Home » IT safety: Linux, MacOS X and UNIX are threatened – IT safety alert replace for Node.js (vulnerability: medium)

IT safety: Linux, MacOS X and UNIX are threatened – IT safety alert replace for Node.js (vulnerability: medium)

by admin
IT safety: Linux, MacOS X and UNIX are threatened – IT safety alert replace for Node.js (vulnerability: medium)

An IT safety alert replace for a identified vulnerability has been issued for Node.js. You can learn the outline of the safety holes together with the newest updates and details about the affected Linux, MacOS X and UNIX working methods and merchandise right here.

Federal workplace for Security in Information Technology (BSI) issued an replace on May 16, 2024 to a high-risk Node.js safety gap identified on April 3, 2024. The safety vulnerability impacts Linux, MacOS js functions.

The newest producer suggestions for updates, workarounds and safety patches for this vulnerability will be discovered right here: Oracle Linux Security Advisory ELSA-2024-2853 (From 17 May 2024). Some helpful hyperlinks are listed later on this article.

Multiple Node.js vulnerabilities – Risk: average

Risk stage: 3 (average)
CVSS Base Score: 7.5
CVSS provisional rating: 6.5
Remote management: Ja

The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of pc methods. The CVSS commonplace makes it potential to check potential or precise safety dangers based mostly on varied standards to create a precedence listing for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. For short-term impact, body circumstances which will change over time are thought of within the take a look at. According to CVSS, the present vulnerability is assessed as “average” with 7.5 foundation factors.

Node.js Bug: Impact of IT assaults

Node.js is a platform for growing community functions.

A distant, unknown attacker might exploit a number of vulnerabilities in Node.js to bypass safety measures or trigger a denial of service.

Vulnerabilities are recognized by CVE (Common Vulnerabilities and Exposures) ID numbers. CVE-2024-27982 and CVE-2024-27983 on the market.

See also  In Memoriam: John Warnock, Co-founder of Adobe and Pioneer of the PDF Format, Passes Away at 82

Systems affected by the Node.js vulnerability at a look

Operating methods
Linux, MacOS X, UNIX, Windows

Products
IBM Business Automation Workflow 21.0.2 (cpe:/a:ibm:business_automation_workflow)
IBM Business Automation Workflow 21.0.3 (cpe:/a:ibm:business_automation_workflow)
IBM Business Automation Workflow 22.0.1 (cpe:/a:ibm:business_automation_workflow)
IBM Business Automation Workflow 18.0.0.0 (cpe:/a:ibm:business_automation_workflow)
IBM Business Automation Workflow 18.0.0.1 (cpe:/a:ibm:business_automation_workflow)
IBM Business Automation Workflow 18.0.0.2 (cpe:/a:ibm:business_automation_workflow)
IBM Business Automation Workflow 19.0.0.1 (cpe:/a:ibm:business_automation_workflow)
IBM Business Automation Workflow 19.0.0.2 (cpe:/a:ibm:business_automation_workflow)
IBM Business Automation Workflow 19.0.0.3 (cpe:/a:ibm:business_automation_workflow)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Fedora Linux (cpe:/o:fedoraproject:fedora)
IBM Business Automation Workflow 20.0.0.1 (cpe:/a:ibm:business_automation_workflow)
IBM Business Automation Workflow 20.0.0.2 (cpe:/a:ibm:business_automation_workflow)
SUSE Linux (cpe:/o:use:suse_linux)
Oracle Linux (cpe:/o:oracle:linux)
IBM Business Automation Workflow 22.0.2 (cpe:/a:ibm:business_automation_workflow)
IBM Business Automation Workflow 23.0.1 (cpe:/a:ibm:business_automation_workflow)
IBM Business Automation Workflow 23.0.2 (cpe:/a:ibm:business_automation_workflow)
RESF Rocky Linux (cpe:/o:resf:rocky_linux)
IBM App Connect Enterprise (cpe:/a:ibm:app_connect_enterprise)
Open Source Node.js llhttp Open Source Node.js undici Open Source Node.js undici

General suggestions for coping with IT vulnerabilities

  1. Users of the affected apps ought to keep up-to-date. When safety holes are identified, producers are required to repair them rapidly by growing a patch or workaround. If safety patches can be found, set up them instantly.
  2. For data, see the sources listed within the subsequent part. This usually accommodates further details about the newest model of the software program in query and the provision of safety patches or efficiency ideas.
  3. If you’ve gotten any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to test each time a producing firm makes a brand new safety replace accessible.

Sources for updates, patches and workarounds

Here you will see some hyperlinks with details about bug reviews, safety fixes and workarounds.

Oracle Linux Security Advisory ELSA-2024-2853 vom 2024-05-17 (16.05.2024)
For extra data, see:

See also  Self-sufficient on the go: power banks, power stations & solar for gardens, outdoors & Co.

