The safety alert issued for the dock has obtained an replace from BSI. You can examine which merchandise are affected by safety holes right here at information.de.
Federal Office for Security in Information Technology (BSI) has issued an replace on May 21, 2024 to probably the most weak safety gap in docker recognized on January 31, 2024. The safety vulnerability impacts Linux, MacOS Networks Cortex XSOAR and Dell NetWorker working programs.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability may be discovered right here: Red Hat Security Advisory RHSA-2024:2988 (From 22 May 2024). Some helpful assets are listed later on this article.
Many docker vulnerabilities – vulnerability: excessive
Risk stage: 5 (excessive)
CVSS Base Score: 10.0
CVSS provisional rating: 8.7
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in laptop programs. The CVSS normal makes it doable to match potential or precise safety dangers based mostly on varied standards to create a precedence checklist for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of the vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. Temporal scores additionally take into consideration adjustments over time within the threat state of affairs. According to CVSS, the present vulnerability risk is rated as “excessive” on the idea of 10.0 factors.
docker bug: Summary of recognized vulnerabilities
Docker is an open supply software program that can be utilized to isolate purposes in containers utilizing working system virtualization.
A distant attacker can exploit quite a few vulnerabilities in Docker to raise privileges, trigger a denial of service, expose delicate info, bypass safety measures, or tamper with recordsdata.
Vulnerabilities are recognized by CVE (Common Vulnerabilities and Exposures) serial numbers. CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, CVE-2024-23653, CVE-2024-23650 and CVE-2024-24557 on the market.
Systems affected by the Docker vulnerability at a look
Operating programs
Linux, MacOS X, Windows
Products
Debian Linux (cpe:/o:debian:debian_linux)
Amazon Linux 2 (cpe:/o:amazon:linux_2)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Fedora Linux (cpe:/o:fedoraproject:fedora)
SUSE Linux (cpe:/o:use:suse_linux)
Oracle Linux (cpe:/o:oracle:linux)
RESF Rocky Linux (cpe:/o:resf:rocky_linux)
Docker Open Run Open Source Docker Open Source Docker Build Open Source Docker Moby Open Source Docker Moby Open Source Docker Source Desktop Red Hat Red Hat Platform Red Hat OpenShift Container Platform Red Hat Platform OpenShift Container Platform Red Hat OpenShift Container Platform Source open docker Desktop PaloAlto Networks Cortex XSOAR ( :/a:paloaltonetworks:cortex_xsoar )
Dell NetWorker
General suggestions for addressing IT safety gaps
- Users of the affected apps ought to keep up-to-date. When safety holes are recognized, producers are required to repair them rapidly by creating a patch or workaround. When new safety updates can be found, set up them instantly.
- For info, see the sources listed within the subsequent part. This usually comprises further details about the most recent model of the software program in query and the provision of safety patches or efficiency ideas.
- If you’ve gotten any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to test each time a producing firm makes a brand new safety replace accessible.
