Home » IT Security: Juniper Appliance, Linux and UNIX Threats – IT Security Alert Update on OpenSSL (Risk: Medium)

IT Security: Juniper Appliance, Linux and UNIX Threats – IT Security Alert Update on OpenSSL (Risk: Medium)

by admin
IT Security: Juniper Appliance, Linux and UNIX Threats – IT Security Alert Update on OpenSSL (Risk: Medium)

The safety alert issued for OpenSSL has obtained an replace from BSI. You can examine which merchandise are affected by the safety hole right here at information.de.

Federal workplace for Security on Information Technology (BSI) revealed an replace on June 3, 2024 concerning the OpenSSL safety vulnerability identified on June 12, 2018. The safety vulnerability impacts Juniper Appliance, Linux, UNIX and Windows working techniques and merchandise Debian Linux, Juniper JUNOS, Red Hat Enterprise Linux, Ubuntu Linux, SUSE Linux, Oracle Linux, Oracle VM, Open Source OpenSSL, PaloAlto Networks PAN -OS , Tenable Security Nessus, HPE Fabric OS, Dell NetWorker and SolarWinds Platform.

The newest producer suggestions for updates, workarounds and safety patches for this vulnerability will be discovered right here: SolarWinds Platform 2024.2 launch notes (As of June 4, 2024). Some helpful assets are listed later on this article.

OpenSSL Security Notice – Risk: average

Risk degree: 3 (average)
CVSS Base Score: 6.5
CVSS provisional rating: 5,7
Remote management: Ja

The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in laptop techniques. The CVSS customary makes it doable to check potential or precise safety dangers primarily based on varied metrics so as to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. For momentary impact, body circumstances which will change over time are thought of within the check. According to CVSS, the chance of the vulnerability talked about right here is rated as “average” with 6.5 foundation factors.

OpenSSL bug: A vulnerability allows a denial of service

OpenSSL is a freely accessible supply code library that implements Secure Sockets Layer (SSL) and Transport Layer Security (TLS).

A distant, unknown attacker may exploit a vulnerability in OpenSSL to conduct a denial of service assault.

Vulnerabilities had been categorised utilizing the CVE (Common Vulnerabilities and Exposures) reference system for every serial quantity CVE-2018-0732.

Systems affected by the OpenSSL safety vulnerability at a look

Operating techniques
Juniper Appliance, Linux, UNIX, Windows

Products
Debian Linux (cpe:/o:debian:debian_linux)
Juniper JUNOS (cpe:/o:juniper:junos)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Ubuntu Linux (cpe:/o:canonical:ubuntu_linux)
SUSE Linux (cpe:/o:use:suse_linux)
Oracle Linux (cpe:/o:oracle:linux)
Oracle VM (cpe:/a:oracle:vm)
Open Source Open Source OpenSSL OpenSSL PaloAlto Networks PAN-OS Tenable Security Nessus HPE Fabric OS (cpe:/o:hpe:fabric_os)
HPE Fabric OS (cpe:/o:hpe:fabric_os)
Dell NetWorker SolarWinds Platform

See also  Ok, Isy, Koenic, Peaq: Media Markt Saturn's own brands

General suggestions for coping with IT vulnerabilities

  1. Users of the affected apps ought to keep up-to-date. When safety holes are identified, producers are required to repair them shortly by growing a patch or workaround. If safety patches can be found, set up them instantly.
  2. For info, see the sources listed within the subsequent part. This typically comprises extra details about the most recent model of the software program in query and the supply of safety patches or efficiency suggestions.
  3. If you’ve any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to repeatedly verify if IT safety alert Affected producers present a brand new safety replace.

Sources for updates, patches and workarounds

Here you’ll find some hyperlinks with details about bug experiences, safety fixes and workarounds.

SolarWinds Platform 2024.2 launch notes vom 2024-06-04 (03.06.2024)
For extra info, see:

Dell Knowledge Base Article (25.01.2024)
For extra info, see:

HPE SECURITY BULLETIN HPESBST04367 rev.1 vom 2022-09-21 (20.09.2022)
For extra info, see:

Brocade Security Advisory BSA-2022-627 vom 2022-09-14 (13.09.2022)
For extra info, see:

Oracle Linux Security Advisory ELSA-2022-9272 vom 2022-04-08 (10.04.2022)
For extra info, see:

Oracle Linux Security Advisory ELSA-2021-9150 vom 2021-04-01 (31.03.2021)
For extra info, see:

Pulse Secure Security Advisory SA44073 vom 2020-06-23 (23.06.2020)
For extra info, see:

Juniper Security Advisory JSA10990 vom 2020-01-08 (08.01.2020)
For extra info, see:

Oracle Linux Security Advisory ELSA-2019-4747 vom 2019-08-16 (18.08.2019)
For extra info, see:

Oraclevm-errata OVMSA-2019-0040 vom 2019-08-15 (15.08.2019)
For extra info, see:

Oracle Linux Security Advisory ELSA-2019-2471 vom 2019-08-14 (13.08.2019)
For extra info, see:

Red Hat Security Advisory RHSA-2019:1543 vom 2019-06-19 (18.06.2019)
For extra info, see:

SUSE Security Update SUSE-SU-2019:1553-1 vom 2019-06-19 (18.06.2019)
For extra info, see:

Red Hat Security Advisory RHSA-2019:1297 vom 2019-05-30 (30.05.2019)
For extra info, see:

Red Hat Security Advisory RHSA-2019:1296 vom 2019-05-30 (30.05.2019)
For extra info, see:

Oracle Linux Security Advisory ELSA-2019-4581 vom 2019-03-13 (13.03.2019)
For extra info, see:

See also  Wangsu and Qi'anxin accelerate the development of the network security market-Finance News-Southeast Net Xiamen Channel

