DSA-2023-303: Security Update for Dell Streaming Data Platform

Table of Contents

Detailed Article

Impact

Details

Affected Products & Remediation

Revision History

Related Info

Legal Disclaimer

Affected Products

Provide Feedback

Summary: Dell Streaming Data Platform remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Check out other resources

Impact

Critical

Details

Third-party Component	CVEs	More Information
busybox	CVE-2022-28391, CVE-2021-42377, CVE-2021-42373	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
ca-certificates	CVE-2022-23491	https://nvd.nist.gov/vuln/detail/CVE-2022-23491
fasterXML jackson-databind	CVE-2018-7489, CVE-2020-36518, CVE-2021-46877, CVE-2020-10650, CVE-2020-10673, CVE-2020-25649, CVE-2020-35490, CVE-2020-35491	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
protobuf-java	CVE-2021-22569, CVE-2022-3509, CVE-2022-3510	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
com.thoughtworks.xstream_xstream	CVE-2022-40151	https://nvd.nist.gov/vuln/detail/CVE-2022-40151
cryptography	CVE-2023-0286, CVE-2023-23931	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
dpkg	CVE-2022-1664	https://nvd.nist.gov/vuln/detail/CVE-2022-1664
libexpat	CVE-2022-43680	https://nvd.nist.gov/vuln/detail/CVE-2022-43680
containerd	CVE-2022-23471, CVE-2023-25173	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
docker	CVE-2023-28840, CVE-2023-28841, CVE-2023-28842	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
runc	CVE-2023-27561, CVE-2023-28642	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
client_golang	CVE-2022-21698	https://nvd.nist.gov/vuln/detail/CVE-2022-21698
prometheus exporter-toolkit	CVE-2022-46146	https://nvd.nist.gov/vuln/detail/CVE-2022-46146
go	CVE-2023-24536, CVE-2022-41725, CVE-2023-24537, CVE-2023-24532, CVE-2023-24534, CVE-2022-41724, CVE-2023-24538, CVE-2022-41716, CVE-2022-41723, CVE-2022-41717, CVE-2022-41715, CVE-2022-2880, CVE-2022-2879, CVE-2023-29013, CVE-2022-30635, CVE-2022-32190, CVE-2022-1705, CVE-2022-30633, CVE-2022-30630, CVE-2022-1962, CVE-2022-30632, CVE-2022-30631, CVE-2022-28131, CVE-2022-32148, CVE-2022-32189, CVE-2022-30580, CVE-2021-33194, CVE-2021-33195, CVE-2021-41772, CVE-2020-24553, CVE-2022-24921, CVE-2020-28367, CVE-2022-24675, CVE-2021-41771, CVE-2022-23772, CVE-2021-34558, CVE-2021-38297, CVE-2020-28362, CVE-2021-39293, CVE-2022-23806, CVE-2022-28327, CVE-2020-28366, CVE-2021-33198, CVE-2021-33196, CVE-2020-29510, CVE-2022-23773, CVE-2021-36221, CVE-2021-3114, CVE-2021-33197, CVE-2021-27918, CVE-2021-29923	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
golang.org/x/crypto	CVE-2021-43565, CVE-2022-1996, CVE-2022-27191	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
golang.org/x/net	CVE-2022-27664, CVE-2022-41723, CVE-2022-41721
golang.org/x/sys	CVE-2022-29526	https://nvd.nist.gov/vuln/detail/CVE-2022-29526
gzip	CVE-2022-1271	https://nvd.nist.gov/vuln/detail/CVE-2022-1271
netty	CVE-2022-24823, CVE-2022-41915	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
ipython	CVE-2023-24816	https://nvd.nist.gov/vuln/detail/CVE-2023-24816
kubernetes	CVE-2020-8558, CVE-2021-25741	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
glibc	CVE-2020-1751, CVE-2020-1752, CVE-2020-6096, CVE-2021-3326, CVE-2021-33574, CVE-2021-35942, CVE-2022-23218, CVE-2022-23219	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
curl	CVE-2022-42916, CVE-2022-43551, CVE-2023-23914, CVE-2023-23915	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
libgcc1	CVE-2018-12886	https://nvd.nist.gov/vuln/detail/CVE-2018-12886
gnuTLS	CVE-2023-0361	https://nvd.nist.gov/vuln/detail/CVE-2023-0361
ncurses	CVE-2023-29491, CVE-2022-29458	https://nvd.nist.gov/vuln/detail/CVE-2023-29491
cpan	CVE-2020-16156	https://nvd.nist.gov/vuln/detail/CVE-2020-16156
openssl	CVE-2022-4450, CVE-2023-0215, CVE-2022-4304, CVE-2023-0464, CVE-2023-0466, CVE-2023-0465,	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
systemd	CVE-2022-3821, CVE-2022-4415	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
libxml2	CVE-2023-28484	https://nvd.nist.gov/vuln/detail/CVE-2023-28484
npm	CVE-2022-29244	https://nvd.nist.gov/vuln/detail/CVE-2022-29244
oauthlib	CVE-2022-36087	https://nvd.nist.gov/vuln/detail/CVE-2022-36087
Apache common text	CVE-2022-42889	https://nvd.nist.gov/vuln/detail/CVE-2022-42889
Apache hadoop	CVE-2022-25168	https://nvd.nist.gov/vuln/detail/CVE-2022-25168
Apache spark	CVE-2023-22946	https://nvd.nist.gov/vuln/detail/CVE-2023-22946
jetty	CVE-2023-26049, CVE-2023-26048	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
keycloak	CVE-2022-1245, CVE-2021-3754, CVE-2022-1466, CVE-2022-0225, CVE-2021-20323, CVE-2021-3827	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
snakeYaml	CVE-2022-1471	https://nvd.nist.gov/vuln/detail/CVE-2022-1471
python	CVE-2015-20107, CVE-2022-42919, CVE-2023-27043, CVE-2023-24329, CVE-2020-10735	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
python3	CVE-2022-45061, CVE-2022-37454, CVE-2022-42919	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
setuptools	CVE-2022-40897	https://nvd.nist.gov/vuln/detail/CVE-2022-40897
sqlite	CVE-2022-46908	https://nvd.nist.gov/vuln/detail/CVE-2022-46908
sudo	CVE-2023-22809, CVE-2023-28487, CVE-2023-28486	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
tar	CVE-2022-48303	https://nvd.nist.gov/vuln/detail/CVE-2022-48303
wheel	CVE-2022-40898	https://nvd.nist.gov/vuln/detail/CVE-2022-40898
zlib	CVE-2018-25032, CVE-2022-37434	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/

