Upstream Operating Software got fixed

vProxy is an online appliance that is used to recover and protect VMware virtual machines

There have been detected two critical bugs in vProxy to which Fell has issued patches. This way they have found a fix against bugs for their upstream Linux operating system.

vProxy inherits bugs from the upstream operating system and its utilities as it runs on Linux. Considering this situation, Dell has announced 25 patches for these bugs.

CV-2022-1586 and CV-2022-29155 are the most critical bugs in Linux Operating system. CV-2022-29155 is SQL related problem in OpenLDAPv2.x. This problem seems to be in the experimental back-sql backend to slpd. This means that this can occur in LDAP queries via SQL statements. Due to a lack of proper escaping, this bug can occur during LDAP search operations when there is no search filter.

The other CV-2022-1586 is out of bound read problem for which Dell issued patches. This is a Unicode problem that occurs in JIT-compiled regular expressions.

There are two more severe bugs that are CV-2022-1271 and CV-2022-1304. There is an arbitrary code execution that occurs due to a segmentation fault. In this arbitrary code execution there occurs file system utility e2fsprogs which is linked to CV-2022- 1304.   

CV-2022-1271 occurs in zgrep. This is a GNU utility that allows string searches to access compressed files and zgreg bug attacks. According to zpreg advisory, when a searcher is being attacked by zpreg then the bug overwrites the file to an arbitrary-attacked file. Due to this flaw, the attacker is forced by zpreg to write the files in arbitrary files on his devices.

DELL has introduced fixes for 16 bugs which include patches for lower impact, Jenkins, Libxml2 and fixes for curls. By introducing these patches Dell has saved clients from many disasters which could have occurred due to hackers.