Article Number: 000220577
DSA-2023-460: Security Update for Dell Streaming Data Platform for Multiple Third-Party Component Vulnerabilities.
Summary: Dell Streaming Data Platform remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Article Content
Impact
Critical
Details
| Third-party Component | CVEs | More Information | ||
|---|---|---|---|---|
| bind9 | CVE-2022-3924, CVE-2022-38178, CVE-2022-38177, CVE-2022-3736, CVE-2022-2881, CVE-2022-3080, CVE-2022-3094, CVE-2023-2828, CVE-2023-2911, CVE-2022-2795 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/  |
||
| fasterXML jackson-databind | CVE-2017-17485, CVE-2017-7525, CVE-2018-7489, CVE-2020-10650, CVE-2020-35490, CVE-2020-35491, CVE-2020-10673, CVE-2020-25649 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| xstream | CVE-2022-41966, CVE-2022-40152, CVE-2022-40151 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| commons IO | CVE-2021-29425 | https://nvd.nist.gov/vuln/detail/CVE-2021-29425 |
||
| cryptography | CVE-2023-38325 | https://nvd.nist.gov/vuln/detail/CVE-2023-38325 |
||
| D-bus | CVE-2023-34969 | https://nvd.nist.gov/vuln/detail/CVE-2023-34969 |
||
| decode-uri-component | CVE-2022-38900, CVE-2022-38778, | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| derby | CVE-2018-1313 | https://nvd.nist.gov/vuln/detail/CVE-2018-1313 |
||
| git-core | CVE-2023-29007, CVE-2023-25815, CVE-2023-25652 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| cloudflare | CVE-2023-1732 | https://nvd.nist.gov/vuln/detail/CVE-2023-1732 |
||
| saml | CVE-2023-28119, CVE-2022-41912 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| prometheus Exporter Toolkit | CVE-2022-46146 | https://nvd.nist.gov/vuln/detail/CVE-2022-46146 |
||
| goxmldsig | CVE-2020-7711 | https://nvd.nist.gov/vuln/detail/CVE-2020-7711 |
||
| rekor | CVE-2023-30551, CVE-2023-33199 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| glob-parent | CVE-2021-35065 | https://nvd.nist.gov/vuln/detail/CVE-2021-35065 |
||
| go | CVE-2022-32190 | https://nvd.nist.gov/vuln/detail/CVE-2022-32190 |
||
| crypto | CVE-2020-9283 | https://nvd.nist.gov/vuln/detail/CVE-2020-9283 |
||
| http-cache-semantics | CVE-2022-25881 | https://nvd.nist.gov/vuln/detail/CVE-2022-25881 |
||
| fabric8_kubernetes-client | CVE-2021-20218 | https://nvd.nist.gov/vuln/detail/CVE-2021-20218 |
||
| Netty | CVE-2019-16869, CVE-2019-20444, CVE-2019-20445, CVE-2022-41881, CVE-2021-37136, CVE-2021-37137, CVE-2021-21290, CVE-2021-21295, CVE-2021-21409, CVE-2021-43797, CVE-2022-24823, CVE-2023-34462, CVE-2021-37136, CVE-2021-37137, CVE-2021-21290, CVE-2021-21295, CVE-2021-21409, CVE-2021-43797 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| Netty | CVE-2022-41881 | https://nvd.nist.gov/vuln/detail/CVE-2022-41881 |
||
| Nettty-codec-http3 | CVE-2021-21409 | https://nvd.nist.gov/vuln/detail/CVE-2021-21409 |
||
| Quarkus | CVE-2022-4147, CVE-2023-0044, CVE-2022-4116 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| java | CVE-2023-21830, CVE-2023-21835 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| java-11-openjdk | CVE-2023-21930, CVE-2023-25193, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-22041, | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| java-11-openjdk-headless | CVE-2023-21930, CVE-2023-25193, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-22041 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| json5 | CVE-2022-46175 | https://nvd.nist.gov/vuln/detail/CVE-2022-46175 |
||
| Kubernetes | CVE-2020-8565, CVE-2019-11255 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| kotlin-stdlib | CVE-2020-29582, CVE-2022-24329 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| Apparmor | CVE-2016-1585 | https://nvd.nist.gov/vuln/detail/CVE-2016-1585 |
||