IBM Security Bulletin 7152858 vom 2024-05-16 (15.05.2024)
For extra data, see:

Red Hat Security Advisory RHSA-2024:2853 vom 2024-05-15 (15.05.2024)
For extra data, see:

Oracle Linux Security Advisory ELSA-2024-2779 vom 2024-05-15 (14.05.2024)
For extra data, see:

Oracle Linux Security Advisory ELSA-2024-2780 vom 2024-05-10 (12.05.2024)
For extra data, see:

IBM Security Bulletin 7150809 vom 2024-05-10 (09.05.2024)
For extra data, see:

Red Hat Security Advisory RHSA-2024:2778 vom 2024-05-09 (09.05.2024)
For extra data, see:

Rocky Linux Security Advisory RLSA-2024:2780 vom 2024-05-09 (09.05.2024)
For extra data, see:

Rocky Linux Security Advisory RLSA-2024:2779 vom 2024-05-09 (09.05.2024)
For extra data, see:

Red Hat Security Advisory RHSA-2024:2780 vom 2024-05-09 (09.05.2024)
For extra data, see:

Rocky Linux Security Advisory RLSA-2024:2778 vom 2024-05-09 (09.05.2024)
For extra data, see:

Red Hat Security Advisory RHSA-2024:2779 vom 2024-05-09 (09.05.2024)
For extra data, see:

Oracle Linux Security Advisory ELSA-2024-2778 vom 2024-05-09 (09.05.2024)
For extra data, see:

SUSE Security Update SUSE-SU-2024:1346-1 vom 2024-04-19 (21.04.2024)
For extra data, see:

SUSE Security Update SUSE-SU-2024:1355-1 vom 2024-04-19 (21.04.2024)
For extra data, see:

SUSE Security Update SUSE-SU-2024:1309-1 vom 2024-04-16 (16.04.2024)
For extra data, see:

SUSE Security Update SUSE-SU-2024:1305-1 vom 2024-04-16 (16.04.2024)
For extra data, see:

SUSE Security Update SUSE-SU-2024:1307-1 vom 2024-04-16 (16.04.2024)
For extra data, see:

SUSE Security Update SUSE-SU-2024:1306-1 vom 2024-04-16 (16.04.2024)
For extra data, see:

SUSE Security Update SUSE-SU-2024:1308-1 vom 2024-04-16 (16.04.2024)
For extra data, see:

SUSE Security Update SUSE-SU-2024:1301-1 vom 2024-04-16 (15.04.2024)
For extra data, see:

Fedora Security Advisory FEDORA-2024-2FFE03EAA6 vom 2024-04-11 (11.04.2024)
For extra data, see:

Fedora Security Advisory FEDORA-2024-F83B123D63 vom 2024-04-11 (11.04.2024)
For extra data, see:

Fedora Security Advisory FEDORA-2024-8DEAADD998 vom 2024-04-11 (11.04.2024)
For extra data, see:

Fedora Security Advisory FEDORA-2024-5DC487EE89 vom 2024-04-11 (11.04.2024)
For extra data, see:

Fedora Security Advisory FEDORA-2024-2F15E6E876 vom 2024-04-11 (11.04.2024)
For extra data, see:

See also  Hang Seng Index fell more than 1%, Xinneng Automobile and real estate stocks fell sharply, Ideal Auto fell more than 16%, CIFI Holdings fell 15%_Down_New Energy_Guide

Fedora Security Advisory FEDORA-2024-E28CCC9C17 vom 2024-04-11 (11.04.2024)
For extra data, see:

Fedora Security Advisory FEDORA-EPEL-2024-CE142428AF vom 2024-04-12 (11.04.2024)
For extra data, see:

Fedora Security Advisory FEDORA-2024-91BB4ED803 vom 2024-04-08 (08.04.2024)
For extra data, see:

Fedora Security Advisory FEDORA-2024-25B66392E2 vom 2024-04-08 (08.04.2024)
For extra data, see:

Node.js Security Release April 2024 vom 2024-04-03 (03.04.2024)
For extra data, see:

Version historical past of this safety alert

This is model 11 of this Node.js IT Security Notice. If additional updates are introduced, this doc will probably be up to date. You can see the adjustments made utilizing the model historical past under.

April 3, 2024 – First model
04/08/2024 – New updates from Fedora added
April 11, 2024 – Added new updates from Fedora
April 15, 2024 – New updates from SUSE added
April 16, 2024 – New updates from SUSE added
April 21, 2024 – New updates from SUSE added
May 9, 2024 – New updates from Oracle Linux, Red Hat, Rocky Enterprise Software Foundation, IBM and IBM-APAR added
May 12, 2024 – New Oracle Linux updates added
May 14, 2024 – New Oracle Linux updates added
May 15, 2024 – New updates from Red Hat have been added
May 16, 2024 – New Oracle Linux updates added

+++ Editorial word: This doc relies on present BSI information and will probably be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++

observe News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you will see sizzling information, present movies and a direct line to the editorial crew.

kns/roj/information.de

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy