There is a present BSI safety alert for Red Hat Enterprise Linux. Several dangers have been recognized. You can discover out right here what threatens the IT safety of Linux techniques, how excessive the chance degree is and the way affected customers ought to behave.
Federal workplace for Security in Information Technology (BSI) reported a safety advisory for Red Hat Enterprise Linux on May 21, 2024. The report lists a number of vulnerabilities that could possibly be exploited by attackers. The safety vulnerability impacts the Linux working system and the Red Hat Enterprise Linux product.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability will be discovered right here: Red Hat Security Advisory RHSA-2024:3275 (From 22 May 2024). Some helpful hyperlinks are listed later on this article.
Multiple vulnerabilities have been reported for Red Hat Enterprise Linux – Risk: High
Risk degree: 4 (excessive)
CVSS Base Score: 9.8
CVSS provisional rating: 8,5
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in pc techniques. The CVSS commonplace makes it attainable to match potential or precise safety dangers based mostly on numerous metrics in an effort to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. Temporal scores additionally take into consideration modifications over time within the threat state of affairs. According to CVSS, the present vulnerability is assessed as “excessive” with 9.8 foundation factors.
Red Hat Enterprise Linux Bug: Description of the assault
Red Hat Enterprise Linux (RHEL) is a well-liked Linux distribution.
A distant, unknown attacker might exploit quite a few vulnerabilities in numerous parts of Red Hat Enterprise Linux to execute arbitrary code, expose delicate info, or trigger a denial of service.
Vulnerabilities are recognized by CVE (Common Vulnerabilities and Exposures) ID numbers. CVE-2020-18651, CVE-2020-18652, CVE-2013-7488, CVE-2014-1745, CVE-2023-32359, CVE-2023-39928, CVE-2023-404108, CVE-40192, CVE-404182, 32359 2023-42852, CVE-2023-42883, CVE-2023-42890, CVE-2024-23206, CVE-2024-23213, CVE-2023-43361, CVE-2020-1872928 und3 on the market.
Systems affected by the safety hole at a look
working system
Linux
Products
Red Hat Enterprise Linux 7 (cpe:/o:redhat:enterprise_linux)
Red Hat Enterprise Linux 8 (cpe:/o:redhat:enterprise_linux)
Red Hat Enterprise Linux 9 (cpe:/o:redhat:enterprise_linux)
Common steps to deal with IT safety gaps
- Users of affected techniques ought to keep up-to-date. When safety holes are recognized, producers are required to repair them rapidly by creating a patch or workaround. If safety patches can be found, set up them instantly.
- For info, see the sources listed within the subsequent part. This typically accommodates further details about the newest model of the software program in query and the provision of safety patches or efficiency ideas.
- If you’ve any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to verify each time a producing firm makes a brand new safety replace out there.
Sources for updates, patches and workarounds
Here you can see some hyperlinks with details about bug stories, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:3275 vom 2024-05-22 (21.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:3127 vom 2024-05-22 (21.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:3095 vom 2024-05-22 (21.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:3066 vom 2024-05-21 (21.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:3049 vom 2024-05-21 (21.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2982 vom 2024-05-21 (21.05.2024)
For extra info, see:
Version historical past of this safety alert
This is the primary model of this IT Security Notice for Red Hat Enterprise Linux. This doc will probably be up to date as updates are introduced. You can see the modifications made utilizing the model historical past under.
May 21, 2024 – First model
+++ Editorial observe: This doc is predicated on present BSI information and will probably be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
comply with News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you can see scorching information, present movies and a direct line to the editorial staff.
kns/roj/information.de