| avahi | CVE-2023-1981, CVE-2023-38469, CVE-2023-38471, CVE-2023-38470, CVE-2023-38472, CVE-2023-38473 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| FFmpeg | CVE-2022-48434, CVE-2022-3964, CVE-2022-3109, CVE-2022-3341 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| glibc | CVE-2020-1751 | https://nvd.nist.gov/vuln/detail/CVE-2020-1751 |
||
| libcap-progs | CVE-2023-2603 | https://nvd.nist.gov/vuln/detail/CVE-2023-2603 |
||
| libcares2 | CVE-2023-32067, CVE-2023-31147, CVE-2023-31130 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| libc-bin | CVE-2021-3999 | https://nvd.nist.gov/vuln/detail/CVE-2021-3999 | ||
| libcups3 | CVE-2023-34241 | https://nvd.nist.gov/vuln/detail/CVE-2023-34241 | ||
| curl | CVE-2023-23914, CVE-2022-43551, CVE-2022-42916, CVE-2022-32221, CVE-2023-23916, CVE-2023-23915, CVE-2022-43552, CVE-2023-28319, CVE-2023-28321, CVE-2023-28320 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| libcurl | CVE-2023-23914, CVE-2022-43551, CVE-2022-42916, CVE-2023-23915 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| libdbus-1-3 | CVE-2023-34969 | https://nvd.nist.gov/vuln/detail/CVE-2023-34969 |
||
| libexpat2 | CVE-2022-40674 | https://nvd.nist.gov/vuln/detail/CVE-2022-40674 |
||
| libglib2.0-1 | CVE-2023-32643, CVE-2023-32636, CVE-2023-32611, CVE-2023-29499 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| libgnutls31 | CVE-2022-2509 | https://nvd.nist.gov/vuln/detail/CVE-2022-2509 |
||
| GNU Compiler Collection (GCC) | CVE-2018-12886 | https://nvd.nist.gov/vuln/detail/CVE-2018-12886 |
||
| libjpeg-turbo | CVE-2023-2804 | https://nvd.nist.gov/vuln/detail/CVE-2023-2804 |
||
| krb5 | CVE-2022-42898 | https://nvd.nist.gov/vuln/detail/CVE-2022-42898 |
||
| libllvm16 | CVE-2023-29932, CVE-2023-29934, CVE-2023-29933 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| libncurses | CVE-2022-29458 | https://nvd.nist.gov/vuln/detail/CVE-2022-29458 |
||
| libncursesw6 | CVE-2023-29491 | https://nvd.nist.gov/vuln/detail/CVE-2023-29491 |
||
| libopenssl1_1 | CVE-2023-0465 | https://nvd.nist.gov/vuln/detail/CVE-2023-0465 |
||
| libpcre2-8-1 | CVE-2022-1587 | https://nvd.nist.gov/vuln/detail/CVE-2022-1587 |
||
| libprocps8,procps | CVE-2023-4016 | https://nvd.nist.gov/vuln/detail/CVE-2023-4016 |
||
| librsvg | CVE-2023-38633 | https://nvd.nist.gov/vuln/detail/CVE-2023-38633 |
||
| openssl | CVE-2023-0464, CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2023-0466, CVE-2023-0465, CVE-2022-4304, CVE-2022-2097, CVE-2023-3446, CVE-2023-2650, CVE-2023-0464, CVE-2023-0466, CVE-2023-0465, CVE-2023-2975, CVE-2023-3446, CVE-2023-0464, CVE-2023-1255, CVE-2023-2975, CVE-2023-3446, CVE-2023-0466, CVE-2023-0465, CVE-2023-2650, CVE-2023-0464, CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2023-0466, CVE-2023-0465, CVE-2022-4304, CVE-2022-2097, CVE-2023-0465 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| systemd | CVE-2022-3821 | https://nvd.nist.gov/vuln/detail/CVE-2022-3821 |
||
| libtirpc | CVE-2021-46828 | https://nvd.nist.gov/vuln/detail/CVE-2021-46828 |
||
| libwebp7 | CVE-2023-1999 | https://nvd.nist.gov/vuln/detail/CVE-2023-1999 |
||
| libX11-6 | CVE-2023-3138 | https://nvd.nist.gov/vuln/detail/CVE-2023-3138 |
||
| libxml3 | CVE-2022-40303, CVE-2023-29469, CVE-2023-28484 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| libxml2-2 | CVE-2023-29469, CVE-2023-28484 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| log4j | CVE-2023-26464, CVE-2019-17571, CVE-2020-9493, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307, CVE-2021-4104 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| ncurses | CVE-2022-29458 | https://nvd.nist.gov/vuln/detail/CVE-2022-29458 |
||
| ncurses-utils | CVE-2023-29491 | https://nvd.nist.gov/vuln/detail/CVE-2023-29491 |
||
| node-jose | CVE-2023-25653 | https://nvd.nist.gov/vuln/detail/CVE-2023-25653 |
||
