As the BSI stories, the IT safety warning relating to a recognized vulnerability for Red Hat Developer Toolset has acquired an replace. You can learn an outline of the safety gaps together with the most recent updates and details about the affected Linux working programs and merchandise right here.
The Federal Office for Security in Information Technology (BSI) launched an replace on May 13, 2024 to a safety gap with a number of vulnerabilities for Red Hat Developer Toolset that grew to become recognized on January 13, 2020. The safety vulnerability impacts the Linux working system in addition to the merchandise Debian Linux, Amazon Linux 2, Red Hat Enterprise Linux and Red Hat Developer Toolset.
The newest producer suggestions relating to updates, workarounds and safety patches for this vulnerability might be discovered right here: Amazon Linux Security Advisory ALAS-2024-1938 (As of May 13, 2024). Other helpful hyperlinks are listed later on this article.
Multiple vulnerabilities for Red Hat Developer Toolset – Risk: medium
Risk stage: 4 (medium)
CVSS Base Score: 7,5
CVSS Temporal Score: 6,5
Remoteangriff: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of pc programs. The CVSS customary makes it potential to check potential or precise safety vulnerabilities based mostly on numerous standards with a purpose to higher prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “essential” are used to find out the severity ranges of a vulnerability. The Base Score evaluates the necessities for an assault (together with authentication, complexity, privileges, person interplay) and its penalties. With the temporal rating, framework circumstances that may change over time are taken under consideration within the analysis. The severity of the vulnerability mentioned right here is classed as “medium” in accordance with the CVSS with a base rating of seven.5.
Red Hat Developer Toolset Bug: Summary of recognized vulnerabilities
The Red Hat Developer Toolset consists of open supply growth functions and permits builders to compile their software program as soon as and deploy it to any Red Hat Enterprise Linux.
A distant, nameless attacker may exploit a number of vulnerabilities in Red Hat Developer Toolset to bypass safety or trigger a denial of service.
The vulnerability is recognized with the distinctive CVE (Common Vulnerabilities and Exposures) identification numbers. CVE-2019-16276 and CVE-2019-17596 traded.
Systems affected by the safety hole at a look
working system
Linux
Products
Debian Linux (cpe:/o:debian:debian_linux)
Amazon Linux 2 (cpe:/o:amazon:linux_2)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Red Hat Developer Toolset (cpe:/a:redhat:developer_toolset)
General measures for coping with IT safety gaps
Users of the affected functions ought to maintain them updated. When safety gaps turn out to be recognized, producers are required to repair them as shortly as potential by growing a patch or a workaround. If safety patches can be found, set up them promptly. For info, seek the advice of the sources listed within the subsequent part. These usually comprise additional details about the most recent model of the software program in query in addition to the provision of safety patches or details about workarounds. If you may have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to repeatedly test when the manufacturing firm makes a brand new safety replace obtainable.
Sources of updates, patches and workarounds
Here you will discover additional hyperlinks with details about bug stories, safety fixes and workarounds.
Amazon Linux Security Advisory ALAS-2024-1938 vom 2024-05-13 (13.05.2024)
For extra info, see:
Debian Security Advisory DLA-2592 vom 2021-03-13 (14.03.2021)
For extra info, see:
Debian Security Advisory DLA-2591 vom 2021-03-13 (14.03.2021)
For extra info, see:
Arista Security Advisory 0046 (23.03.2020)
For extra info, see:
Red Hat Security Advisory RHSA-2020:0652 vom 2020-03-05 (05.03.2020)
For extra info, see:
Red Hat Security Advisory RHSA-2020:0329 vom 2020-02-04 (03.02.2020)
For extra info, see:
RedHat Security Advisory vom 2020-01-13 (13.01.2020)
For extra info, see:
Version historical past of this safety alert
This is the sixth model of this IT safety advisory for Red Hat Developer Toolset. If additional updates are introduced, this article will be up to date. You can examine adjustments or additions on this model historical past.
January 13, 2020 – Initial model
02/03/2020 – New updates from Red Hat added
03/05/2020 – New updates from Red Hat added
March 23, 2020 – New updates added
03/14/2021 – New updates from Debian added
May 13, 2024 – New updates from Amazon added
+++ Editorial word: This textual content was generated based mostly on present BSI knowledge and will likely be up to date in a data-driven method relying on the warning state of affairs. We settle for suggestions and feedback at [email protected]. +++
observe News.de already at Facebook, Twitter, Pinterest and YouTube? Here you will discover scorching information, present movies and a direct line to the editorial crew.
kns/roj/information.de