DSA-2024-119: Dell ObjectScale 1.4.0 security update for multiple third-party vulnerabilities.
Resumen: Dell ObjectScale 1.4.0 remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected systems.
Este artículo se aplica a
Este artículo no se aplica a
Este artículo no está vinculado a ningún producto específico.
No se identifican todas las versiones del producto en este artículo.
Impacto
Critical
Detalles
| Third-Party Component | CVEs | More Information |
|---|---|---|
| avahi | CVE-2023-38470, CVE-2023-38473, CVE-2023-38472 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/  |
| binutils | CVE-2023-2828, CVE-2023-2911, CVE-2023-3341, CVE-2022-35205, CVE-2022-35206, CVE-2023-1972, CVE-2022-48065, CVE-2022-48063, CVE-2022-47696, CVE-2022-47695, CVE-2022-47673, CVE-2022-44840, CVE-2022-45703, CVE-2023-25588, CVE-2023-25585, CVE-2021-32256, CVE-2022-4285, CVE-2023-1579, CVE-2022-48064, CVE-2020-19726. | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| cares | CVE-2023-31124, CVE-2023-31130, CVE-2023-31147, CVE-2023-32067 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| ch.qos.logback_logback-core | CVE-2023-6378 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| com.fasterxml.jackson.core_jackson-databind | CVE-2023-35116 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| com.google.guava_guava | CVE-2023-2976, CVE-2020-8908 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| com.squareup.okio_okio | CVE-2023-3635 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| curl | CVE-2022-43551, CVE-2022-43552, CVE-2023-23914, CVE-2023-23915, CVE-2023-23916, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538, CVE-2023-38039, CVE-2023-38546, CVE-2022-32206 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| dbus | CVE-2023-34969 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| dmidecode | CVE-2023-30630 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| expat | CVE-2022-43680 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| freetype | CVE-2023-2004 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| gawk | CVE-2023-4156 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| github.com/ecies/go/v2 | CVE-2023-49292 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| github.com/prometheus/alertmanager | CVE-2023-40577 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| github.com/prometheus/client_golang | CVE-2022-21698 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| github.com/rancher/wrangler | CVE-2022-43756, CVE-2022-31249 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| github.com/russellhaering/goxmldsig | CVE-2020-7731 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| glib2 | CVE-2023-24593, CVE-2023-25180 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| glibc | CVE-2023-0687, CVE-2023-4813 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| gnupg2 | CVE-2022-34903 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| gnutls | CVE-2023-0361, CVE-2022-2509 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| go | CVE-2023-39319, CVE-2023-39318, CVE-2023-39323, CVE-2023-24539, CVE-2022-41716, CVE-2022-28327, CVE-2022-30629, CVE-2022-30631, CVE-2023-24536, CVE-2023-29409, CVE-2022-41725, CVE-2022-24675, CVE-2022-32189, CVE-2023-29404, CVE-2022-30633, CVE-2022-2879, CVE-2022-30580, CVE-2022-1705, CVE-2023-24538, CVE-2023-24532, CVE-2022-30630, CVE-2022-32148, CVE-2023-29400, CVE-2022-2880, CVE-2023-29406, CVE-2022-28131, CVE-2023-29405, CVE-2022-41724, CVE-2022-30632, CVE-2022-30635, CVE-2023-39533, CVE-2023-29403, CVE-2022-1962, CVE-2023-24534, CVE-2023-29402, CVE-2023-24540, CVE-2022-41715, CVE-2023-24537, CVE-2022-29804, CVE-2022-30634, CVE-2023-46324, CVE-2023-45287, CVE-2022-41722, CVE-2022-41720, CVE-2023-39321, CVE-2023-39322, CVE-2023-39320 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc | CVE-2023-47108 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp | CVE-2023-45142 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| golang.org/x/crypto | CVE-2022-27191, CVE-2021-43565 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| golang.org/x/net | CVE-2023-44487, CVE-2022-41723, CVE-2022-27664, CVE-2021-33194 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| golang.org/x/net/http2 | CVE-2022-41717, CVE-2021-44716 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| golang.org/x/sys/unix | CVE-2022-29526 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| golang.org/x/text | CVE-2022-32149, CVE-2021-38561 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| gopkg.in/yaml.v3 | CVE-2022-28948 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Grafana | CVE-2023-3128, CVE-2023-2183, CVE-2023-2801, CVE-2023-22462, CVE-2022-32275 