivers
Cloud Tiering Appliance	CTA/VE and CTA-HA/VE	Versions prior to 13.2.0.2.24	Version 13.2.0.2.24	https://www.dell.com/support/home/product-support/product/cloud-tiering-applianceve/drivers

Product	Software/Firmware	Affected Versions	Updated Version	Link to Update
Cloud Tiering Appliance	CTA and CTA-HA	Versions prior to 13.2.0.2.24	Version 13.2.0.2.24	https://www.dell.com/support/home/product-support/product/cloud-tiering-appliance/drivers
Cloud Tiering Appliance	CTA/VE and CTA-HA/VE	Versions prior to 13.2.0.2.24	Version 13.2.0.2.24	https://www.dell.com/support/home/product-support/product/cloud-tiering-applianceve/drivers

Revision History

Revision	Date	Description
1.0	2023-08-22	Initial Release
2.0	2024-02-26	Updated for enhancement with no change to content

Related Information

Legal Information

Article Properties

Affected Product

Cloud Tiering Appliance, Cloud Tiering Appliance, Cloud Tiering Appliance Platform, Cloud Tiering Appliance/VE

DSA-2023-309: Security Update for Dell Cloud Tiering Appliance for Multiple Third-Party Components Vulnerabilities

Summary: Dell Cloud Tiering Appliance remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Details

Affected Products and Remediation

Revision History

Related Information

Legal Information

Article Properties

Affected Product

Last Published Date

Version

Article Type

Welcome

Welcome to Dell

DSA-2023-309: Security Update for Dell Cloud Tiering Appliance for Multiple Third-Party Components Vulnerabilities

Summary: Dell Cloud Tiering Appliance remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Details

Affected Products and Remediation

Revision History

Related Information

Legal Information

Article Properties

Affected Product

Last Published Date

Version

Article Type