Third-party Component	CVEs	More Information
busybox	CVE-2022-28391, CVE-2021-42377, CVE-2021-42373	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
ca-certificates	CVE-2022-23491	https://nvd.nist.gov/vuln/detail/CVE-2022-23491
fasterXML jackson-databind	CVE-2018-7489, CVE-2020-36518, CVE-2021-46877, CVE-2020-10650, CVE-2020-10673, CVE-2020-25649, CVE-2020-35490, CVE-2020-35491	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
protobuf-java	CVE-2021-22569, CVE-2022-3509, CVE-2022-3510	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
com.thoughtworks.xstream_xstream	CVE-2022-40151	https://nvd.nist.gov/vuln/detail/CVE-2022-40151
cryptography	CVE-2023-0286, CVE-2023-23931	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
dpkg	CVE-2022-1664	https://nvd.nist.gov/vuln/detail/CVE-2022-1664
libexpat	CVE-2022-43680	https://nvd.nist.gov/vuln/detail/CVE-2022-43680
containerd	CVE-2022-23471, CVE-2023-25173	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
docker	CVE-2023-28840, CVE-2023-28841, CVE-2023-28842	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
runc	CVE-2023-27561, CVE-2023-28642	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
client_golang	CVE-2022-21698	https://nvd.nist.gov/vuln/detail/CVE-2022-21698
prometheus exporter-toolkit	CVE-2022-46146	https://nvd.nist.gov/vuln/detail/CVE-2022-46146
go	CVE-2023-24536, CVE-2022-41725, CVE-2023-24537, CVE-2023-24532, CVE-2023-24534, CVE-2022-41724, CVE-2023-24538, CVE-2022-41716, CVE-2022-41723, CVE-2022-41717, CVE-2022-41715, CVE-2022-2880, CVE-2022-2879, CVE-2023-29013, CVE-2022-30635, CVE-2022-32190, CVE-2022-1705, CVE-2022-30633, CVE-2022-30630, CVE-2022-1962, CVE-2022-30632, CVE-2022-30631, CVE-2022-28131, CVE-2022-32148, CVE-2022-32189, CVE-2022-30580, CVE-2021-33194, CVE-2021-33195, CVE-2021-41772, CVE-2020-24553, CVE-2022-24921, CVE-2020-28367, CVE-2022-24675, CVE-2021-41771, CVE-2022-23772, CVE-2021-34558, CVE-2021-38297, CVE-2020-28362, CVE-2021-39293, CVE-2022-23806, CVE-2022-28327, CVE-2020-28366, CVE-2021-33198, CVE-2021-33196, CVE-2020-29510, CVE-2022-23773, CVE-2021-36221, CVE-2021-3114, CVE-2021-33197, CVE-2021-27918, CVE-2021-29923	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
golang.org/x/crypto	CVE-2021-43565, CVE-2022-1996, CVE-2022-27191	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
golang.org/x/net	CVE-2022-27664, CVE-2022-41723, CVE-2022-41721
golang.org/x/sys	CVE-2022-29526	https://nvd.nist.gov/vuln/detail/CVE-2022-29526
gzip	CVE-2022-1271	https://nvd.nist.gov/vuln/detail/CVE-2022-1271
netty	CVE-2022-24823, CVE-2022-41915	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
ipython	CVE-2023-24816	https://nvd.nist.gov/vuln/detail/CVE-2023-24816
kubernetes	CVE-2020-8558, CVE-2021-25741	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
glibc	CVE-2020-1751, CVE-2020-1752, CVE-2020-6096, CVE-2021-3326, CVE-2021-33574, CVE-2021-35942, CVE-2022-23218, CVE-2022-23219	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
curl	CVE-2022-42916, CVE-2022-43551, CVE-2023-23914, CVE-2023-23915	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
libgcc1	CVE-2018-12886	https://nvd.nist.gov/vuln/detail/CVE-2018-12886
gnuTLS	CVE-2023-0361	https://nvd.nist.gov/vuln/detail/CVE-2023-0361
ncurses	CVE-2023-29491, CVE-2022-29458	https://nvd.nist.gov/vuln/detail/CVE-2023-29491
cpan	CVE-2020-16156	https://nvd.nist.gov/vuln/detail/CVE-2020-16156
openssl	CVE-2022-4450, CVE-2023-0215, CVE-2022-4304, CVE-2023-0464, CVE-2023-0466, CVE-2023-0465,	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
systemd	CVE-2022-3821, CVE-2022-4415	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
libxml2	CVE-2023-28484	https://nvd.nist.gov/vuln/detail/CVE-2023-28484
npm	CVE-2022-29244	https://nvd.nist.gov/vuln/detail/CVE-2022-29244
oauthlib	CVE-2022-36087	https://nvd.nist.gov/vuln/detail/CVE-2022-36087
Apache common text	CVE-2022-42889	https://nvd.nist.gov/vuln/detail/CVE-2022-42889
Apache hadoop	CVE-2022-25168	https://nvd.nist.gov/vuln/detail/CVE-2022-25168
Apache spark	CVE-2023-22946	https://nvd.nist.gov/vuln/detail/CVE-2023-22946
jetty	CVE-2023-26049, CVE-2023-26048	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
keycloak	CVE-2022-1245, CVE-2021-3754, CVE-2022-1466, CVE-2022-0225, CVE-2021-20323, CVE-2021-3827	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
snakeYaml	CVE-2022-1471	https://nvd.nist.gov/vuln/detail/CVE-2022-1471
python	CVE-2015-20107, CVE-2022-42919, CVE-2023-27043, CVE-2023-24329, CVE-2020-10735	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
python3	CVE-2022-45061, CVE-2022-37454, CVE-2022-42919	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
setuptools	CVE-2022-40897	https://nvd.nist.gov/vuln/detail/CVE-2022-40897
sqlite	CVE-2022-46908	https://nvd.nist.gov/vuln/detail/CVE-2022-46908
sudo	CVE-2023-22809, CVE-2023-28487, CVE-2023-28486	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
tar	CVE-2022-48303	https://nvd.nist.gov/vuln/detail/CVE-2022-48303
wheel	CVE-2022-40898	https://nvd.nist.gov/vuln/detail/CVE-2022-40898
zlib	CVE-2018-25032, CVE-2022-37434	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product	Affected Versions	Remediated Versions	Link
Dell Streaming Data Platform	Versions 1.1.x through 1.7.x	1.8.0	https://www.dell.com/support/home/product-support/product/streaming-data-platform/drivers

