Ga naar hoofdinhoud
  • Snel en eenvoudig bestellen
  • Bestellingen en de verzendstatus bekijken
  • Een lijst met producten maken en openen

DSA-2024-303: Security Update for Dell Data Lakehouse System Software for Multiple Security Vulnerabilities.

Samenvatting: Dell Data Lakehouse System Software remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Dit artikel is van toepassing op Dit artikel is niet van toepassing op Dit artikel is niet gebonden aan een specifiek product. Niet alle productversies worden in dit artikel vermeld.

Impact

High

Gegevens

Third-Party Component CVEs More Information
glibc CVE-2021-3999, CVE-2023-4911 See NVD link below for individual scores for each CVE.
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
libcurl4,curl CVE-2021-22945, CVE-2021-22946, CVE-2021-22947, CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27781, CVE-2022-27782, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208, CVE-2022-32221, CVE-2022-43552, CVE-2023-23916, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538, CVE-2023-28321, CVE-2023-38545, CVE-2023-46218 See NVD link below for individual scores for each CVE.
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
libexpat1 CVE-2022-40674, CVE-2022-43680, CVE-2023-52425, CVE-2023-52426 See NVD link below for individual scores for each CVE.
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
libgnutls30 CVE-2022-2509, CVE-2023-0361, CVE-2023-5981 See NVD link below for individual scores for each CVE.
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
krb5 CVE-2022-42898, CVE-2023-36054 See NVD link below for individual scores for each CVE.
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
ncurses CVE-2022-29458, CVE-2023-29491 See NVD link below for individual scores for each CVE.
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
libnghttp2 CVE-2024-27316, CVE-2023-44487 See NVD link below for individual scores for each CVE.
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
libpcre2-8-0 CVE-2022-1586, CVE-2022-1587 See NVD link below for individual scores for each CVE.
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
libssl1.1 CVE-2022-2097, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-3446, CVE-2023-3817 See NVD link below for individual scores for each CVE.
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
libtasn1-6 CVE-2021-46848 https://nvd.nist.gov/vuln/detail/CVE-2021-46848 This hyperlink is taking you to a website outside of Dell Technologies.
libtiff5 CVE-2022-1354, CVE-2022-1355, CVE-2022-1622, CVE-2022-1623, CVE-2022-2056, CVE-2022-2057, CVE-2022-2058, CVE-2022-2519, CVE-2022-2520, CVE-2022-2521, CVE-2022-2867, CVE-2022-2868, CVE-2022-2869, CVE-2022-2953, CVE-2022-34526, CVE-2022-3570, CVE-2022-3597, CVE-2022-3598, CVE-2022-3599, CVE-2022-3626, CVE-2022-3627, CVE-2022-3970, CVE-2022-4645, CVE-2022-48281, CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0799, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804, CVE-2023-25434, CVE-2023-25435, CVE-2023-30086, CVE-2023-30774, CVE-2023-3576, CVE-2023-40745, CVE-2023-41175 See NVD link below for individual scores for each CVE.
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
libudev1,libsystemd0 CVE-2022-3821, CVE-2022-4415, CVE-2023-50387 See NVD link below for individual scores for each CVE.
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
libwebp6 CVE-2023-1999, CVE-2023-4863 See NVD link below for individual scores for each CVE.
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
libx11 CVE-2023-3138, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787 See NVD link below for individual scores for each CVE.
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
libxml2 CVE-2022-40303, CVE-2022-40304, CVE-2023-28484, CVE-2023-29469 See NVD link below for individual scores for each CVE.
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
libxpm4 CVE-2022-44617, CVE-2022-46285, CVE-2022-4883, CVE-2023-43788, CVE-2023-43789 See NVD link below for individual scores for each CVE.
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
libxslt1.1 CVE-2021-30560 https://nvd.nist.gov/vuln/detail/CVE-2021-30560 This hyperlink is taking you to a website outside of Dell Technologies.
perl-base CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 This hyperlink is taking you to a website outside of Dell Technologies.
ion-java CVE-2024-21634 https://nvd.nist.gov/vuln/detail/CVE-2024-21634 This hyperlink is taking you to a website outside of Dell Technologies.
tar CVE-2022-48303 https://nvd.nist.gov/vuln/detail/CVE-2022-48303 This hyperlink is taking you to a website outside of Dell Technologies.
zlib1g CVE-2022-37434 https://nvd.nist.gov/vuln/detail/CVE-2022-37434 This hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2024-38302
Dell Data Lakehouse, version(s) 1.0.0.0, contain(s) a Missing Encryption of Sensitive Data vulnerability in the DDAE (Starburst). A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure.
6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N This hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2024-38302
Dell Data Lakehouse, version(s) 1.0.0.0, contain(s) a Missing Encryption of Sensitive Data vulnerability in the DDAE (Starburst). A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure.
6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N This hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies raadt aan dat alle klanten rekening houden met zowel de basisscore van CVSS als alle relevante tijdelijke en omgevingsscores die gevolgen kunnen hebben voor de mogelijke ernst van de specifieke beveiligingsproblemen.

Getroffen producten en herstel

Product Affected Versions Remediated Versions Link
DELL Data Lakehouse System Software 1.0.0.0  1.1.0.0 https://www.dell.com/support/home/product-support/product/
 
 
Product Affected Versions Remediated Versions Link
DELL Data Lakehouse System Software 1.0.0.0  1.1.0.0 https://www.dell.com/support/home/product-support/product/
 
 
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

Revisiegeschiedenis

RevisionDateDescription
1.02024-07-18Initial Release

Verwante informatie

Getroffen producten

Dell Data Lakehouse
Artikeleigenschappen
Artikelnummer: 000227053
Artikeltype: Dell Security Advisory
Laatst aangepast: 18 jul. 2024
Vind antwoorden op uw vragen via andere Dell gebruikers
Support Services
Controleer of uw apparaat wordt gedekt door Support Services.