As BSI stories, the IT safety alert, relating to the GNU libc vulnerability, has obtained an replace. You can examine which working techniques and merchandise are affected by the safety hole right here at information.de.
Federal workplace for Security in Information Technology (BSI) issued an replace on May 23, 2024 for a safety vulnerability in GNU libc identified on April 17, 2024. The safety vulnerability impacts Linux and UNIX working techniques and merchandise Debian Linux, Red Hat Enterprise Linux, Fedora Linux, Ubuntu Linux, SUSE Linux, Oracle Linux, Gentoo Linux, RESF Rocky Linux, Open Source GNU libc and IBM MQ.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability could be discovered right here: Red Hat Security Advisory RHSA-2024:3339 (From 23 May 2024). Some helpful sources are listed later on this article.
Security advisory for GNU libc – Risk: reasonable
Risk degree: 3 (reasonable)
CVSS Base Score: 7.5
CVSS provisional rating: 6.5
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of pc techniques. The CVSS commonplace makes it attainable to check potential or precise safety dangers based mostly on numerous standards to create a precedence checklist for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. Temporal scores additionally keep in mind modifications over time within the threat state of affairs. The severity of the vulnerability mentioned right here is assessed as “reasonable” in line with the CVSS with a base rating of seven.5.
GNU libc bug: Vulnerability allows denial of service
GNU libc is the core C library beneath Linux and different Unix working techniques, which supplies system calls and primary performance.
An attacker may exploit a vulnerability in GNU libc to carry out a denial of service assault.
Vulnerabilities had been categorised utilizing the CVE (Common Vulnerability and Exposure) designation system for every serial quantity CVE-2024-2961.
Systems affected by the safety hole at a look
Operating techniques
Linux, UNIX
Products
Debian Linux (cpe:/o:debian:debian_linux)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Fedora Linux (cpe:/o:fedoraproject:fedora)
Ubuntu Linux (cpe:/o:canonical:ubuntu_linux)
SUSE Linux (cpe:/o:use:suse_linux)
Oracle Linux (cpe:/o:oracle:linux)
Gentoo Linux (cpe:/o:gentoo:linux)
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4 (cpe:/o:redhat:enterprise_linux)
RESF Rocky Linux (cpe:/o:resf:rocky_linux)
Open Source GNU libc >=2.39 (cpe:/a:gnu:glibc)
IBM MQ Operator IBM MQ Operator
General suggestions for addressing IT safety gaps
- Users of the affected apps ought to keep up-to-date. When safety holes are identified, producers are required to repair them rapidly by creating a patch or workaround. When new safety updates can be found, set up them instantly.
- For info, see the sources listed within the subsequent part. This usually accommodates further details about the newest model of the software program in query and the supply of safety patches or efficiency ideas.
- If you’ve gotten any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to verify each time a producing firm makes a brand new safety replace out there.
Manufacturer details about updates, patches and workarounds
Here you can see some hyperlinks with details about bug stories, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:3339 vom 2024-05-23 (23.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:3309 vom 2024-05-23 (22.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:3312 vom 2024-05-23 (22.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:3269 vom 2024-05-22 (21.05.2024)
For extra info, see:
IBM Security Bulletin 7154630 vom 2024-05-22 (21.05.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1728-1 vom 2024-05-21 (21.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2941 vom 2024-05-21 (20.05.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1675-1 vom 2024-05-17 (16.05.2024)
For extra info, see:
Oracle Linux Security Advisory ELSA-2024-2722 vom 2024-05-09 (09.05.2024)
For extra info, see:
Rocky Linux Security Advisory RLSA-2024:2722 vom 2024-05-09 (09.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2799 vom 2024-05-09 (09.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2722 vom 2024-05-07 (06.05.2024)
For extra info, see:
Gentoo Linux Security Advisory GLSA-202405-17 vom 2024-05-06 (06.05.2024)
For extra info, see:
Debian Security Advisory DLA-3807 vom 2024-05-04 (05.05.2024)
For extra info, see:
Ubuntu Security Notice USN-6762-1 vom 2024-05-02 (02.05.2024)
For extra info, see:
Ubuntu Security Notice USN-6737-2 vom 2024-04-29 (29.04.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1375-1 vom 2024-04-22 (22.04.2024)
For extra info, see:
Ubuntu Security Notice USN-6737-1 vom 2024-04-18 (18.04.2024)
For extra info, see:
Fedora Security Advisory FEDORA-2024-F7AE5DF88D vom 2024-04-18 (17.04.2024)
For extra info, see:
Fedora Security Advisory FEDORA-2024-9BE1B94714 vom 2024-04-18 (17.04.2024)
For extra info, see:
GitHub Advisory Database (17.04.2024)
For extra info, see:
OSS Mailing List as of 2024-04-17 (17.04.2024)
For extra info, see:
Version historical past of this safety alert
This is model 13 of this GNU libc IT safety discover. If additional updates are introduced, this doc can be up to date. You can examine modifications or additions on this model historical past.
April 17, 2024 – First model
April 18, 2024 – Added new character updates
April 22, 2024 – New updates from SUSE added
April 29, 2024 – Added new character updates
May 2, 2024 – Added new character updates
05/05/2024 – New updates from Debian added
May 6, 2024 – New updates from Gentoo added
May 9, 2024 – New updates from Red Hat, Rocky Enterprise Software Foundation and Oracle Linux added
May 16, 2024 – New updates from SUSE added
May 20, 2024 – New updates from Red Hat have been added
May 21, 2024 – New updates from SUSE added
05/22/2024 – New updates from Red Hat have been added
05/23/2024 – New updates from Red Hat have been added
+++ Editorial word: This doc is predicated on present BSI knowledge and can be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
comply with News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you can see sizzling information, present movies and a direct line to the editorial staff.
kns/roj/information.de