DSA-2024-119: Dell ObjectScale 1.4.0 security update for multiple third-party vulnerabilities.
Summary: Dell ObjectScale 1.4.0 remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected systems.
This article applies to
This article does not apply to
Impact
Critical
Details
| Third-Party Component | CVEs | More Information |
|---|---|---|
| avahi | CVE-2023-38470, CVE-2023-38473, CVE-2023-38472 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/  |
| binutils | CVE-2023-2828, CVE-2023-2911, CVE-2023-3341, CVE-2022-35205, CVE-2022-35206, CVE-2023-1972, CVE-2022-48065, CVE-2022-48063, CVE-2022-47696, CVE-2022-47695, CVE-2022-47673, CVE-2022-44840, CVE-2022-45703, CVE-2023-25588, CVE-2023-25585, CVE-2021-32256, CVE-2022-4285, CVE-2023-1579, CVE-2022-48064, CVE-2020-19726. | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| cares | CVE-2023-31124, CVE-2023-31130, CVE-2023-31147, CVE-2023-32067 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| ch.qos.logback_logback-core | CVE-2023-6378 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| com.fasterxml.jackson.core_jackson-databind | CVE-2023-35116 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| com.google.guava_guava | CVE-2023-2976, CVE-2020-8908 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| com.squareup.okio_okio | CVE-2023-3635 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| curl | CVE-2022-43551, CVE-2022-43552, CVE-2023-23914, CVE-2023-23915, CVE-2023-23916, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538, CVE-2023-38039, CVE-2023-38546, CVE-2022-32206 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| dbus | CVE-2023-34969 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| dmidecode | CVE-2023-30630 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| expat | CVE-2022-43680 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| freetype | CVE-2023-2004 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| gawk | CVE-2023-4156 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| github.com/ecies/go/v2 | CVE-2023-49292 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| github.com/prometheus/alertmanager | CVE-2023-40577 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| github.com/prometheus/client_golang | CVE-2022-21698 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| github.com/rancher/wrangler | CVE-2022-43756, CVE-2022-31249 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| github.com/russellhaering/goxmldsig | CVE-2020-7731 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| glib2 | CVE-2023-24593, CVE-2023-25180 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| glibc | CVE-2023-0687, CVE-2023-4813 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| gnupg2 | CVE-2022-34903 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| gnutls | CVE-2023-0361, CVE-2022-2509 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| go | CVE-2023-39319, CVE-2023-39318, CVE-2023-39323, CVE-2023-24539, CVE-2022-41716, CVE-2022-28327, CVE-2022-30629, CVE-2022-30631, CVE-2023-24536, CVE-2023-29409, CVE-2022-41725, CVE-2022-24675, CVE-2022-32189, CVE-2023-29404, CVE-2022-30633, CVE-2022-2879, CVE-2022-30580, CVE-2022-1705, CVE-2023-24538, CVE-2023-24532, CVE-2022-30630, CVE-2022-32148, CVE-2023-29400, CVE-2022-2880, CVE-2023-29406, CVE-2022-28131, CVE-2023-29405, CVE-2022-41724, CVE-2022-30632, CVE-2022-30635, CVE-2023-39533, CVE-2023-29403, CVE-2022-1962, CVE-2023-24534, CVE-2023-29402, CVE-2023-24540, CVE-2022-41715, CVE-2023-24537, CVE-2022-29804, CVE-2022-30634, CVE-2023-46324, CVE-2023-45287, CVE-2022-41722, CVE-2022-41720, CVE-2023-39321, CVE-2023-39322, CVE-2023-39320 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc | CVE-2023-47108 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp | CVE-2023-45142 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| golang.org/x/crypto | CVE-2022-27191, CVE-2021-43565 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| golang.org/x/net | CVE-2023-44487, CVE-2022-41723, CVE-2022-27664, CVE-2021-33194 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| golang.org/x/net/http2 | CVE-2022-41717, CVE-2021-44716 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| golang.org/x/sys/unix | CVE-2022-29526 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| golang.org/x/text | CVE-2022-32149, CVE-2021-38561 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| gopkg.in/yaml.v3 | CVE-2022-28948 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Grafana | CVE-2023-3128, CVE-2023-2183, CVE-2023-2801, CVE-2023-22462, CVE-2022-32275 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| grub2 | CVE-2023-4692, CVE-2023-4693 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| helm.sh/helm/v3 | CVE-2023-25165 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| io.netty_netty-all | CVE-2023-34462 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| k8s.io/client-go/transport | CVE-2019-11250 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| k8s.io/kubernetes | CVE-2023-5528 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| kernel-default | CVE-2022-36280, CVE-2022-38096, CVE-2023-0045, CVE-2023-0461, CVE-2023-0597, CVE-2023-22995, CVE-2023-23559, CVE-2023-26545, CVE-2022-3523, CVE-2023-1075, CVE-2023-1076, CVE-2023-1078, CVE-2023-1095, CVE-2023-1118, CVE-2023-22998, CVE-2023-23000, CVE-2023-23004, CVE-2023-25012, CVE-2023-28328, CVE-2017-5753, CVE-2022-4744, CVE-2023-0394, CVE-2023-1281, CVE-2023-1513, CVE-2023-1582, CVE-2023-1611, CVE-2023-1637, CVE-2023-1652, CVE-2023-1838, CVE-2023-23001, CVE-2023-28327, CVE-2023-28464, CVE-2023-28466, CVE-2022-2196, CVE-2023-0386, CVE-2023-1670, CVE-2023-1855, CVE-2023-1989, CVE-2023-1990, CVE-2023-1998, CVE-2023-2008, CVE-2023-2019, CVE-2023-2176, CVE-2023-2235, CVE-2023-23006, CVE-2023-30772, CVE-2022-4269, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2023-1079, CVE-2023-1380, CVE-2023-1382, CVE-2023-2002, CVE-2023-2124, CVE-2023-2156, CVE-2023-2162, CVE-2023-2269, CVE-2023-2483, CVE-2023-2513, CVE-2023-28410, CVE-2023-3006, CVE-2023-30456, CVE-2023-31084, CVE-2023-31436, CVE-2023-32233, CVE-2023-33288, CVE-2023-1077, CVE-2023-1249, CVE-2023-1829, CVE-2023-21102, CVE-2023-3090, CVE-2023-3111, CVE-2023-3141, CVE-2023-3161, CVE-2023-3212, CVE-2023-3357, CVE-2023-3358, CVE-2023-3389, CVE-2023-35788, CVE-2023-35823, CVE-2023-35828, CVE-2023-35829, CVE-2023-20593, CVE-2023-2985, CVE-2023-3117, CVE-2023-31248, CVE-2023-3390, CVE-2023-35001, CVE-2023-3812, CVE-2022-40982, CVE-2023-0459, CVE-2023-20569, CVE-2023-21400, CVE-2023-2166, CVE-2023-31083, CVE-2023-3268, CVE-2023-3567, CVE-2023-3609, CVE-2023-3611, CVE-2023-3776, CVE-2023-4004, CVE-2023-2007, CVE-2023-20588, CVE-2023-34319, CVE-2023-3610, CVE-2023-37453, CVE-2023-3772, CVE-2023-3863, CVE-2023-4128, CVE-2023-4133, CVE-2023-4134, CVE-2023-4147, CVE-2023-4194, CVE-2023-4273, CVE-2023-4387, CVE-2023-4459, CVE-2023-4569, CVE-2023-1192, CVE-2023-1206, CVE-2023-1859, CVE-2023-2177, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-4155, CVE-2023-42753, CVE-2023-42754, CVE-2023-4389, CVE-2023-4563, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921, CVE-2023-5345, CVE-2023-2006, CVE-2023-25775, CVE-2023-39197, CVE-2023-39198, CVE-2023-4244, CVE-2023-45863, CVE-2023-45871, CVE-2023-46862, CVE-2023-5158, CVE-2023-5717, CVE-2023-6039, CVE-2023-6176, CVE-2023-2163, CVE-2023-31085, CVE-2023-34324, CVE-2023-3777, CVE-2023-39189, CVE-2023-5178 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| krb5 | CVE-2022-42898, CVE-2023-36054 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| less | CVE-2022-46663 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libcap2 | CVE-2023-2602, CVE-2023-2603 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libcom_err | CVE-2022-1304 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libcurl | CVE-2022-35252, CVE-2022-32208 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libeconf0 | CVE-2023-22652, CVE-2023-30079, CVE-2023-30078, CVE-2023-32181 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libfastjson4 | CVE-2020-12762 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libgcc | CVE-2023-4039 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libgnutls | CVE-2023-5981 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libksba8 | CVE-2022-47629 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libldap | CVE-2023-2953 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libncurses | CVE-2023-29491, CVE-2023-50495 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libnghttp2-14 | CVE-2023-35945 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libopenssl | CVE-2023-5678 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libpcre2 | CVE-2022-41409 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libprocps7 | CVE-2023-4016 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libruby | CVE-2021-33621, CVE-2021-41817, CVE-2023-28755, CVE-2023-28756 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libsqlite3 | CVE-2022-46908, CVE-2023-2137 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libssh2 | CVE-2020-22218 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libsystemd0 | CVE-2022-3821 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libtasn1 | CVE-2021-46848 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libxml2 | CVE-2023-28484, CVE-2023-29469, CVE-2023-39615, CVE-2016-3709, CVE-2022-40304, CVE-2022-40303 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libyajl | CVE-2023-33460 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| libzstd1 | CVE-2022-4899 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| login_defs | CVE-2023-29383, CVE-2023-4641 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| openssh | CVE-2023-48795, CVE-2022-1292, CVE-2022-2068, CVE-2022-4304, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-3446, CVE-2023-3817 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| openssl-libs | CVE-2022-4450, CVE-2022-2097 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| openssh | CVE-2023-38408 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| org.apache.commons_commons-compress | CVE-2023-42503 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| org.apache.logging.log4j_log4j | CVE-2020-9488 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| org.apache.santuario_xmlsec | CVE-2023-44483 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| org.bitbucket.b_c_jose4j | CVE-2023-31582 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| org.json_json | CVE-2023-5072, CVE-2022-45688 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| org.xerial.snappy_snappy-java | CVE-2023-43642 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| perl-base | CVE-2023-31484 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| pip | CVE-2023-5752 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| python | CVE-2023-27043, CVE-2023-40217, CVE-2023-43804, CVE-2023-24329, CVE-2022-45061, CVE-2023-34049, CVE-2023-45803, CVE-2022-40897, CVE-2023-45322 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Python3-certifi | CVE-2022-23491 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| python3-cryptography | CVE-2023-23931, CVE-2023-49083 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| python3-py | CVE-2022-42969 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| python3-request | CVE-2023-32681 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| runc | CVE-2023-25809, CVE-2023-27561, CVE-2023-28642, CVE-2022-1996 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| snappy-java | CVE-2023-34455, CVE-2023-34454, CVE-2023-34453 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| spring-security-core | CVE-2023-34035, CVE-2023-34034 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| sqlite | CVE-2020-35525, CVE-2020-35527 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| sudo | CVE-2023-27320, CVE-2023-28486, CVE-2023-28487 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| systemd | CVE-2023-26604, CVE-2022-4415 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| tar | CVE-2022-48303, CVE-2023-39804 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| Vim | CVE-2023-4781, CVE-2023-4752, CVE-2023-4750, CVE-2023-4733, CVE-2023-4738, CVE-2023-4735, CVE-2023-4734, CVE-2023-2609, CVE-2023-2426, CVE-2023-2610, CVE-2023-5535, CVE-2023-1127, CVE-2023-1264, CVE-2023-1355 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| xen-libs | CVE-2023-34322, CVE-2023-34325, CVE-2023-34326, CVE-2023-34327, CVE-2023-34328, CVE-2023-46835, CVE-2023-46836 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
| zlib | CVE-2023-45853, CVE-2022-37434 | See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
Affected Products & Remediation
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Dell Object Scale | Versions prior to 1.4.0 | Version 1.4.0 |
https://www.dell.com/support/home/product-support/product/objectscale/drivers |
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Dell Object Scale | Versions prior to 1.4.0 | Version 1.4.0 |
https://www.dell.com/support/home/product-support/product/objectscale/drivers |
Dell Technologies recommends all customers have their ObjectScale systems upgraded at their earliest opportunity by referring to the Upgrade section from the admin guide available at: https://www.dell.com/support/home/product-support/product/objectscale/docs
Workarounds & Mitigations
None
Revision History
| Revision | Date | Description |
| 1.0 | 2024-04-24 | Initial Release |
| 2.0 | 2024-04-24 | Updated for enhanced presentation with no changes to content |