Home » IT Security: Threats to Linux and UNIX – IT safety hole in GNU libc could be very susceptible! Alert is getting an replace

IT Security: Threats to Linux and UNIX – IT safety hole in GNU libc could be very susceptible! Alert is getting an replace

by admin
IT Security: Threats to Linux and UNIX – IT safety hole in GNU libc could be very susceptible!  Alert is getting an replace

An IT safety alert replace for a identified vulnerability has been issued for GNU libc. You can discover out what affected customers can do right here.

Federal workplace for Security in Information Technology (BSI) printed an replace on June 4, 2024 for a safety vulnerability in GNU libc identified on April 17, 2024. The safety vulnerability impacts Linux and UNIX working methods and merchandise Debian Linux, i -Red Hat Enterprise Linux, Fedora Linux, Ubuntu Linux, SUSE Linux, Oracle Linux, Gentoo Linux, RESF Rocky Linux, Open Source GNU libc and IBM MQ.

The newest producer suggestions for updates, workarounds and safety patches for this vulnerability might be discovered right here: Red Hat Security Advisory RHSA-2024:3588 (As of June 4, 2024). Some helpful hyperlinks are listed later on this article.

Security advisory for GNU libc – Risk: excessive

Risk stage: 5 (excessive)
CVSS Base Score: 8.8
CVSS provisional rating: 7,9
Remote management: Ja

The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of pc methods. The CVSS normal makes it attainable to check potential or precise safety dangers based mostly on numerous standards to create a precedence listing for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. Temporal scores additionally have in mind adjustments over time within the danger state of affairs. According to CVSS, the present vulnerability menace is taken into account “excessive” based mostly on 8.8 factors.

GNU libc bug: Vulnerability permits code execution

GNU libc is the core C library beneath Linux and different Unix working methods, which offers system calls and primary performance.

See also  Politics report: China-linked group behind major cyber espionage operation

An attacker may exploit a vulnerability in GNU libc to trigger a denial of service, execute code, or escalate privileges.

Vulnerabilities are recognized by a CVE (Common Vulnerabilities and Exposures) ID quantity. CVE-2024-2961 on the market.

Systems affected by the safety hole at a look

Operating methods
Linux, UNIX

Products
Debian Linux (cpe:/o:debian:debian_linux)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Fedora Linux (cpe:/o:fedoraproject:fedora)
Ubuntu Linux (cpe:/o:canonical:ubuntu_linux)
SUSE Linux (cpe:/o:use:suse_linux)
Oracle Linux (cpe:/o:oracle:linux)
Gentoo Linux (cpe:/o:gentoo:linux)
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4 (cpe:/o:redhat:enterprise_linux)
RESF Rocky Linux (cpe:/o:resf:rocky_linux)
Open Source GNU libc >=2.39 (cpe:/a:gnu:glibc)
IBM MQ Operator IBM MQ Operator

General suggestions for addressing IT safety gaps

  1. Users of affected methods ought to keep up-to-date. When safety holes are identified, producers are required to repair them shortly by creating a patch or workaround. When new safety updates can be found, set up them instantly.
  2. For info, see the sources listed within the subsequent part. This typically accommodates extra details about the newest model of the software program in query and the provision of safety patches or efficiency ideas.
  3. If you’ve got any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to frequently examine the desired sources to see if a brand new safety replace is on the market.

Manufacturer details about updates, patches and workarounds

Here you will see some hyperlinks with details about bug stories, safety fixes and workarounds.

Red Hat Security Advisory RHSA-2024:3588 vom 2024-06-04 (04.06.2024)
For extra info, see:

Oracle Linux Security Advisory ELSA-2024-3269 vom 2024-05-30 (30.05.2024)
For extra info, see:

Oracle Linux Security Advisory ELSA-2024-3339 vom 2024-05-30 (30.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:3464 vom 2024-05-29 (28.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:3423 vom 2024-05-28 (28.05.2024)
For extra info, see:

See also  Helldivers II: A Closer Look at Gameplay and Teamwork Elements Revealed

Red Hat Security Advisory RHSA-2024:3411 vom 2024-05-28 (28.05.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:1805-1 vom 2024-05-28 (28.05.2024)
For extra info, see:

Analysis of Red Hat CVE-2024-2961 (27.05.2024)
For extra info, see:

GitHub Repository ambionics / cnext-exploits vom 2024-05-27 (27.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:3339 vom 2024-05-23 (23.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:3309 vom 2024-05-23 (22.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:3312 vom 2024-05-23 (22.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:3269 vom 2024-05-22 (21.05.2024)
For extra info, see:

IBM Security Bulletin 7154630 vom 2024-05-22 (21.05.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:1728-1 vom 2024-05-21 (21.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2941 vom 2024-05-21 (20.05.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:1675-1 vom 2024-05-17 (16.05.2024)
For extra info, see:

Oracle Linux Security Advisory ELSA-2024-2722 vom 2024-05-09 (09.05.2024)
For extra info, see:

Rocky Linux Security Advisory RLSA-2024:2722 vom 2024-05-09 (09.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2799 vom 2024-05-09 (09.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2722 vom 2024-05-07 (06.05.2024)
For extra info, see:

Gentoo Linux Security Advisory GLSA-202405-17 vom 2024-05-06 (06.05.2024)
For extra info, see:

Debian Security Advisory DLA-3807 vom 2024-05-04 (05.05.2024)
For extra info, see:

Ubuntu Security Notice USN-6762-1 vom 2024-05-02 (02.05.2024)
For extra info, see:

Ubuntu Security Notice USN-6737-2 vom 2024-04-29 (29.04.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:1375-1 vom 2024-04-22 (22.04.2024)
For extra info, see:

Ubuntu Security Notice USN-6737-1 vom 2024-04-18 (18.04.2024)
For extra info, see:

Fedora Security Advisory FEDORA-2024-F7AE5DF88D vom 2024-04-18 (17.04.2024)
For extra info, see:

Fedora Security Advisory FEDORA-2024-9BE1B94714 vom 2024-04-18 (17.04.2024)
For extra info, see:

GitHub Advisory Database (17.04.2024)
For extra info, see:

See also  Ghostwire Tokyo appears to be unofficially confirmed for Xbox.

OSS Mailing List as of 2024-04-17 (17.04.2024)
For extra info, see:

Version historical past of this safety alert

This is model 17 of this GNU libc IT safety discover. If additional updates are introduced, this doc will likely be up to date. You can examine adjustments or additions on this model historical past.

April 17, 2024 – First model
April 18, 2024 – Added new character updates
April 22, 2024 – New updates from SUSE added
April 29, 2024 – Added new character updates
May 2, 2024 – Added new character updates
05/05/2024 – New updates from Debian added
May 6, 2024 – New updates from Gentoo added
May 9, 2024 – New updates from Red Hat, Rocky Enterprise Software Foundation and Oracle Linux added
May 16, 2024 – New updates from SUSE added
May 20, 2024 – New updates from Red Hat have been added
May 21, 2024 – New updates from SUSE added
05/22/2024 – New updates from Red Hat have been added
05/23/2024 – New updates from Red Hat have been added
May 27, 2024 – PoC recorded, outcomes added.
May 28, 2024 – Added new updates from SUSE and Red Hat
May 30, 2024 – New Oracle Linux updates added
June 4, 2024 – New updates from Red Hat have been added

+++ Editorial word: This doc is predicated on present BSI knowledge and will likely be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++

comply with News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you will see sizzling information, present movies and a direct line to the editorial group.

kns/roj/information.de

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy