Home » IT Security: Linux, UNIX and Windows are beneath risk – The most susceptible IT safety hole in Podman! Alert is getting an replace

IT Security: Linux, UNIX and Windows are beneath risk – The most susceptible IT safety hole in Podman! Alert is getting an replace

by admin
IT Security: Linux, UNIX and Windows are beneath risk – The most susceptible IT safety hole in Podman!  Alert is getting an replace

The safety alert issued for Podman has obtained an replace from BSI. You can examine which merchandise are affected by the safety hole right here at information.de.

Federal workplace for Security on Information Technology (BSI) revealed an replace on May 16, 2024 for the Podman safety vulnerability recognized on April 1, 2024. The safety vulnerability impacts Linux, UNIX and Windows working programs and Red Hat Enterprise merchandise Linux, SUSE Linux, Oracle Linux, RESF Rocky Linux, Open Source Podman and Red Hat OpenShift.

The newest producer suggestions for updates, workarounds and safety patches for this vulnerability could be discovered right here: Red Hat Security Advisory RHSA-2024:2784 (From 16 May 2024). Some helpful hyperlinks are listed later on this article.

Podman Safety Advisory – Risk: High

Risk degree: 3 (excessive)
CVSS Base Score: 8.6
CVSS provisional rating: 7,7
Remote assault: No

The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in laptop programs. The CVSS normal makes it doable to check potential or precise safety dangers primarily based on varied metrics with the intention to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. For short-term impact, body circumstances which will change over time are thought-about within the check. According to CVSS, the danger of the vulnerability mentioned right here is classed as “excessive” with 8.6 foundation factors.

Podman Bug: Vulnerability permits safety measures to be bypassed

Podman is a runtime and container instrument that enables customers to run and handle containers with out the necessity for a separate daemon course of.

See also  Larian Studios won't be making Baldur's Gate IV - Baldur's Gate III

A distant, unknown attacker may exploit a vulnerability in Podman to bypass safety measures.

Vulnerabilities have been categorised utilizing the CVE (Common Vulnerability and Exposure) designation system for every serial quantity CVE-2024-1753.

Systems affected by the Podman vulnerability at a look

Operating programs
Linux, UNIX, Windows

Products
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
SUSE Linux (cpe:/o:use:suse_linux)
Oracle Linux (cpe:/o:oracle:linux)
RESF Rocky Linux (cpe:/o:resf:rocky_linux)
Open Source Podman Open Source Podman Red Hat OpenShift Container Platform OpenShift Container Platform

General suggestions for addressing IT safety gaps

  1. Users of the affected apps ought to keep up-to-date. When safety holes are recognized, producers are required to repair them shortly by creating a patch or workaround. If safety patches can be found, set up them instantly.
  2. For info, see the sources listed within the subsequent part. This typically comprises further details about the most recent model of the software program in query and the supply of safety patches or efficiency ideas.
  3. If you’ve any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to commonly examine the desired sources to see if a brand new safety replace is accessible.

Sources for updates, patches and workarounds

Here you will discover some hyperlinks with details about bug experiences, safety fixes and workarounds.

Red Hat Security Advisory RHSA-2024:2784 vom 2024-05-16 (16.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2672 vom 2024-05-09 (09.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2669 vom 2024-05-09 (09.05.2024)
For extra info, see:

Oracle Linux Security Advisory ELSA-2024-2548 vom 2024-05-08 (07.05.2024)
For extra info, see:

See also  IT security: UNIX at risk - update for IT security warning on PowerDNS (risk: medium)

Rocky Linux Security Advisory RLSA-2024:2084 vom 2024-05-06 (06.05.2024)
For extra info, see:

Rocky Linux Security Advisory RLSA-2024:2098 vom 2024-05-06 (06.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2047 vom 2024-05-02 (02.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2645 vom 2024-05-01 (01.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2548 vom 2024-04-30 (01.05.2024)
For extra info, see:

Oracle Linux Security Advisory ELSA-2024-2098 vom 2024-04-30 (29.04.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2089 vom 2024-04-29 (29.04.2024)
For extra info, see:

Oracle Linux Security Advisory ELSA-2024-2084 vom 2024-04-30 (29.04.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2090 vom 2024-04-29 (29.04.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2098 vom 2024-04-29 (28.04.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2097 vom 2024-04-29 (28.04.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2077 vom 2024-04-29 (28.04.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2084 vom 2024-04-29 (28.04.2024)
For extra info, see:

Oracle Linux Security Advisory ELSA-2024-2055 vom 2024-04-26 (25.04.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2066 vom 2024-04-25 (25.04.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2064 vom 2024-04-25 (25.04.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2055 vom 2024-04-25 (24.04.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:1143-1 vom 2024-04-08 (08.04.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:1145-1 vom 2024-04-08 (08.04.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:1144-1 vom 2024-04-08 (08.04.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:1142-1 vom 2024-04-08 (08.04.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:1146-1 vom 2024-04-08 (08.04.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:1059-1 vom 2024-04-01 (01.04.2024)
For extra info, see:

See also  Coal boom in South Asia – German companies are making money here

SUSE Security Update SUSE-SU-2024:1058-1 vom 2024-04-01 (01.04.2024)
For extra info, see:

GitHub Advisory Database vom 2024-04-01 (01.04.2024)
For extra info, see:

Version historical past of this safety alert

This is model 12 of this Podman IT safety discover. If additional updates are introduced, this doc can be up to date. You can see the modifications made utilizing the model historical past under.

April 1, 2024 – First model
04/08/2024 – New updates from SUSE added
April 24, 2024 – New updates from Red Hat have been added
April 25, 2024 – New updates from Red Hat and Oracle Linux have been added
April 28, 2024 – New updates from Red Hat have been added
April 29, 2024 – New updates from Red Hat and Oracle Linux have been added
May 1, 2024 – New updates from Red Hat added
May 2, 2024 – New updates from Red Hat added
05/06/2024 – New updates from the Rocky Enterprise Software Foundation have been added
May 7, 2024 – New Oracle Linux updates added
May 9, 2024 – New updates from Red Hat have been added
May 16, 2024 – New updates from Red Hat have been added

+++ Editorial notice: This doc is predicated on present BSI knowledge and can be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++

observe News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you will discover sizzling information, present movies and a direct line to the editorial staff.

kns/roj/information.de

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy