DSA-2023-198: Dell ECS Security Update for Multiple Vulnerabilities.

Résumé: Dell ECS 3.7.0.6 remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Cet article concerne Cet article ne concerne pas Cet article n’est associé à aucun produit spécifique. Toutes les versions du produit ne sont pas identifiées dans cet article.
Consulter d’autres ressources

Impact

Medium

Détails

Third Party Component CVE ID Details
apache2 CVE-2006-20001 https://suse.com/security/cve/CVE-2006-20001 This hyperlink is taking you to a website outside of Dell Technologies.
apache2 CVE-2022-36760 https://suse.com/security/cve/CVE-2022-36760 This hyperlink is taking you to a website outside of Dell Technologies.
apache2 CVE-2022-37436 https://suse.com/security/cve/CVE-2022-37436 This hyperlink is taking you to a website outside of Dell Technologies.
git CVE-2023-22490 https://suse.com/security/cve/CVE-2023-22490 This hyperlink is taking you to a website outside of Dell Technologies.
git CVE-2023-23946 https://suse.com/security/cve/CVE-2023-23946 This hyperlink is taking you to a website outside of Dell Technologies.
glib2 CVE-2021-28153 https://suse.com/security/cve/CVE-2021-28153 This hyperlink is taking you to a website outside of Dell Technologies.
glibc CVE-2015-8985 https://suse.com/security/cve/CVE-2015-8985 This hyperlink is taking you to a website outside of Dell Technologies.
libapr-util1 CVE-2022-25147 https://suse.com/security/cve/CVE-2022-25147 This hyperlink is taking you to a website outside of Dell Technologies.
libksba CVE-2022-47629 https://suse.com/security/cve/CVE-2022-47629 This hyperlink is taking you to a website outside of Dell Technologies.
libxslt CVE-2021-30560 https://suse.com/security/cve/CVE-2021-30560 This hyperlink is taking you to a website outside of Dell Technologies.
multipath-tools CVE-2022-41974 https://suse.com/security/cve/CVE-2022-41974 This hyperlink is taking you to a website outside of Dell Technologies.
openssl-1_0_0 CVE-2022-4304 https://suse.com/security/cve/CVE-2022-4304 This hyperlink is taking you to a website outside of Dell Technologies.
openssl-1_0_0 CVE-2023-0215 https://suse.com/security/cve/CVE-2023-0215 This hyperlink is taking you to a website outside of Dell Technologies.
openssl-1_0_0 CVE-2023-0286 https://suse.com/security/cve/CVE-2023-0286 This hyperlink is taking you to a website outside of Dell Technologies.
python3 CVE-2020-10735 https://suse.com/security/cve/CVE-2020-10735 This hyperlink is taking you to a website outside of Dell Technologies.
python3 CVE-2022-40899 https://suse.com/security/cve/CVE-2022-40899 This hyperlink is taking you to a website outside of Dell Technologies.
python3 CVE-2022-45061 https://suse.com/security/cve/CVE-2022-45061 This hyperlink is taking you to a website outside of Dell Technologies.
python-py CVE-2022-42969 https://suse.com/security/cve/CVE-2022-42969 This hyperlink is taking you to a website outside of Dell Technologies.
sudo CVE-2022-43995 https://suse.com/security/cve/CVE-2022-43995 This hyperlink is taking you to a website outside of Dell Technologies.
sudo CVE-2023-22809 https://suse.com/security/cve/CVE-2023-22809 This hyperlink is taking you to a website outside of Dell Technologies.
Third Party Component CVE ID Details
apache2 CVE-2006-20001 https://suse.com/security/cve/CVE-2006-20001 This hyperlink is taking you to a website outside of Dell Technologies.
apache2 CVE-2022-36760 https://suse.com/security/cve/CVE-2022-36760 This hyperlink is taking you to a website outside of Dell Technologies.
apache2 CVE-2022-37436 https://suse.com/security/cve/CVE-2022-37436 This hyperlink is taking you to a website outside of Dell Technologies.
git CVE-2023-22490 https://suse.com/security/cve/CVE-2023-22490 This hyperlink is taking you to a website outside of Dell Technologies.
git CVE-2023-23946 https://suse.com/security/cve/CVE-2023-23946 This hyperlink is taking you to a website outside of Dell Technologies.
glib2 CVE-2021-28153 https://suse.com/security/cve/CVE-2021-28153 This hyperlink is taking you to a website outside of Dell Technologies.
glibc CVE-2015-8985 https://suse.com/security/cve/CVE-2015-8985 This hyperlink is taking you to a website outside of Dell Technologies.
libapr-util1 CVE-2022-25147 https://suse.com/security/cve/CVE-2022-25147 This hyperlink is taking you to a website outside of Dell Technologies.
libksba CVE-2022-47629 https://suse.com/security/cve/CVE-2022-47629 This hyperlink is taking you to a website outside of Dell Technologies.
libxslt CVE-2021-30560 https://suse.com/security/cve/CVE-2021-30560 This hyperlink is taking you to a website outside of Dell Technologies.
multipath-tools CVE-2022-41974 https://suse.com/security/cve/CVE-2022-41974 This hyperlink is taking you to a website outside of Dell Technologies.
openssl-1_0_0 CVE-2022-4304 https://suse.com/security/cve/CVE-2022-4304 This hyperlink is taking you to a website outside of Dell Technologies.
openssl-1_0_0 CVE-2023-0215 https://suse.com/security/cve/CVE-2023-0215 This hyperlink is taking you to a website outside of Dell Technologies.
openssl-1_0_0 CVE-2023-0286 https://suse.com/security/cve/CVE-2023-0286 This hyperlink is taking you to a website outside of Dell Technologies.
python3 CVE-2020-10735 https://suse.com/security/cve/CVE-2020-10735 This hyperlink is taking you to a website outside of Dell Technologies.
python3 CVE-2022-40899 https://suse.com/security/cve/CVE-2022-40899 This hyperlink is taking you to a website outside of Dell Technologies.
python3 CVE-2022-45061 https://suse.com/security/cve/CVE-2022-45061 This hyperlink is taking you to a website outside of Dell Technologies.
python-py CVE-2022-42969 https://suse.com/security/cve/CVE-2022-42969 This hyperlink is taking you to a website outside of Dell Technologies.
sudo CVE-2022-43995 https://suse.com/security/cve/CVE-2022-43995 This hyperlink is taking you to a website outside of Dell Technologies.
sudo CVE-2023-22809 https://suse.com/security/cve/CVE-2023-22809 This hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommande à tous les clients de prendre en compte à la fois le score de base CVSS et les scores temporels et environnementaux pertinents qui peuvent avoir un impact sur la gravité potentielle associée à une faille de sécurité donnée.