Manufacturer details about updates, patches and workarounds
Here you’ll discover some hyperlinks with details about bug experiences, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:2988 vom 2024-05-22 (21.05.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1469-1 vom 2024-04-29 (29.04.2024)
For extra info, see:
Dell Security Advisory DSA-2024-164 vom 2024-04-05 (04.04.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:0586-2 vom 2024-04-04 (04.04.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:1270 vom 2024-03-12 (12.03.2024)
For extra info, see:
Amazon Linux Security Advisory ALASDOCKER-2024-039 vom 2024-03-06 (05.03.2024)
For extra info, see:
Amazon Linux Security Advisory ALASNITRO-ENCLAVES-2024-039 vom 2024-03-06 (05.03.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2023:7201 vom 2024-02-28 (27.02.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:0587-1 vom 2024-02-22 (22.02.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:0586-1 vom 2024-02-22 (22.02.2024)
For extra info, see:
Palo Alto Networks Security Advisory PAN-SA-2024-0002 vom 2024-02-22 (21.02.2024)
For extra info, see:
Debian Security Advisory DLA-3735 vom 2024-02-19 (18.02.2024)
For extra info, see:
Oracle Linux Security Advisory ELSA-2024-0752 vom 2024-02-14 (14.02.2024)
For extra info, see:
Oracle Linux Security Advisory ELSA-2024-0748 vom 2024-02-15 (14.02.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:0459-1 vom 2024-02-13 (13.02.2024)
For extra info, see:
Rocky Linux Security Advisory RLSA-2024:0752 vom 2024-02-12 (12.02.2024)
For extra info, see:
Oracle Linux Security Advisory ELSA-2024-12148 vom 2024-02-10 (11.02.2024)
For extra info, see:
Oracle Linux Security Advisory ELSA-2024-17931 vom 2024-02-10 (11.02.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:0758 vom 2024-02-08 (08.02.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:0748 vom 2024-02-08 (08.02.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:0662 vom 2024-02-07 (08.02.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:0760 vom 2024-02-08 (08.02.2024)
For extra info, see:
Docker Desktop launch notes from 2024-02-08 (08.02.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:0682 vom 2024-02-08 (08.02.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:0645 vom 2024-02-07 (08.02.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:0666 vom 2024-02-08 (08.02.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:0759 vom 2024-02-08 (08.02.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:0757 vom 2024-02-08 (08.02.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:0764 vom 2024-02-08 (08.02.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:0756 vom 2024-02-08 (08.02.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:0752 vom 2024-02-08 (08.02.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:0684 vom 2024-02-09 (08.02.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:0755 vom 2024-02-09 (08.02.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:0717 vom 2024-02-07 (07.02.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:0328-1 vom 2024-02-05 (05.02.2024)
For extra info, see:
Oracle Linux Security Advisory ELSA-2024-0670 vom 2024-02-06 (05.02.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:0670 vom 2024-02-02 (04.02.2024)
For extra info, see:
Debian Security Advisory DSA-5615 vom 2024-02-04 (04.02.2024)
For extra info, see:
Fedora Security Advisory FEDORA-2024-9044C9EEFA vom 2024-02-01 (01.02.2024)
For extra info, see:
Fedora Security Advisory FEDORA-2024-900DC7F6FF vom 2024-02-01 (01.02.2024)
For extra info, see:
Docker Security Advisory vom 2024-01-31 (31.01.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:0294-1 vom 2024-02-01 (31.01.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:0295-1 vom 2024-02-01 (31.01.2024)
For extra info, see:
Version historical past of this safety alert
This is model 19 of this IT safety discover for the docket. This doc can be up to date as extra updates are introduced. You can examine adjustments or additions on this model historical past.
January 31, 2024 – First model
02/01/2024 – New updates from Fedora added
02/04/2024 – New updates from Debian and Red Hat have been added
02/05/2024 – New updates from Oracle Linux and SUSE have been added
02/07/2024 – New updates from Red Hat have been added
02/08/2024 – New updates from Red Hat have been added
02/11/2024 – New Oracle Linux updates added
02/12/2024 – New updates from the Rocky Enterprise Software Foundation have been added
02/13/2024 – New updates from SUSE added
02/14/2024 – New Oracle Linux updates added
02/18/2024 – New updates from Debian added
02/21/2024 – New updates from Palo Alto Networks added
02/22/2024 – New updates from SUSE added
02/27/2024 – New updates from Red Hat have been added
03/05/2024 – New updates from Amazon added
03/12/2024 – New updates from Red Hat have been added
April 4, 2024 – Added new updates from SUSE and Dell
April 29, 2024 – New updates from SUSE added
May 21, 2024 – New updates from Red Hat added
+++ Editorial word: This doc relies on present BSI information and can be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
comply with News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you’ll discover scorching information, present movies and a direct line to the editorial crew.
kns/roj/information.de