DSA-2024-238: Security Update for Dell Cloud Tiering Appliance for Multiple Third-Party Vulnerabilities
Summary: Dell Cloud Tiering Appliance remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Impact
High
Details
| Third-party Component | CVEs | More Information |
|---|---|---|
| Kernel-default | CVE-2021-33631, CVE-2023-46838, CVE-2023-47233, CVE-2023-4921, CVE-2023-51043, CVE-2023-51780, CVE-2023-51782, CVE-2023-6040, CVE-2023-6356,CVE-2023-6535, CVE-2023-6536, CVE-2023-6915, CVE-2024-0565, CVE-2024-0775, CVE-2024-1086, CVE-2019-25162, CVE-2020-36777, CVE-2020-36784, CVE-2021-46904, CVE-2021-46905, CVE-2021-46906, CVE-2021-46915, CVE-2021-46924, CVE-2021-46929, CVE-2021-46932, CVE-2021-46934, CVE-2021-46953, CVE-2021-46964, CVE-2021-46966, CVE-2021-46974, CVE-2021-46989, CVE-2021-47005, CVE-2021-47012, CVE-2021-47013, CVE-2021-47054, CVE-2021-47060, CVE-2021-47061, CVE-2021-47069, CVE-2021-47076, CVE-2021-47078, CVE-2021-47083, CVE-2022-20154, CVE-2022-48627, CVE-2023-28746, CVE-2023-35827, CVE-2023-46343,CVE-2023-51042, CVE-2023-52340, CVE-2023-52429, CVE-2023-52439, CVE-2023-52443, CVE-2023-52445, CVE-2023-52448, CVE-2023-52449, CVE-2023-52451, CVE-2023-52463, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52502, CVE-2023-52530, CVE-2023-52531, CVE-2023-52532, CVE-2023-52569, CVE-2023-52574, CVE-2023-52597, CVE-2023-52605, CVE-2024-0340, CVE-2024-0607, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26586, CVE-2024-26589, CVE-2024-26593, CVE-2024-26595, CVE-2024-26602,CVE-2024-26607,CVE-2024-26622 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/  |
| libssh | CVE-2019-14889, CVE-2020-16135, CVE-2020-1730, CVE-2021-3634, CVE-2023-1667, CVE-2023-2283, CVE-2023-48795, CVE-2023-6004, CVE-2023-6918 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| postgresql | CVE-2024-0985 |
https://nvd.nist.gov/vuln/detail/CVE-2024-0985 |
| mozilla-nss | CVE-2023-5388 | https://nvd.nist.gov/vuln/detail/CVE-2023-5388 |
| openssh | CVE-2023-51385 | https://nvd.nist.gov/vuln/detail/CVE-2023-51385 |
| giflib | CVE-2021-40633, CVE-2022-28506, CVE-2023-48161 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| cpio | CVE-2023-7207 | https://nvd.nist.gov/vuln/detail/CVE-2023-7207 |
| openssl | CVE-2024-0727 | https://nvd.nist.gov/vuln/detail/CVE-2024-0727 |
| python3 | CVE-2023-6597 | https://nvd.nist.gov/vuln/detail/CVE-2023-6597 |
| gnutls | CVE-2023-5981, CVE-2024-0553 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| vim | CVE-2023-4750, CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2024-22667 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| sudo | CVE-2023-42465 | https://nvd.nist.gov/vuln/detail/CVE-2023-42465 |
| gdb | CVE-2017-16829, CVE-2018-7208, CVE-2022-48064 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| krb5 | CVE-2024-26458, CVE-2024-26461 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| util-linux | CVE-2024-28085 | https://nvd.nist.gov/vuln/detail/CVE-2024-28085 |
| nghttp2 | CVE-2024-28182 | https://nvd.nist.gov/vuln/detail/CVE-2024-28182 |
| less | CVE-2022-48624, CVE-2024-32487 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| java-11-openjdk | CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| sssd | CVE-2023-3758 | https://nvd.nist.gov/vuln/detail/CVE-2023-3758 |
Affected Products & Remediation
| Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| Cloud Tiering Appliance | CTA and CTA-HA | Versions prior to 13.2.0.2.29 | Version 13.2.0.2.29 | https://www.dell.com/support/home/product-support/product/cloud-tiering-appliance/drivers |
| Cloud Tiering Appliance | CTA/VE and CTA-HA/VE | Versions prior to 13.2.0.2.29 | Version 13.2.0.2.29 | https://www.dell.com/support/home/product-support/product/cloud-tiering-appliance/drivers |
| Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| Cloud Tiering Appliance | CTA and CTA-HA | Versions prior to 13.2.0.2.29 | Version 13.2.0.2.29 | https://www.dell.com/support/home/product-support/product/cloud-tiering-appliance/drivers |
| Cloud Tiering Appliance | CTA/VE and CTA-HA/VE | Versions prior to 13.2.0.2.29 | Version 13.2.0.2.29 | https://www.dell.com/support/home/product-support/product/cloud-tiering-appliance/drivers |
Revision History
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-05-30 | Initial Release |
| 2.0 | 2024-08-05 | Corrected the link |
Related Information
Legal Disclaimer
Affected Products
Cloud Tiering Appliance, Cloud Tiering Appliance Platform, Cloud Tiering Appliance/VEArticle Properties
Article Number: 000225431
Article Type: Dell Security Advisory
Last Modified: 05 Aug 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.
Article Properties
Article Number: 000225431
Article Type: Dell Security Advisory
Last Modified: 05 Aug 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.