Produits concernés et mesure corrective

Product Affected Version(s) Updated Version(s) Link to Update
Dell ECS Version<= 3.7.0.5 ECS 3.7.0.6 Dell recommends all customers have their ECS systems upgraded at the earliest opportunity by opening a “Operating Environment Upgrade” Service Request.
Product Affected Version(s) Updated Version(s) Link to Update
Dell ECS Version<= 3.7.0.5 ECS 3.7.0.6 Dell recommends all customers have their ECS systems upgraded at the earliest opportunity by opening a “Operating Environment Upgrade” Service Request.
Note: Some CVEs fixed in ECS 3.7.0.6 are planned to be addressed in a future release of ECS 3.8.0.x. For the latest list of CVEs fixed in ECS 3.8.0.2, please see DSA-2023-109

Historique des révisions

RevisionDateDescription
1.02023-05-31Initial Release

Informations connexes

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Mention légale

Produits concernés

ECS, ECS Appliance Hardware Gen3 EX5000, ECS Appliance, ECS Appliance Hardware Gen3 EXF900, ECS Appliance Software with Encryption, ECS Appliance Software without Encryption, ECS Software, Product Security Information
Propriétés de l’article
Numéro d’article: 000214424
Type d’article: Dell Security Advisory
Dernière modification: 31 mai 2023
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.