| nodejs18 | CVE-2023-32067, CVE-2022-25881, CVE-2023-30581, CVE-2023-31147, CVE-2023-31130, CVE-2023-30589, CVE-2023-30590, CVE-2023-30588, CVE-2023-30585 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| npm18 | CVE-2023-32067, CVE-2022-25881, CVE-2023-30581, CVE-2023-31147, CVE-2023-31130, CVE-2023-30589, CVE-2023-30590, CVE-2023-30588, CVE-2023-30585 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| apache bookkeeper | CVE-2022-32531 | https://nvd.nist.gov/vuln/detail/CVE-2022-32531 |
||
| apache aalcite | CVE-2022-39135, CVE-2020-13955 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| apache hadoop | CVE-2016-6811, CVE-2017-7669, CVE-2020-9492, CVE-2021-37404, CVE-2022-26612 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| apache hadoop-hdfs | CVE-2016-6811, CVE-2017-15718, CVE-2017-3166, CVE-2018-1296, CVE-2018-8029, CVE-2020-9492, CVE-2021-33036, CVE-2022-25168, CVE-2017-15713 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| apache hadoop | CVE-2021-33036 | https://nvd.nist.gov/vuln/detail/CVE-2021-33036 | ||
| apache commons HttpClient | CVE-2012-6153, CVE-2011-1498, CVE-2014-3577, CVE-2015-5262 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| apache james mime4j | CVE-2022-45787 | https://nvd.nist.gov/vuln/detail/CVE-2022-45787 |
||
| apache spark | CVE-2018-17190 | https://nvd.nist.gov/vuln/detail/CVE-2018-17190 |
||
| apache sshd | CVE-2022-45047 | https://nvd.nist.gov/vuln/detail/CVE-2022-45047 |
||
| apache zookeeper | CVE-2016-5017, CVE-2017-5637, CVE-2018-8012, CVE-2019-0201 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| jetty | CVE-2021-28169, CVE-2021-34429 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| jsoup | CVE-2022-36033 | https://nvd.nist.gov/vuln/detail/CVE-2022-36033 |
||
| keycloak-core | CVE-2022-1245, CVE-2021-3754, CVE-2021-20323, CVE-2021-3827, CVE-2022-0225, CVE-2022-1466 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| keycloak-server | CVE-2023-2585 | https://access.redhat.com/security/cve/cve-2023-2585 |
||
| keycloak | CVE-2023-0264, CVE-2023-2422, CVE-2022-4361, CVE-2022-1274, CVE-2022-1438, CVE-2023-2585 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
|
||
| postgresql | CVE-2022-41946 | https://nvd.nist.gov/vuln/detail/CVE-2022-41946 |
||
| wildfly-elytron | CVE-2022-3143 | https://nvd.nist.gov/vuln/detail/CVE-2022-3143 |
||
| snakeYaml | CVE-2017-18640 | https://nvd.nist.gov/vuln/detail/CVE-2017-18640 |
||
| pyspark | CVE-2023-32007, CVE-2021-38296, CVE-2022-33891, CVE-2020-27218 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| python | CVE-2022-42919, CVE-2018-25032, CVE-2020-10735, CVE-2015-20107, CVE-2023-27043, CVE-2023-24329, CVE-2023-32681 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| qs | CVE-2022-24999 | https://nvd.nist.gov/vuln/detail/CVE-2022-24999 |
||
| busybox | CVE-2022-30065 | https://nvd.nist.gov/vuln/detail/CVE-2022-30065 |
||
| xerces_xercesImpl | CVE-2012-0881, CVE-2013-4002, CVE-2009-2625 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
||
| zlib | CVE-2022-37434 | https://nvd.nist.gov/vuln/detail/CVE-2022-37434 |
Affected Products and Remediation
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Dell Streaming Data Platform | Versions 1.1.x through 1.8.x | 1.9.0 | https://www.dell.com/support/home/product-support/product/streaming-data-platform/drivers |
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Dell Streaming Data Platform | Versions 1.1.x through 1.8.x | 1.9.0 | https://www.dell.com/support/home/product-support/product/streaming-data-platform/drivers |
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Revision History
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-12-19 | Initial Release |
Related Information
Legal Information
Article Properties
Affected Product
Streaming Data Platform Family, Streaming Data Platform
Last Published Date
20 Dec 2023
Version
3
Article Type
Dell Security Advisory