DSA-2023-305: Security Update for Dell Secure Connect Gateway Multiple Third-Party Component Vulnerabilities
摘要: Dell Secure Connect Gateway remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
本文适用于
本文不适用于
本文并非针对某种特定的产品。
本文并非包含所有产品版本。
影响
Critical
详情
| Third-Party Component |
CVEs | More information |
|---|---|---|
| Apache Tomcat | CVE-2023-28709 | See NVD link below for individual scores for each CVE https://nvd.nist.gov  |
| Docker | CVE-2023-28840, CVE-2023-28842 | See SUSE link below for each CVE https://www.suse.com |
| Guava | CVE-2023-2976 | See SUSE link below for each CVE https://www.suse.com |
| Java | CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968 | See SUSE link below for each CVE https://www.suse.com |
| Kernel | CVE-2022-3566, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2023-0459, CVE-2023-1380, CVE-2023-20569, CVE-2023-2176, CVE-2023-2194, CVE-2023-2269, CVE-2023-2513, CVE-2023-28466, CVE-2023-31084, CVE-2023-31436, CVE-2023-32269, CVE-2023-3567, CVE-2023-3609, CVE-2023-3611, CVE-2022-40982 |
See SUSE link below for each CVE https://www.suse.com |
| Ldap | CVE-2023-2953 | See SUSE link below for each CVE https://www.suse.com |
| Libbind9 | CVE-2023-2828 | See SUSE link below for each CVE https://www.suse.com |
| Libcap | CVE-2023-2603 | See SUSE link below for each CVE https://www.suse.com |
| Libopenssl1 | CVE-2023-2650, CVE-2023-3817 | See SUSE link below for each CVE https://www.suse.com |
| Libpcre2 | CVE-2022-1587 | See SUSE link below for each CVE https://www.suse.com |
| libX11 | CVE-2023-3138 | See SUSE link below for each CVE https://www.suse.com |
| Netty | CVE-2023-34462 | See NVD link below for individual scores for each CVE https://nvd.nist.gov |
| Ntp | CVE-2023-26555 | See SUSE link below for each CVE https://www.suse.com |
| Okio | CVE-2023-3635 | See NVD link below for individual scores for each CVE https://nvd.nist.gov |
| OpenSSH | CVE-2016-20012, CVE-2020-14145, CVE-2020-15778 CVE-2021-36368 , CVE-2023-38408 |
See SUSE link below for each CVE https://www.suse.com |
| OpenSSL | CVE-2022-0778, CVE-2022-1292, CVE-2022-2068, CVE-2022-2097, CVE-2022-4304, CVE-2023-0286, CVE-2023-1255, |
See SUSE link below for each CVE https://www.suse.com |
| Open-vm-tools | CVE-2023-20867 | See SUSE link below for each CVE https://www.suse.com |
| Palo Alto | CVE-2023-0001 | See NVD link below for individual scores for each CVE https://nvd.nist.gov |
| PostgreSQL | CVE-2023-2454, CVE-2023-2455 | See SUSE link below for each CVE https://www.suse.com |
| Python | CVE-2007-4559 | See SUSE link below for each CVE https://www.suse.com |
| Vim | CVE-2023-0049 | See SUSE link below for each CVE https://www.suse.com |
受影响的产品和补救措施
| CVEs Addressed |
Product | Affected Versions | Remediated Versions | Link to Update |
|---|---|---|---|---|
| CVE-2007-4559, CVE-2016-20012, CVE-2020-14145, CVE-2020-15778, CVE-2021-36368, CVE-2022-0778, CVE-2022-1292, CVE-2022-1587, CVE-2022-2068, CVE-2022-2097, CVE-2022-3566, CVE-2022-40982, CVE-2022-4304, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2023-0001, CVE-2023-0286, CVE-2023-0459, CVE-2023-1255, CVE-2023-1380, CVE-2023-20569, CVE-2023-20867, CVE-2023-2176, CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-2194, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968, CVE-2023-2269, CVE-2023-2454, CVE-2023-2455, CVE-2023-2513, CVE-2023-2603, CVE-2023-2650, CVE-2023-26555, CVE-2023-2828, CVE-2023-28466, CVE-2023-28709, CVE-2023-28840, CVE-2023-28842, CVE-2023-2953, CVE-2023-2976, CVE-2023-31084, CVE-2023-3138, CVE-2023-31436, CVE-2023-32269, CVE-2023-34462, CVE-2023-3567, CVE-2023-3609, CVE-2023-3611, CVE-2023-3635, CVE-2023-3817, CVE-2023-38408, CVE-2023-0049 | Dell Secure Connect Gateway | Versions 5.12.00.10, 5.14.00.16, 5.16.00.14 |
Version 5.18.00.20 | https://www.dell.com/support/home/en-us/product-support/product/secure-connect-gateway-ve/drivers |
| CVEs Addressed |
Product | Affected Versions | Remediated Versions | Link to Update |
|---|---|---|---|---|
| CVE-2007-4559, CVE-2016-20012, CVE-2020-14145, CVE-2020-15778, CVE-2021-36368, CVE-2022-0778, CVE-2022-1292, CVE-2022-1587, CVE-2022-2068, CVE-2022-2097, CVE-2022-3566, CVE-2022-40982, CVE-2022-4304, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2023-0001, CVE-2023-0286, CVE-2023-0459, CVE-2023-1255, CVE-2023-1380, CVE-2023-20569, CVE-2023-20867, CVE-2023-2176, CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-2194, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968, CVE-2023-2269, CVE-2023-2454, CVE-2023-2455, CVE-2023-2513, CVE-2023-2603, CVE-2023-2650, CVE-2023-26555, CVE-2023-2828, CVE-2023-28466, CVE-2023-28709, CVE-2023-28840, CVE-2023-28842, CVE-2023-2953, CVE-2023-2976, CVE-2023-31084, CVE-2023-3138, CVE-2023-31436, CVE-2023-32269, CVE-2023-34462, CVE-2023-3567, CVE-2023-3609, CVE-2023-3611, CVE-2023-3635, CVE-2023-3817, CVE-2023-38408, CVE-2023-0049 | Dell Secure Connect Gateway | Versions 5.12.00.10, 5.14.00.16, 5.16.00.14 |
Version 5.18.00.20 | https://www.dell.com/support/home/en-us/product-support/product/secure-connect-gateway-ve/drivers |
解决方法和缓解措施
None
修订历史记录
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-09-20 | Initial Release |
| 2.0 | 2023-10-4 | Added CVE-2023-0049 under Affected Products and Remediation Table, Added Vim third-party component related to CVE-2023-0049 in the Third-Party Component Table. |
相关信息
法律免责声明
受影响的产品
Secure Connect Gateway, Secure Connect Gateway文章属性
文章编号: 000217814
文章类型: Dell Security Advisory
上次修改时间: 04 10月 2023
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。