DSA-2023-198: Dell ECS Security Update for Multiple Vulnerabilities.

Resumen: Dell ECS 3.7.0.6 remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Este artículo se aplica a Este artículo no se aplica a Este artículo no está vinculado a ningún producto específico. No se identifican todas las versiones del producto en este artículo.
Consulte estos recursos

Impacto

Medium

Detalles

Third Party Component CVE ID Details
apache2 CVE-2006-20001 https://suse.com/security/cve/CVE-2006-20001 This hyperlink is taking you to a website outside of Dell Technologies.
apache2 CVE-2022-36760 https://suse.com/security/cve/CVE-2022-36760 This hyperlink is taking you to a website outside of Dell Technologies.
apache2 CVE-2022-37436 https://suse.com/security/cve/CVE-2022-37436 This hyperlink is taking you to a website outside of Dell Technologies.
git CVE-2023-22490 https://suse.com/security/cve/CVE-2023-22490 This hyperlink is taking you to a website outside of Dell Technologies.
git CVE-2023-23946 https://suse.com/security/cve/CVE-2023-23946 This hyperlink is taking you to a website outside of Dell Technologies.
glib2 CVE-2021-28153 https://suse.com/security/cve/CVE-2021-28153 This hyperlink is taking you to a website outside of Dell Technologies.
glibc CVE-2015-8985 https://suse.com/security/cve/CVE-2015-8985 This hyperlink is taking you to a website outside of Dell Technologies.
libapr-util1 CVE-2022-25147 https://suse.com/security/cve/CVE-2022-25147 This hyperlink is taking you to a website outside of Dell Technologies.
libksba CVE-2022-47629 https://suse.com/security/cve/CVE-2022-47629 This hyperlink is taking you to a website outside of Dell Technologies.
libxslt CVE-2021-30560 https://suse.com/security/cve/CVE-2021-30560 This hyperlink is taking you to a website outside of Dell Technologies.
multipath-tools CVE-2022-41974 https://suse.com/security/cve/CVE-2022-41974 This hyperlink is taking you to a website outside of Dell Technologies.
openssl-1_0_0 CVE-2022-4304 https://suse.com/security/cve/CVE-2022-4304 This hyperlink is taking you to a website outside of Dell Technologies.
openssl-1_0_0 CVE-2023-0215 https://suse.com/security/cve/CVE-2023-0215 This hyperlink is taking you to a website outside of Dell Technologies.
openssl-1_0_0 CVE-2023-0286 https://suse.com/security/cve/CVE-2023-0286 This hyperlink is taking you to a website outside of Dell Technologies.
python3 CVE-2020-10735 https://suse.com/security/cve/CVE-2020-10735 This hyperlink is taking you to a website outside of Dell Technologies.
python3 CVE-2022-40899 https://suse.com/security/cve/CVE-2022-40899 This hyperlink is taking you to a website outside of Dell Technologies.
python3 CVE-2022-45061 https://suse.com/security/cve/CVE-2022-45061 This hyperlink is taking you to a website outside of Dell Technologies.
python-py CVE-2022-42969 https://suse.com/security/cve/CVE-2022-42969 This hyperlink is taking you to a website outside of Dell Technologies.
sudo CVE-2022-43995 https://suse.com/security/cve/CVE-2022-43995 This hyperlink is taking you to a website outside of Dell Technologies.
sudo CVE-2023-22809 https://suse.com/security/cve/CVE-2023-22809 This hyperlink is taking you to a website outside of Dell Technologies.
Third Party Component CVE ID Details
apache2 CVE-2006-20001 https://suse.com/security/cve/CVE-2006-20001 This hyperlink is taking you to a website outside of Dell Technologies.
apache2 CVE-2022-36760 https://suse.com/security/cve/CVE-2022-36760 This hyperlink is taking you to a website outside of Dell Technologies.
apache2 CVE-2022-37436 https://suse.com/security/cve/CVE-2022-37436 This hyperlink is taking you to a website outside of Dell Technologies.
git CVE-2023-22490 https://suse.com/security/cve/CVE-2023-22490 This hyperlink is taking you to a website outside of Dell Technologies.
git CVE-2023-23946 https://suse.com/security/cve/CVE-2023-23946 This hyperlink is taking you to a website outside of Dell Technologies.
glib2 CVE-2021-28153 https://suse.com/security/cve/CVE-2021-28153 This hyperlink is taking you to a website outside of Dell Technologies.
glibc CVE-2015-8985 https://suse.com/security/cve/CVE-2015-8985 This hyperlink is taking you to a website outside of Dell Technologies.
libapr-util1 CVE-2022-25147 https://suse.com/security/cve/CVE-2022-25147 This hyperlink is taking you to a website outside of Dell Technologies.
libksba CVE-2022-47629 https://suse.com/security/cve/CVE-2022-47629 This hyperlink is taking you to a website outside of Dell Technologies.
libxslt CVE-2021-30560 https://suse.com/security/cve/CVE-2021-30560 This hyperlink is taking you to a website outside of Dell Technologies.
multipath-tools CVE-2022-41974 https://suse.com/security/cve/CVE-2022-41974 This hyperlink is taking you to a website outside of Dell Technologies.
openssl-1_0_0 CVE-2022-4304 https://suse.com/security/cve/CVE-2022-4304 This hyperlink is taking you to a website outside of Dell Technologies.
openssl-1_0_0 CVE-2023-0215 https://suse.com/security/cve/CVE-2023-0215 This hyperlink is taking you to a website outside of Dell Technologies.
openssl-1_0_0 CVE-2023-0286 https://suse.com/security/cve/CVE-2023-0286 This hyperlink is taking you to a website outside of Dell Technologies.
python3 CVE-2020-10735 https://suse.com/security/cve/CVE-2020-10735 This hyperlink is taking you to a website outside of Dell Technologies.
python3 CVE-2022-40899 https://suse.com/security/cve/CVE-2022-40899 This hyperlink is taking you to a website outside of Dell Technologies.
python3 CVE-2022-45061 https://suse.com/security/cve/CVE-2022-45061 This hyperlink is taking you to a website outside of Dell Technologies.
python-py CVE-2022-42969 https://suse.com/security/cve/CVE-2022-42969 This hyperlink is taking you to a website outside of Dell Technologies.
sudo CVE-2022-43995 https://suse.com/security/cve/CVE-2022-43995 This hyperlink is taking you to a website outside of Dell Technologies.
sudo CVE-2023-22809 https://suse.com/security/cve/CVE-2023-22809 This hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recomienda que todos los clientes tengan en cuenta tanto la puntuación base como cualquier otra puntuación ambiental y temporal relevante que pueda afectar la posible gravedad asociada con la vulnerabilidad de seguridad en particular.

