An IT safety alert replace for a recognized vulnerability has been launched for Red Hat Enterprise Linux. You can learn the way affected customers ought to behave right here.
Federal Office for Security in Information Technology (BSI) has revealed an replace on May 21, 2024 to essentially the most susceptible safety gap in Red Hat Enterprise Linux recognized on April 29, 2024. The safety vulnerability impacts the Linux working system and the Red Hat Enterprise Linux product.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability may be discovered right here: Red Hat Security Advisory RHSA-2024:3008 (From 22 May 2024). Some helpful hyperlinks are listed later on this article.
Multiple Vulnerabilities for Red Hat Enterprise Linux – Risk: High
Risk degree: 5 (excessive)
CVSS Base Score: 8.1
CVSS provisional rating: 7,1
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of laptop programs. The CVSS commonplace makes it doable to check potential or precise safety dangers primarily based on varied standards with a purpose to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of the vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. For non permanent impact, body situations which will change over time are thought of within the check. According to CVSS, the danger of the vulnerability talked about right here is rated as “excessive” on the premise of 8.1 factors.
Red Hat Enterprise Linux Bug: Description of the assault
Red Hat Enterprise Linux (RHEL) is a well-liked Linux distribution.
An attacker can exploit a number of vulnerabilities in Red Hat Enterprise Linux to trigger a denial of service, expose delicate info, spoof recordsdata, or escalate privileges.
Vulnerabilities are recognized by CVE (Common Vulnerabilities and Exposures) ID numbers. CVE-2021-29390, CVE-2022-48554, CVE-2023-1729, CVE-2023-49083, CVE-2023-5215, CVE-2023-5871, CVE-2024-14302, CVE2-225 2024-24258, CVE -2024-24259, CVE-2021-40153, CVE-2021-41072 and CVE-2023-41915 on the market.
Systems affected by the safety hole at a look
working system
Linux
Products
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Red Hat Enterprise Linux 9 (cpe:/o:redhat:enterprise_linux)
Red Hat Enterprise Linux 8 (cpe:/o:redhat:enterprise_linux)
Red Hat Enterprise Linux 7 (cpe:/o:redhat:enterprise_linux)
General suggestions for addressing IT safety gaps
- Users of the affected apps ought to keep up-to-date. When safety holes are recognized, producers are required to repair them rapidly by creating a patch or workaround. When new safety updates can be found, set up them instantly.
- For info, see the sources listed within the subsequent part. This usually incorporates extra details about the most recent model of the software program in query and the supply of safety patches or efficiency suggestions.
- If you will have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to often test if IT safety alert Affected producers present a brand new safety replace.
Sources for updates, patches and workarounds
Here you can see some hyperlinks with details about bug stories, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:3008 vom 2024-05-22 (21.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:3163 vom 2024-05-22 (21.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:3139 vom 2024-05-22 (21.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:3044 vom 2024-05-22 (21.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:3120 vom 2024-05-22 (21.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:3105 vom 2024-05-22 (21.05.2024)
For extra info, see:
Red Hat Security Advisory vom 2024-04-29 (29.04.2024)
For extra info, see:
Red Hat Security Advisory vom 2024-04-29 (29.04.2024)
For extra info, see:
Red Hat Security Advisory vom 2024-04-29 (29.04.2024)
For extra info, see:
Red Hat Security Advisory vom 2024-04-29 (29.04.2024)
For extra info, see:
Red Hat Security Advisory vom 2024-04-29 (29.04.2024)
For extra info, see:
Red Hat Security Advisory vom 2024-04-29 (29.04.2024)
For extra info, see:
Red Hat Security Advisory vom 2024-04-29 (29.04.2024)
For extra info, see:
Red Hat Security Advisory vom 2024-04-29 (29.04.2024)
For extra info, see:
Red Hat Security Advisory vom 2024-04-29 (29.04.2024)
For extra info, see:
Red Hat Security Advisory vom 2024-04-29 (29.04.2024)
For extra info, see:
Version historical past of this safety alert
This is model 2 of this IT safety advisory for Red Hat Enterprise Linux. This doc can be up to date as extra updates are introduced. You can see the adjustments made utilizing the model historical past under.
April 29, 2024 – First model
May 21, 2024 – New updates from Red Hat added
+++ Editorial word: This doc relies on present BSI knowledge and can be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you can see scorching information, present movies and a direct line to the editorial group.
kns/roj/information.de