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| grub2 | CVE-2023-4692, CVE-2023-4693 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| helm.sh/helm/v3 | CVE-2023-25165 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| io.netty_netty-all | CVE-2023-34462 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| k8s.io/client-go/transport | CVE-2019-11250 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| k8s.io/kubernetes | CVE-2023-5528 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| kernel-default | CVE-2022-36280, CVE-2022-38096, CVE-2023-0045, CVE-2023-0461, CVE-2023-0597, CVE-2023-22995, CVE-2023-23559, CVE-2023-26545, CVE-2022-3523, CVE-2023-1075, CVE-2023-1076, CVE-2023-1078, CVE-2023-1095, CVE-2023-1118, CVE-2023-22998, CVE-2023-23000, CVE-2023-23004, CVE-2023-25012, CVE-2023-28328, CVE-2017-5753, CVE-2022-4744, CVE-2023-0394, CVE-2023-1281, CVE-2023-1513, CVE-2023-1582, CVE-2023-1611, CVE-2023-1637, CVE-2023-1652, CVE-2023-1838, CVE-2023-23001, CVE-2023-28327, CVE-2023-28464, CVE-2023-28466, CVE-2022-2196, CVE-2023-0386, CVE-2023-1670, CVE-2023-1855, CVE-2023-1989, CVE-2023-1990, CVE-2023-1998, CVE-2023-2008, CVE-2023-2019, CVE-2023-2176, CVE-2023-2235, CVE-2023-23006, CVE-2023-30772, CVE-2022-4269, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2023-1079, CVE-2023-1380, CVE-2023-1382, CVE-2023-2002, CVE-2023-2124, CVE-2023-2156, CVE-2023-2162, CVE-2023-2269, CVE-2023-2483, CVE-2023-2513, CVE-2023-28410, CVE-2023-3006, CVE-2023-30456, CVE-2023-31084, CVE-2023-31436, CVE-2023-32233, CVE-2023-33288, CVE-2023-1077, CVE-2023-1249, CVE-2023-1829, CVE-2023-21102, CVE-2023-3090, CVE-2023-3111, CVE-2023-3141, CVE-2023-3161, CVE-2023-3212, CVE-2023-3357, CVE-2023-3358, CVE-2023-3389, CVE-2023-35788, CVE-2023-35823, CVE-2023-35828, CVE-2023-35829, CVE-2023-20593, CVE-2023-2985, CVE-2023-3117, CVE-2023-31248, CVE-2023-3390, CVE-2023-35001, CVE-2023-3812, CVE-2022-40982, CVE-2023-0459, CVE-2023-20569, CVE-2023-21400, CVE-2023-2166, CVE-2023-31083, CVE-2023-3268, CVE-2023-3567, CVE-2023-3609, CVE-2023-3611, CVE-2023-3776, CVE-2023-4004, CVE-2023-2007, CVE-2023-20588, CVE-2023-34319, CVE-2023-3610, CVE-2023-37453, CVE-2023-3772, CVE-2023-3863, CVE-2023-4128, CVE-2023-4133, CVE-2023-4134, CVE-2023-4147, CVE-2023-4194, CVE-2023-4273, CVE-2023-4387, CVE-2023-4459, CVE-2023-4569, CVE-2023-1192, CVE-2023-1206, CVE-2023-1859, CVE-2023-2177, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-4155, CVE-2023-42753, CVE-2023-42754, CVE-2023-4389, CVE-2023-4563, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921, CVE-2023-5345, CVE-2023-2006, CVE-2023-25775, CVE-2023-39197, CVE-2023-39198, CVE-2023-4244, CVE-2023-45863, CVE-2023-45871, CVE-2023-46862, CVE-2023-5158, CVE-2023-5717, CVE-2023-6039, CVE-2023-6176, CVE-2023-2163, CVE-2023-31085, CVE-2023-34324, CVE-2023-3777, CVE-2023-39189, CVE-2023-5178 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| krb5 | CVE-2022-42898, CVE-2023-36054 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| less | CVE-2022-46663 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libcap2 | CVE-2023-2602, CVE-2023-2603 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libcom_err | CVE-2022-1304 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libcurl | CVE-2022-35252, CVE-2022-32208 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libeconf0 | CVE-2023-22652, CVE-2023-30079, CVE-2023-30078, CVE-2023-32181 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libfastjson4 | CVE-2020-12762 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libgcc | CVE-2023-4039 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libgnutls | CVE-2023-5981 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libksba8 | CVE-2022-47629 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libldap | CVE-2023-2953 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libncurses | CVE-2023-29491, CVE-2023-50495 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libnghttp2-14 | CVE-2023-35945 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libopenssl | CVE-2023-5678 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libpcre2 | CVE-2022-41409 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libprocps7 | CVE-2023-4016 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libruby | CVE-2021-33621, CVE-2021-41817, CVE-2023-28755, CVE-2023-28756 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libsqlite3 | CVE-2022-46908, CVE-2023-2137 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libssh2 | CVE-2020-22218 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libsystemd0 | CVE-2022-3821 