Product	Affected Versions	Remediated Versions	Link
Dell Streaming Data Platform	Versions 1.1.x through 1.7.x	1.8.0	https://www.dell.com/support/home/product-support/product/streaming-data-platform/drivers

The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

Revision History

Revision	Date	Description
1.0	2023-09-13	Initial Release

Related Information

Legal Disclaimer

Affected Products

Streaming Data Platform Family, Streaming Data Platform

Article Number: 000217490

Article Type: Dell Security Advisory

Last Modified: 13 Sept 2023

Check if your device is covered by Support Services.

DSA-2023-303: Security Update for Dell Streaming Data Platform

Summary: Dell Streaming Data Platform remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Impact

Details

Affected Products & Remediation

Revision History

Related Information

Legal Disclaimer

Affected Products

Article Properties

Find answers to your questions from other Dell users

Support Services

Article Properties

Find answers to your questions from other Dell users

Support Services

Welcome

Welcome to Dell

DSA-2023-303: Security Update for Dell Streaming Data Platform

Summary: Dell Streaming Data Platform remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Detailed Article

Impact

Details

Affected Products & Remediation

Revision History

Related Info

Legal Disclaimer

Affected Products

Impact

Details

Affected Products & Remediation

Revision History

Related Information

Legal Disclaimer

Affected Products

Article Properties

Find answers to your questions from other Dell users

Support Services

Article Properties

Find answers to your questions from other Dell users

Support Services