Corrección y productos afectados

Product Affected Version(s) Updated Version(s) Link to Update
Dell ECS Version<= 3.7.0.5 ECS 3.7.0.6 Dell recommends all customers have their ECS systems upgraded at the earliest opportunity by opening a “Operating Environment Upgrade” Service Request.
Product Affected Version(s) Updated Version(s) Link to Update
Dell ECS Version<= 3.7.0.5 ECS 3.7.0.6 Dell recommends all customers have their ECS systems upgraded at the earliest opportunity by opening a “Operating Environment Upgrade” Service Request.
Note: Some CVEs fixed in ECS 3.7.0.6 are planned to be addressed in a future release of ECS 3.8.0.x. For the latest list of CVEs fixed in ECS 3.8.0.2, please see DSA-2023-109

Historial de revisiones

RevisionDateDescription
1.02023-05-31Initial Release

Información relacionada

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Descargo de responsabilidad

Productos afectados

ECS, ECS Appliance Hardware Gen3 EX5000, ECS Appliance, ECS Appliance Hardware Gen3 EXF900, ECS Appliance Software with Encryption, ECS Appliance Software without Encryption, ECS Software, Product Security Information
Propiedades del artículo
Número del artículo: 000214424
Tipo de artículo: Dell Security Advisory
Última modificación: 31 may 2023
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.