DSA-2023-372: Dell Container Storage Modules Security Update for Multiple Third Party Vulnerabilities.

摘要: Dell Container Storage Modules remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

本文章適用於 本文章不適用於 本文無關於任何特定產品。 本文未識別所有產品版本。
查看其他資源

影響

Critical

詳細資料

Third-party Component CVEs More Information
bzip2-libs CVE-2019-12900 https://nvd.nist.gov/vuln/detail/cve-2019-12900 This hyperlink is taking you to a website outside of Dell Technologies.
Curl, libcurl CVE-2023-28321, CVE-2022-35252, CVE-2022-43552, CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-28321This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2022-35252This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2022-43552This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2023-27535This hyperlink is taking you to a website outside of Dell Technologies.
dbus CVE-2020-35512, CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2020-35512This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2023-34969 This hyperlink is taking you to a website outside of Dell Technologies.
expat CVE-2022-23990 https://nvd.nist.gov/vuln/detail/CVE-2022-23990 This hyperlink is taking you to a website outside of Dell Technologies.
gnupg2 CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 This hyperlink is taking you to a website outside of Dell Technologies.
gnutls CVE-2021-4209 https://nvd.nist.gov/vuln/detail/CVE-2021-4209 This hyperlink is taking you to a website outside of Dell Technologies.
krb5-libs CVE-2020-17049 https://nvd.nist.gov/vuln/detail/CVE-2020-17049 This hyperlink is taking you to a website outside of Dell Technologies.
libarchive CVE-2022-36227, CVE-2018-1000879, CVE-2018-1000880, CVE-2020-21674 https://nvd.nist.gov/vuln/detail/CVE-2022-36227This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2018-1000879This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2018-1000880This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2020-21674 This hyperlink is taking you to a website outside of Dell Technologies.
util-linux CVE-2023-29383 https://nvd.nist.gov/vuln/detail/CVE-2023-29383 This hyperlink is taking you to a website outside of Dell Technologies.
libgcrypt CVE-2019-12904 https://nvd.nist.gov/vuln/detail/CVE-2019-12904 This hyperlink is taking you to a website outside of Dell Technologies.
libxml2 CVE-2023-28484, CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-28484This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2023-29469 This hyperlink is taking you to a website outside of Dell Technologies.
libzstd CVE-2021-24032 https://nvd.nist.gov/vuln/detail/CVE-2021-24032 This hyperlink is taking you to a website outside of Dell Technologies.
libtasn1 CVE-2018-1000654 https://nvd.nist.gov/vuln/detail/CVE-2018-1000654 This hyperlink is taking you to a website outside of Dell Technologies.
lz4-libs CVE-2019-17543 https://nvd.nist.gov/vuln/detail/CVE-2019-17543 This hyperlink is taking you to a website outside of Dell Technologies.
Openssl
 		 CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-0464This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2023-0465This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2023-0466 This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2023-2650 This hyperlink is taking you to a website outside of Dell Technologies.
python3-unbound
unbound-libs
 		 CVE-2022-3204, CVE-2019-16866 https://nvd.nist.gov/vuln/detail/CVE-2022-3204 This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2019-16866 This hyperlink is taking you to a website outside of Dell Technologies.
sqlite-libs CVE-2020-24736, CVE-2019-19244, CVE-2019-9936, CVE-2019-9937 https://nvd.nist.gov/vuln/detail/CVE-2020-24736 This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2019-19244 This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2019-9936 This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2019-9937This hyperlink is taking you to a website outside of Dell Technologies.
systemd
 		 CVE-2023-26604, CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2023-26604This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2018-20839This hyperlink is taking you to a website outside of Dell Technologies.
platform-python
python3-libs
 		 CVE-2023-24329 https://nvd.nist.gov/vuln/detail/CVE-2023-24329This hyperlink is taking you to a website outside of Dell Technologies.
device-mapper-multipath
 		 CVE-2022-41973 https://nvd.nist.gov/vuln/detail/CVE-2022-41973 This hyperlink is taking you to a website outside of Dell Technologies.
aws-sdk-go CVE-2020-8911, CVE-2020-8912 https://nvd.nist.gov/vuln/detail/CVE-2020-8911This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2020-8912This hyperlink is taking you to a website outside of Dell Technologies.,
AWS S3 Crypto SDK CVE-2022-2582, GHSA-76wf-9vgp-pj7w https://nvd.nist.gov/vuln/detail/CVE-2022-2582This hyperlink is taking you to a website outside of Dell Technologies.,
https://github.com/advisories/GHSA-76wf-9vgp-pj7w This hyperlink is taking you to a website outside of Dell Technologies.
sftp PRISMA-2021-0214 https://nvd.nist.gov/vuln/detail/CVE-2021-0214This hyperlink is taking you to a website outside of Dell Technologies.
openssh-clients CVE-2018-15919, CVE-2019-6110 https://nvd.nist.gov/vuln/detail/CVE-2018-15919 This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2019-6110This hyperlink is taking you to a website outside of Dell Technologies.
tar CVE-2019-9923 https://nvd.nist.gov/vuln/detail/CVE-2019-9923This hyperlink is taking you to a website outside of Dell Technologies.
yaml CVE-2019-11254, CVE-2021-4235 https://nvd.nist.gov/vuln/detail/CVE-2019-11254 This hyperlink is taking you to a website outside of Dell Technologies.,
 https://nvd.nist.gov/vuln/detail/CVE-2021-4235This hyperlink is taking you to a website outside of Dell Technologies.
libgcc CVE-2021-42694, CVE-2021-20657, CVE-2019-14250, CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2021-42694This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2021-20657This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2019-14250This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2018-20657 This hyperlink is taking you to a website outside of Dell Technologies.
ncurses
 		 CVE-2021-39537, CVE-2018-19211, CVE-2018-19217 https://nvd.nist.gov/vuln/detail/CVE-2021-39537This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2018-19211This hyperlink is taking you to a website outside of Dell Technologies.,
https://nvd.nist.gov/vuln/detail/CVE-2018-19217This hyperlink is taking you to a website outside of Dell Technologies.
go-restful/v3 PRISMA-2022-0227 https://discuss.hashicorp.com/t/security-vulnerability-prisma-2022-0227/51264 This hyperlink is taking you to a website outside of Dell Technologies.
lua CVE-2021-45985 https://nvd.nist.gov/vuln/detail/CVE-2021-45985This hyperlink is taking you to a website outside of Dell Technologies.
HTTP/1 CVE-2023-24906 https://nvd.nist.gov/vuln/detail/CVE-2023-29406 This hyperlink is taking you to a website outside of Dell Technologies.

Dell Technologies 建議所有客戶不僅要參考 CVSS 基本分數,也要將可能會影響與特定安全漏洞相關之潛在嚴重性的所有相關暫時和環境分數納入考量。

受影響的產品與補救措施

CVEs Addressed Product Affected Versions Updated Versions Link
CVE-2019-12900, CVE-2023-28321, CVE-2022-35252, CVE-2022-43552, CVE-2023-27535, CVE-2020-35512, CVE-2022-23990, CVE-2022-3219, CVE-2021-4209, CVE-2020-17049, CVE-2022-36227, CVE-2023-29383, CVE-2019-12904,CVE-2023-28484, CVE-2023-29469, CVE-2021-24032, CVE-2018-1000654, CVE-2019-17543, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2022-3204, CVE-2019-16866, CVE-2020-24736, CVE-2019-19244, CVE-2019-9936, CVE-2019-9937, CVE-2023-26604, CVE-2023-24329, CVE-2022-41973, CVE-2020-8911, CVE-2022-2582, GHSA-76wf-9vgp-pj7w, PRISMA-2021-0214, CVE-2018-15919, CVE-2019-6110, CVE-2020-8912, CVE-2019-9923, CVE-2019-11254, CVE-2021-4235, CVE-2023-34969, CVE-2021-42694, CVE-2021-20657, CVE-2019-14250, CVE-2021-39537, CVE-2018-19211, CVE-2018-19217, CVE-2018-20839, PRISMA-2022-0227, CVE-2021-45985, CVE-2018-20657 , CVE-2018-1000879, CVE-2018-1000880, CVE-2020-21674, cve-2023-29406 Dell Container Storage Modules Versions prior to 1.8 1.8 https://github.com/dell/csmThis hyperlink is taking you to a website outside of Dell Technologies.
CVEs Addressed Product Affected Versions Updated Versions Link
CVE-2019-12900, CVE-2023-28321, CVE-2022-35252, CVE-2022-43552, CVE-2023-27535, CVE-2020-35512, CVE-2022-23990, CVE-2022-3219, CVE-2021-4209, CVE-2020-17049, CVE-2022-36227, CVE-2023-29383, CVE-2019-12904,CVE-2023-28484, CVE-2023-29469, CVE-2021-24032, CVE-2018-1000654, CVE-2019-17543, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2022-3204, CVE-2019-16866, CVE-2020-24736, CVE-2019-19244, CVE-2019-9936, CVE-2019-9937, CVE-2023-26604, CVE-2023-24329, CVE-2022-41973, CVE-2020-8911, CVE-2022-2582, GHSA-76wf-9vgp-pj7w, PRISMA-2021-0214, CVE-2018-15919, CVE-2019-6110, CVE-2020-8912, CVE-2019-9923, CVE-2019-11254, CVE-2021-4235, CVE-2023-34969, CVE-2021-42694, CVE-2021-20657, CVE-2019-14250, CVE-2021-39537, CVE-2018-19211, CVE-2018-19217, CVE-2018-20839, PRISMA-2022-0227, CVE-2021-45985, CVE-2018-20657 , CVE-2018-1000879, CVE-2018-1000880, CVE-2020-21674, cve-2023-29406 Dell Container Storage Modules Versions prior to 1.8 1.8 https://github.com/dell/csmThis hyperlink is taking you to a website outside of Dell Technologies.

因應措施與緩解措施

None

修訂歷史記錄

RevisionDateDescription
1.02023-09-20Initial Release
2.02023-10-05Minor Revision: style and formatting changes without any changes to the content itself.
3.02023-10-13Updated for enhanced presentation with no changes to content.
4.02023-11-24Updated content with new CVE-2023-24906 added as fixed

相關資訊

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

法律免責聲明

受影響的產品

Container Storage Modules Family, Container Storage Modules
文章屬性
文章編號: 000218111
文章類型: Dell Security Advisory
上次修改時間: 24 11月 2023
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。