DSA-2023-372: Dell Container Storage Modules Security Update for Multiple Third Party Vulnerabilities.

摘要: Dell Container Storage Modules remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

本文适用于 本文不适用于 本文并非针对某种特定的产品。 本文并非包含所有产品版本。
查看其他资源

影响

Critical

详情

Third-party Component CVEs More Information
bzip2-libs CVE-2019-12900 https://nvd.nist.gov/vuln/detail/cve-2019-12900 This hyperlink is taking you to a website outside of Dell Technologies.
Curl, libcurl CVE-2023-28321, CVE-2022-35252, CVE-2022-43552, CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-28321This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2022-35252This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2022-43552This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2023-27535This hyperlink is taking you to a website outside of Dell Technologies.
dbus CVE-2020-35512, CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2020-35512This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2023-34969 This hyperlink is taking you to a website outside of Dell Technologies.
expat CVE-2022-23990 https://nvd.nist.gov/vuln/detail/CVE-2022-23990 This hyperlink is taking you to a website outside of Dell Technologies.
gnupg2 CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 This hyperlink is taking you to a website outside of Dell Technologies.
gnutls CVE-2021-4209 https://nvd.nist.gov/vuln/detail/CVE-2021-4209 This hyperlink is taking you to a website outside of Dell Technologies.
krb5-libs CVE-2020-17049 https://nvd.nist.gov/vuln/detail/CVE-2020-17049 This hyperlink is taking you to a website outside of Dell Technologies.
libarchive CVE-2022-36227, CVE-2018-1000879, CVE-2018-1000880, CVE-2020-21674 https://nvd.nist.gov/vuln/detail/CVE-2022-36227This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2018-1000879This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2018-1000880This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2020-21674 This hyperlink is taking you to a website outside of Dell Technologies.
util-linux CVE-2023-29383 https://nvd.nist.gov/vuln/detail/CVE-2023-29383 This hyperlink is taking you to a website outside of Dell Technologies.
libgcrypt CVE-2019-12904 https://nvd.nist.gov/vuln/detail/CVE-2019-12904 This hyperlink is taking you to a website outside of Dell Technologies.
libxml2 CVE-2023-28484, CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-28484This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2023-29469 This hyperlink is taking you to a website outside of Dell Technologies.
libzstd CVE-2021-24032 https://nvd.nist.gov/vuln/detail/CVE-2021-24032 This hyperlink is taking you to a website outside of Dell Technologies.
libtasn1 CVE-2018-1000654 https://nvd.nist.gov/vuln/detail/CVE-2018-1000654 This hyperlink is taking you to a website outside of Dell Technologies.
lz4-libs CVE-2019-17543 https://nvd.nist.gov/vuln/detail/CVE-2019-17543 This hyperlink is taking you to a website outside of Dell Technologies.
Openssl
 		 CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-0464This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2023-0465This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2023-0466 This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2023-2650 This hyperlink is taking you to a website outside of Dell Technologies.
python3-unbound
unbound-libs
 		 CVE-2022-3204, CVE-2019-16866 https://nvd.nist.gov/vuln/detail/CVE-2022-3204 This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2019-16866 This hyperlink is taking you to a website outside of Dell Technologies.
sqlite-libs CVE-2020-24736, CVE-2019-19244, CVE-2019-9936, CVE-2019-9937 https://nvd.nist.gov/vuln/detail/CVE-2020-24736 This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2019-19244 This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2019-9936 This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2019-9937This hyperlink is taking you to a website outside of Dell Technologies.
systemd
 		 CVE-2023-26604, CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2023-26604This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2018-20839This hyperlink is taking you to a website outside of Dell Technologies.
platform-python
python3-libs
 		 CVE-2023-24329 https://nvd.nist.gov/vuln/detail/CVE-2023-24329This hyperlink is taking you to a website outside of Dell Technologies.
device-mapper-multipath
 		 CVE-2022-41973 https://nvd.nist.gov/vuln/detail/CVE-2022-41973 This hyperlink is taking you to a website outside of Dell Technologies.
aws-sdk-go CVE-2020-8911, CVE-2020-8912 https://nvd.nist.gov/vuln/detail/CVE-2020-8911This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2020-8912This hyperlink is taking you to a website outside of Dell Technologies.,
AWS S3 Crypto SDK CVE-2022-2582, GHSA-76wf-9vgp-pj7w https://nvd.nist.gov/vuln/detail/CVE-2022-2582This hyperlink is taking you to a website outside of Dell Technologies.,
https://github.com/advisories/GHSA-76wf-9vgp-pj7w This hyperlink is taking you to a website outside of Dell Technologies.
sftp PRISMA-2021-0214 https://nvd.nist.gov/vuln/detail/CVE-2021-0214This hyperlink is taking you to a website outside of Dell Technologies.
openssh-clients CVE-2018-15919, CVE-2019-6110 https://nvd.nist.gov/vuln/detail/CVE-2018-15919 This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2019-6110This hyperlink is taking you to a website outside of Dell Technologies.
tar CVE-2019-9923 https://nvd.nist.gov/vuln/detail/CVE-2019-9923This hyperlink is taking you to a website outside of Dell Technologies.
yaml CVE-2019-11254, CVE-2021-4235 https://nvd.nist.gov/vuln/detail/CVE-2019-11254 This hyperlink is taking you to a website outside of Dell Technologies.,
 https://nvd.nist.gov/vuln/detail/CVE-2021-4235This hyperlink is taking you to a website outside of Dell Technologies.
libgcc CVE-2021-42694, CVE-2021-20657, CVE-2019-14250, CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2021-42694This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2021-20657This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2019-14250This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2018-20657 This hyperlink is taking you to a website outside of Dell Technologies.
ncurses
 		 CVE-2021-39537, CVE-2018-19211, CVE-2018-19217 https://nvd.nist.gov/vuln/detail/CVE-2021-39537This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2018-19211This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2018-19217This hyperlink is taking you to a website outside of Dell Technologies.
go-restful/v3 PRISMA-2022-0227 https://discuss.hashicorp.com/t/security-vulnerability-prisma-2022-0227/51264 This hyperlink is taking you to a website outside of Dell Technologies.
lua CVE-2021-45985 https://nvd.nist.gov/vuln/detail/CVE-2021-45985This hyperlink is taking you to a website outside of Dell Technologies.
HTTP/1 CVE-2023-24906 https://nvd.nist.gov/vuln/detail/CVE-2023-29406 This hyperlink is taking you to a website outside of Dell Technologies.

Dell Technologies 建议所有客户考虑 CVSS 基本分数以及任何相关的时间和环境分数,这可能会影响与特定安全漏洞相关的潜在严重程度。

受影响的产品和补救措施

CVEs Addressed Product Affected Versions Updated Versions Link
CVE-2019-12900, CVE-2023-28321, CVE-2022-35252, CVE-2022-43552, CVE-2023-27535, CVE-2020-35512, CVE-2022-23990, CVE-2022-3219, CVE-2021-4209, CVE-2020-17049, CVE-2022-36227, CVE-2023-29383, CVE-2019-12904,CVE-2023-28484, CVE-2023-29469, CVE-2021-24032, CVE-2018-1000654, CVE-2019-17543, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2022-3204, CVE-2019-16866, CVE-2020-24736, CVE-2019-19244, CVE-2019-9936, CVE-2019-9937, CVE-2023-26604, CVE-2023-24329, CVE-2022-41973, CVE-2020-8911, CVE-2022-2582, GHSA-76wf-9vgp-pj7w, PRISMA-2021-0214, CVE-2018-15919, CVE-2019-6110, CVE-2020-8912, CVE-2019-9923, CVE-2019-11254, CVE-2021-4235, CVE-2023-34969, CVE-2021-42694, CVE-2021-20657, CVE-2019-14250, CVE-2021-39537, CVE-2018-19211, CVE-2018-19217, CVE-2018-20839, PRISMA-2022-0227, CVE-2021-45985, CVE-2018-20657 , CVE-2018-1000879, CVE-2018-1000880, CVE-2020-21674, cve-2023-29406 Dell Container Storage Modules Versions prior to 1.8 1.8 https://github.com/dell/csmThis hyperlink is taking you to a website outside of Dell Technologies.
CVEs Addressed Product Affected Versions Updated Versions Link
CVE-2019-12900, CVE-2023-28321, CVE-2022-35252, CVE-2022-43552, CVE-2023-27535, CVE-2020-35512, CVE-2022-23990, CVE-2022-3219, CVE-2021-4209, CVE-2020-17049, CVE-2022-36227, CVE-2023-29383, CVE-2019-12904,CVE-2023-28484, CVE-2023-29469, CVE-2021-24032, CVE-2018-1000654, CVE-2019-17543, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2022-3204, CVE-2019-16866, CVE-2020-24736, CVE-2019-19244, CVE-2019-9936, CVE-2019-9937, CVE-2023-26604, CVE-2023-24329, CVE-2022-41973, CVE-2020-8911, CVE-2022-2582, GHSA-76wf-9vgp-pj7w, PRISMA-2021-0214, CVE-2018-15919, CVE-2019-6110, CVE-2020-8912, CVE-2019-9923, CVE-2019-11254, CVE-2021-4235, CVE-2023-34969, CVE-2021-42694, CVE-2021-20657, CVE-2019-14250, CVE-2021-39537, CVE-2018-19211, CVE-2018-19217, CVE-2018-20839, PRISMA-2022-0227, CVE-2021-45985, CVE-2018-20657 , CVE-2018-1000879, CVE-2018-1000880, CVE-2020-21674, cve-2023-29406 Dell Container Storage Modules Versions prior to 1.8 1.8 https://github.com/dell/csmThis hyperlink is taking you to a website outside of Dell Technologies.

解决方法和缓解措施

None

修订历史记录

RevisionDateDescription
1.02023-09-20Initial Release
2.02023-10-05Minor Revision: style and formatting changes without any changes to the content itself.
3.02023-10-13Updated for enhanced presentation with no changes to content.
4.02023-11-24Updated content with new CVE-2023-24906 added as fixed

相关信息

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

法律免责声明

受影响的产品

Container Storage Modules Family, Container Storage Modules
文章属性
文章编号: 000218111
文章类型: Dell Security Advisory
上次修改时间: 24 11月 2023
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。