A safety alert issued for Red Hat OpenStack has acquired an replace from BSI. You can examine which merchandise are affected by safety holes right here at information.de.
Federal workplace for Security in Information Technology (BSI) has revealed a safety advisory for Red Hat OpenStack on May 22, 2024. Several vulnerabilities have been present in using this software program that make it potential to assault. The safety vulnerability impacts the UNIX working system and the Red Hat OpenStack product. The following alert was final up to date on May 23, 2024.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability could be discovered right here: Red Hat Security Advisory RHSA-2024:3352 (From 23 May 2024). Some helpful hyperlinks are listed later on this article.
Multiple vulnerabilities have been reported for Red Hat OpenStack – Risk: reasonable
Risk stage: 3 (reasonable)
CVSS Base Score: 7.5
CVSS provisional rating: 6.5
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of safety vulnerabilities in pc programs. The CVSS customary makes it potential to check potential or precise safety dangers primarily based on varied metrics as a way to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. For short-term impact, body situations that will change over time are thought-about within the take a look at. According to CVSS, the present vulnerability is assessed as “reasonable” with 7.5 foundation factors.
Red Hat OpenStack Bug: Vulnerability and CVE numbers
Red Hat OpenStack is a set of companies for offering cloud computing within the type of Infrastructure as a Service (IaaS).
A distant, unknown attacker can exploit quite a few vulnerabilities in Red Hat OpenStack to bypass safety measures, trigger a denial of service, expose delicate data, and modify knowledge.
Vulnerabilities are recognized by CVE (Common Vulnerabilities and Exposures) ID numbers. CVE-2024-1135, CVE-2023-39325, CVE-2023-44487, CVE-2023-45288, CVE-2024-4438, CVE-2023-39326, CVE-2023-4532872, CVE-2023-453284, CVE-2023-453284 2024-4438 2024-24680, CVE-2024-1141, CVE-2023-45803, CVE-2023-48795, CVE-2023-6725, CVE-2023-6110 and CVE-2024-22195 on the market.
Systems affected by the safety hole at a look
working system
UNIX
Products
Red Hat OpenStack 16.2 (cpe:/a:redhat:openstack)
Red Hat OpenStack
General steps for coping with IT vulnerabilities
- Users of affected programs ought to keep up-to-date. When safety holes are identified, producers are required to repair them shortly by growing a patch or workaround. When new safety updates can be found, set up them instantly.
- For data, see the sources listed within the subsequent part. This usually incorporates extra details about the newest model of the software program in query and the provision of safety patches or efficiency ideas.
- If you might have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to test each time a producing firm makes a brand new safety replace accessible.
Manufacturer details about updates, patches and workarounds
Here one can find some hyperlinks with details about bug experiences, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:3352 vom 2024-05-23 (23.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2769 vom 2024-05-22 (22.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2737 vom 2024-05-22 (22.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2770 vom 2024-05-22 (22.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2736 vom 2024-05-22 (22.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2768 vom 2024-05-22 (22.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2735 vom 2024-05-22 (22.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2734 vom 2024-05-22 (22.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2733 vom 2024-05-22 (22.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2732 vom 2024-05-22 (22.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2731 vom 2024-05-22 (22.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2767 vom 2024-05-22 (22.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2730 vom 2024-05-22 (22.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2729 vom 2024-05-22 (22.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2727 vom 2024-05-22 (22.05.2024)
For extra data, see:
Version historical past of this safety alert
This is model 2 of this Red Hat OpenStack IT Security Notice. If additional updates are introduced, this doc will probably be up to date. You can see the adjustments made utilizing the model historical past under.
May 22, 2024 – First model
05/23/2024 – New updates from Red Hat have been added
+++ Editorial word: This doc relies on present BSI knowledge and will probably be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here one can find sizzling information, present movies and a direct line to the editorial crew.
kns/roj/information.de