As BSI reviews, an IT safety warning a few recognized QEMU vulnerability has acquired an replace. You can discover out what involved customers ought to take note of right here.
Federal Office for Security in Information Technology (BSI) issued an replace on May 21, 2024 for the QEMU safety vulnerability recognized on January 14, 2024. The safety vulnerability impacts the Linux working system and merchandise Red Hat Enterprise Linux, SUSE Linux, Oracle Linux, Open Source QEMU and RESF Rocky Linux.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability may be discovered right here: Red Hat Security Advisory RHSA-2024:2962 (From 22 May 2024). Some helpful assets are listed later on this article.
QEMU safety discover – Vulnerability: average
Risk stage: 3 (average)
CVSS Base Score: 6.5
CVSS provisional rating: 5,7
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of laptop programs. The CVSS customary makes it attainable to match potential or precise safety dangers primarily based on numerous standards to be able to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of the vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. Temporal scores additionally keep in mind adjustments over time within the threat state of affairs. The severity of the vulnerability mentioned right here is assessed as “average” in keeping with the CVSS with a base rating of 6.5.
QEMU bug: A vulnerability permits a denial of service
QEMU is free emulator software program that emulates all elements of a pc.
A distant, licensed attacker may exploit a vulnerability in QEMU to carry out a denial of service assault.
Vulnerabilities have been categorized utilizing the CVE (Common Vulnerabilities and Exposures) reference system for every serial quantity CVE-2023-6683.
Systems affected by the QEMU vulnerability at a look
working system
Linux
Products
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
SUSE Linux (cpe:/o:use:suse_linux)
Oracle Linux (cpe:/o:oracle:linux)
QEMU open supply (cpe:/a:qemu:qemu)
RESF Rocky Linux (cpe:/o:resf:rocky_linux)
General steps for coping with IT vulnerabilities
- Users of affected programs ought to keep up-to-date. When safety holes are recognized, producers are required to repair them rapidly by growing a patch or workaround. If safety patches can be found, set up them instantly.
- For info, see the sources listed within the subsequent part. This typically incorporates further details about the most recent model of the software program in query and the supply of safety patches or efficiency suggestions.
- If you will have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to test each time a producing firm makes a brand new safety replace obtainable.
Sources for updates, patches and workarounds
Here you will discover some hyperlinks with details about bug reviews, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:2962 vom 2024-05-22 (21.05.2024)
For extra info, see:
Rocky Linux Security Advisory RLSA-2024:2135 vom 2024-05-10 (12.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2135 vom 2024-04-30 (29.04.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1438-1 vom 2024-04-26 (25.04.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1394-1 vom 2024-04-23 (23.04.2024)
For extra info, see:
Oracle Linux Security Advisory ELSA-2024-12276 vom 2024-04-10 (10.04.2024)
For extra info, see:
Red Hat Bugzilla – Bug 2254825 (14.01.2024)
For extra info, see:
RedHat Customer Portal vom 2024-01-14 (14.01.2024)
For extra info, see:
GitHub Advisory Database vom 2024-01-14 (14.01.2024)
For extra info, see:
Version historical past of this safety alert
This is model 7 of this QEMU IT safety discover. If additional updates are introduced, this doc can be up to date. You can examine adjustments or additions on this model historical past.
January 14, 2024 – First model
April 10, 2024 – New updates for Oracle Linux have been added
April 23, 2024 – New updates from SUSE added
April 25, 2024 – New updates from SUSE added
April 29, 2024 – New updates from Red Hat have been added
May 12, 2024 – New updates from the Rocky Enterprise Software Foundation have been added
May 21, 2024 – New updates from Red Hat added
+++ Editorial notice: This doc is predicated on present BSI information and can be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you will discover scorching information, present movies and a direct line to the editorial workforce.
kns/roj/information.de