Debian Security Advisory DSA-4355 vom 2018-12-20 (19.12.2018)
For extra info, see:

Debian Security Advisory DSA-4348 vom 2018-12-01 (02.12.2018)
For extra info, see:

Oracle Linux Security Advisory ELSA-2018-4267 vom 2018-11-07 (06.11.2018)
For extra info, see:

Oracle Linux Security Advisory ELSA-2018-3221 vom 2018-11-06 (05.11.2018)
For extra info, see:

NetApp Security Advisory NTAP-20181105-0001 vom 2018-11-05 (05.11.2018)
For extra info, see:

Red Hat Security Advisory RHSA-2018:3221 vom 2018-10-31 (30.10.2018)
For extra info, see:

Tenable Security Advisory TNS-2018-14 (28.10.2018)
For extra info, see:

Oracle Linux Security Advisory ELSA-2018-4253 vom 2018-10-16 (15.10.2018)
For extra info, see:

Oracle Linux Security Advisory ELSA-2018-4254 vom 2018-10-16 (15.10.2018)
For extra info, see:

Oracle Linux Security Advisory ELSA-2018-4249 vom 2018-10-13 (14.10.2018)
For extra info, see:

Oracle Linux Security Advisory ELSA-2018-4248 vom 2018-10-13 (14.10.2018)
For extra info, see:

Palo Alto Networks Security Advisory (11.10.2018)
For extra info, see:

SUSE Security Update SUSE-SU-2018:2965-1 vom 2018-10-02 (01.10.2018)
For extra info, see:

SUSE Security Update SUSE-SU-2018:2956-1 vom 2018-09-30 (30.09.2018)
For extra info, see:

SUSE Security Update SUSE-SU-2018:2683-1 vom 2018-09-11 (10.09.2018)
For extra info, see:

SUSE Security Update SUSE-SU-2018:2545-1 vom 2018-08-29 (28.08.2018)
For extra info, see:

SUSE Security Update SUSE-SU-2018:2534-1 vom 2018-08-28 (28.08.2018)
For extra info, see:

SUSE Security Update SUSE-SU-2018:2449-1 vom 2018-08-20 (20.08.2018)
For extra info, see:

SUSE Security Update SUSE-SU-2018:2207-1 vom 2018-08-06 (06.08.2018)
For extra info, see:

SUSE Security Update SUSE-SU-2018:2036-1 vom 2018-07-24 (23.07.2018)
For extra info, see:

SUSE Security Update SUSE-SU-2018:2041-1 vom 2018-07-24 (23.07.2018)
For extra info, see:

SUSE Security Update SUSE-SU-2018:1968-1 vom 2018-07-16 (16.07.2018)
For extra info, see:

SUSE Security Update SUSE-SU-2018:1887-1 vom 2018-07-06 (05.07.2018)
For extra info, see:

Ubuntu Security Notice USN-3692-1 vom 2018-06-27 (26.06.2018)
For extra info, see:

OpenSSL Security Advisory vom 2018-06-12 (12.06.2018)
For extra info, see:

Version historical past of this safety alert

This is model 44 of this OpenSSL IT safety discover. This doc shall be up to date as extra updates are introduced. You can examine modifications or additions on this model historical past.

12.06.2018 – Original Release
June 12, 2018 – Version not accessible
26.06.2018 – A brand new repair is ​​accessible
05.07.2018 – A brand new repair is ​​accessible
16.07.2018 – A brand new repair is ​​accessible
23.07.2018 – A brand new repair is ​​accessible
06.08.2018 – A brand new repair is ​​accessible
20.08.2018 – A brand new repair is ​​accessible
08/20/2018 – Version not accessible
08/20/2018 – Version not accessible
21.08.2018 – Additional references
28.08.2018 – A brand new repair is ​​accessible
10.09.2018 – New repair accessible
23.09.2018 – Additional references
24.09.2018 – Additional references
30.09.2018 – A brand new repair is ​​accessible
01.10.2018 – A brand new repair is ​​accessible
11.10.2018 – New repair accessible
14.10.2018 – New repair accessible
15.10.2018 – New repair accessible
28.10.2018 – A brand new repair is ​​accessible
30.10.2018 – A brand new repair is ​​accessible
05.11.2018 – A brand new repair is ​​accessible
06.11.2018 – A brand new repair is ​​accessible
08.11.2018 – Added references
02.12.2018 – A brand new repair is ​​accessible
19.12.2018 – New repair accessible
06.01.2019 – Typo corrected
March 13, 2019 – Added new updates for Oracle Linux
May 30, 2019 – New updates from Red Hat have been added
June 18, 2019 – Added new updates from SUSE and Red Hat
08/13/2019 – New updates for Oracle Linux have been added
August 15, 2019 – New updates from Oracle
August 18, 2019 – New updates for Oracle Linux have been added
09/10/2019 – References added: FEDORA-2019-9A0A7C0986, FEDORA-2019-00C25B9379
09/11/2019 – References added: FEDORA-2019-DB06EFDEA1
January 8, 2020 – New updates from Juniper added
June 23, 2020 – New updates from Pulse Secure have been added
March 31, 2021 – New Oracle Linux updates added
April 10, 2022 – New updates for Oracle Linux have been added
09/13/2022 – New updates from BROCADE added
09/20/2022 – New updates from HP added
01/25/2024 – New updates from Dell added
June 3, 2024 – New updates added

See also  Forge ahead on a new journey and make contributions to a new era • An extraordinary decade丨The great powers are marching towards a new digital journey

+++ Editorial word: This doc is predicated on present BSI information and shall be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++

observe News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you’ll find sizzling information, present movies and a direct line to the editorial workforce.

kns/roj/information.de

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy