As BSI stories, an IT safety warning a couple of recognized GNU libc vulnerability has acquired an replace. You can learn how affected customers ought to behave right here.
Federal workplace for Security in Information Technology (BSI) printed an replace on May 23, 2024 for a safety vulnerability in GNU libc recognized on April 25, 2024. The safety vulnerability impacts the Linux working system and merchandise Debian Linux, Red Hat Enterprise Linux , SUSE Linux, Gentoo Linux, Open Source GNU libc and IBM MQ.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability could be discovered right here: Red Hat Security Advisory RHSA-2024:3339 (From 23 May 2024). Some helpful hyperlinks are listed later on this article.
Security advisory for GNU libc – Risk: reasonable
Risk degree: 3 (reasonable)
CVSS Base Score: 7.6
CVSS provisional rating: 6,6
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in pc techniques. The CVSS customary makes it attainable to match potential or precise safety dangers based mostly on numerous metrics to create a precedence listing for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. Temporal scores additionally keep in mind modifications over time within the danger scenario. The danger of the vulnerability talked about right here is classed as “reasonable” in line with the CVSS with a base rating of seven.6.
GNU libc bug: Multiple vulnerabilities permit a denial of service
GNU libc is the core C library beneath Linux and different Unix working techniques, which supplies system calls and primary performance.
A distant attacker can exploit a number of vulnerabilities in GNU libc to carry out a denial of service assault.
Vulnerabilities are numbered for every product utilizing the CVE (Common Vulnerabilities and Exposures) reference system. CVE-2024-33599, CVE-2024-33600, CVE-2024-33601 and CVE-2024-33602.
Systems affected by the safety hole at a look
working system
Linux
Products
Debian Linux (cpe:/o:debian:debian_linux)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
SUSE Linux (cpe:/o:use:suse_linux)
Gentoo Linux (cpe:/o:gentoo:linux)
Open Source GNU libc IBM MQ Operator IBM MQ Operator
General suggestions for coping with IT vulnerabilities
- Users of affected techniques ought to keep up-to-date. When safety holes are recognized, producers are required to repair them rapidly by growing a patch or workaround. When new safety updates can be found, set up them instantly.
- For info, see the sources listed within the subsequent part. This typically accommodates further details about the most recent model of the software program in query and the supply of safety patches or efficiency suggestions.
- If you’ve got any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to recurrently test the desired sources to see if a brand new safety replace is obtainable.
Sources for updates, patches and workarounds
Here you will discover some hyperlinks with details about bug stories, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:3339 vom 2024-05-23 (23.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:3344 vom 2024-05-24 (23.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:3312 vom 2024-05-23 (22.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:3309 vom 2024-05-23 (22.05.2024)
For extra info, see:
IBM Security Bulletin 7154630 vom 2024-05-22 (21.05.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1675-1 vom 2024-05-17 (16.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2799 vom 2024-05-09 (09.05.2024)
For extra info, see:
Gentoo Linux Security Advisory GLSA-202405-17 vom 2024-05-06 (06.05.2024)
For extra info, see:
Debian Security Advisory DSA-5678 vom 2024-05-03 (05.05.2024)
For extra info, see:
Red Hat bug tracker as of 2024-04-25 (25.04.2024)
For extra info, see:
Red Hat bug tracker as of 2024-04-25 (25.04.2024)
For extra info, see:
Red Hat bug tracker as of 2024-04-25 (25.04.2024)
For extra info, see:
Red Hat bug tracker as of 2024-04-25 (25.04.2024)
For extra info, see:
Version historical past of this safety alert
This is model 8 of this IT safety discover for GNU libc. This doc shall be up to date as extra updates are introduced. You can examine modifications or additions on this model historical past.
April 25, 2024 – First model
05/05/2024 – New updates from Debian added
May 6, 2024 – New updates from Gentoo added
May 9, 2024 – New updates from Red Hat have been added
May 16, 2024 – New updates from SUSE added
May 21, 2024 – New updates from IBM added
05/22/2024 – New updates from Red Hat have been added
05/23/2024 – New updates from Red Hat have been added
+++ Editorial word: This doc relies on present BSI knowledge and shall be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
comply with News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you will discover sizzling information, present movies and a direct line to the editorial crew.
kns/roj/information.de