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libtasn1 | CVE-2021-46848 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libxml2 | CVE-2023-28484, CVE-2023-29469, CVE-2023-39615, CVE-2016-3709, CVE-2022-40304, CVE-2022-40303 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libyajl | CVE-2023-33460 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libzstd1 | CVE-2022-4899 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| login_defs | CVE-2023-29383, CVE-2023-4641 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| openssh | CVE-2023-48795, CVE-2022-1292, CVE-2022-2068, CVE-2022-4304, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-3446, CVE-2023-3817 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| openssl-libs | CVE-2022-4450, CVE-2022-2097 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| openssh | CVE-2023-38408 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| org.apache.commons_commons-compress | CVE-2023-42503 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| org.apache.logging.log4j_log4j | CVE-2020-9488 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| org.apache.santuario_xmlsec | CVE-2023-44483 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| org.bitbucket.b_c_jose4j | CVE-2023-31582 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| org.json_json | CVE-2023-5072, CVE-2022-45688 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| org.xerial.snappy_snappy-java | CVE-2023-43642 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| perl-base | CVE-2023-31484 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| pip | CVE-2023-5752 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| python | CVE-2023-27043, CVE-2023-40217, CVE-2023-43804, CVE-2023-24329, CVE-2022-45061, CVE-2023-34049, CVE-2023-45803, CVE-2022-40897, CVE-2023-45322 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Python3-certifi | CVE-2022-23491 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| python3-cryptography | CVE-2023-23931, CVE-2023-49083 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| python3-py | CVE-2022-42969 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| python3-request | CVE-2023-32681 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| runc | CVE-2023-25809, CVE-2023-27561, CVE-2023-28642, CVE-2022-1996 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| snappy-java | CVE-2023-34455, CVE-2023-34454, CVE-2023-34453 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| spring-security-core | CVE-2023-34035, CVE-2023-34034 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| sqlite | CVE-2020-35525, CVE-2020-35527 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| sudo | CVE-2023-27320, CVE-2023-28486, CVE-2023-28487 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| systemd | CVE-2023-26604, CVE-2022-4415 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| tar | CVE-2022-48303, CVE-2023-39804 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Vim | CVE-2023-4781, CVE-2023-4752, CVE-2023-4750, CVE-2023-4733, CVE-2023-4738, CVE-2023-4735, CVE-2023-4734, CVE-2023-2609, CVE-2023-2426, CVE-2023-2610, CVE-2023-5535, CVE-2023-1127, CVE-2023-1264, CVE-2023-1355 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| xen-libs | CVE-2023-34322, CVE-2023-34325, CVE-2023-34326, CVE-2023-34327, CVE-2023-34328, CVE-2023-46835, CVE-2023-46836 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| zlib | CVE-2023-45853, CVE-2022-37434 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
Corrección y productos afectados
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Dell Object Scale | Versions prior to 1.4.0 | Version 1.4.0 |
https://www.dell.com/support/home/product-support/product/objectscale/drivers |
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Dell Object Scale | Versions prior to 1.4.0 | Version 1.4.0 |
https://www.dell.com/support/home/product-support/product/objectscale/drivers |
Dell Technologies recommends all customers have their ObjectScale systems upgraded at their earliest opportunity by referring to the Upgrade section from the admin guide available at: https://www.dell.com/support/home/product-support/product/objectscale/docs
Soluciones alternativas y mitigaciones
None
Historial de revisiones
| Revision | Date | Description |
| 1.0 | 2024-04-24 | Initial Release |
| 2.0 | 2024-04-24 | Updated for enhanced presentation with no changes to content |
Información relacionada
Descargo de responsabilidad
Productos afectados
ObjectScalePropiedades del artículo
Número del artículo: 000224456
Tipo de artículo: Dell Security Advisory
Última modificación: 24 abr 2024
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.