IT Security: Threats to Linux – IT safety hole in Red Hat Enterprise Linux may be very weak! Alert is getting an replace

Federal workplace for Security in Information Technology (BSI) revealed an replace on May 21, 2024 on probably the most weak safety gap in Red Hat Enterprise Linux identified on November 7, 2023. The safety vulnerability impacts the Linux working system and Open Source merchandise CentOS, Amazon Linux 2, Red Hat Enterprise Linux, Oracle Linux, Gentoo Linux, Red Hat OpenShift and Meinberg LANTIME.

The newest producer suggestions for updates, workarounds and safety patches for this vulnerability may be discovered right here: Red Hat Security Advisory RHSA-2024:3214 (From 22 May 2024). Some helpful sources are listed later on this article.

Multiple Vulnerabilities for Red Hat Enterprise Linux – Risk: High

Risk degree: 5 (excessive)
CVSS Base Score: 9.8
CVSS provisional rating: 8,5
Remote management: Ja

The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in pc programs. The CVSS commonplace makes it attainable to check potential or precise safety dangers primarily based on numerous standards as a way to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of the vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. Temporary scores additionally consider modifications over time within the threat state of affairs. According to CVSS, the present vulnerability menace is taken into account “excessive” on the idea of 9.8 factors.

Red Hat Enterprise Linux Bug: Vulnerabilities and CVE numbers

Red Hat Enterprise Linux (RHEL) is a well-liked Linux distribution.

An attacker can exploit a number of vulnerabilities in Red Hat Enterprise Linux to trigger a denial of service, bypass safety measures, escalate privileges, expose delicate info, or execute malicious code.

Vulnerabilities are recognized by CVE (Common Vulnerabilities and Exposures) ID numbers. CVE-2021-32142, CVE-2021-43618, CVE-2022-23527, CVE-2022-40898, CVE-2022-48468, CVE-2023-1672, CVE-2023-2022-23527, CVE-20275, CVE- 2023-1675 2023-26767, CVE-2023-26768, CVE-2023-26769, CVE-2023-28100, CVE-2023-28101, CVE-2023-28370, CVE-2023-2862-202, CVE-2923-28101 , CVE-2023-28370 31486. on the market.

Systems affected by the safety hole at a look

working system
Linux

Products
Open Source CentOS (cpe:/o:centos:centos)
Amazon Linux 2 (cpe:/o:amazon:linux_2)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Oracle Linux (cpe:/o:oracle:linux)
Gentoo Linux (cpe:/o:gentoo:linux)
Red Hat Enterprise Linux 7 (cpe:/o:redhat:enterprise_linux)
Red Hat Enterprise Linux 8 (cpe:/o:redhat:enterprise_linux)
Red Hat Enterprise Linux 9 (cpe:/o:redhat:enterprise_linux)
Red Hat OpenShift Data Foundation Meinberg LANTIME

General suggestions for addressing IT safety gaps

1. Users of affected programs ought to keep up-to-date. When safety holes are identified, producers are required to repair them shortly by growing a patch or workaround. When new safety updates can be found, set up them instantly.
2. For info, see the sources listed within the subsequent part. This typically accommodates further details about the most recent model of the software program in query and the provision of safety patches or efficiency suggestions.
3. If you may have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to test each time a producing firm makes a brand new safety replace obtainable.

Sources for updates, patches and workarounds

Here you will discover some hyperlinks with details about bug studies, safety fixes and workarounds.

Red Hat Security Advisory RHSA-2024:3214 vom 2024-05-22 (21.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2994 vom 2024-05-22 (21.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2580 vom 2024-04-30 (01.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2093 vom 2024-05-01 (01.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2092 vom 2024-05-01 (01.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2063 vom 2024-04-25 (25.04.2024)
For extra info, see:

Oracle Linux Security Advisory ELSA-2024-2033 vom 2024-04-25 (24.04.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:1412 vom 2024-03-19 (19.03.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:1102 vom 2024-03-05 (05.03.2024)
For extra info, see:

Meinberg Security Advisory (30.01.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:0579 vom 2024-01-30 (30.01.2024)
For extra info, see:

CentOS Security Advisory CESA-2024:0343 vom 2024-01-26 (28.01.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:0422 vom 2024-01-25 (25.01.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:0406 vom 2024-01-25 (25.01.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:0343 vom 2024-01-24 (23.01.2024)
For extra info, see:

Oracle Linux Security Advisory ELSA-2024-0343 vom 2024-01-24 (23.01.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2023:7820 vom 2023-12-14 (13.12.2023)
For extra info, see:

Red Hat Security Advisory RHSA-2023:7741 vom 2023-12-12 (12.12.2023)
For extra info, see:

Amazon Linux Security Advisory ALAS-2023-2362 vom 2023-12-05 (04.12.2023)
For extra info, see:

Gentoo Linux Security Advisory GLSA-202311-18 vom 2023-11-27 (27.11.2023)
For extra info, see:

Oracle Linux Security Advisory ELSA-2023-6940 vom 2023-11-21 (21.11.2023)
For extra info, see:

Oracle Linux Security Advisory ELSA-2023-6712 vom 2023-11-16 (15.11.2023)
For extra info, see:

Red Hat Security Advisory RHSA-2023:7166 vom 2023-11-15 (14.11.2023)
For extra info, see:

Red Hat Security Advisory RHSA-2023:7022 vom 2023-11-15 (14.11.2023)
For extra info, see:

Red Hat Security Advisory RHSA-2023:7174 vom 2023-11-15 (14.11.2023)
For extra info, see:

Red Hat Security Advisory RHSA-2023:7010 vom 2023-11-15 (14.11.2023)
For extra info, see:

Red Hat Security Advisory RHSA-2023:6944 vom 2023-11-15 (14.11.2023)
For extra info, see:

Red Hat Security Advisory RHSA-2023:7057 vom 2023-11-15 (14.11.2023)
For extra info, see:

Red Hat Security Advisory RHSA-2023:6940 vom 2023-11-15 (14.11.2023)
For extra info, see:

Red Hat Security Advisory RHSA-2023:7052 vom 2023-11-15 (14.11.2023)
For extra info, see:

Red Hat Security Advisory RHSA-2023:6943 vom 2023-11-15 (14.11.2023)
For extra info, see:

Red Hat Security Advisory RHSA-2023:7187 vom 2023-11-15 (14.11.2023)
For extra info, see:

Red Hat Security Advisory RHSA-2023:7038 vom 2023-11-15 (14.11.2023)
For extra info, see:

RedHatSecurity Advisory vom 2023-11-07 (07.11.2023)
For extra info, see:

RedHatSecurity Advisory vom 2023-11-07 (07.11.2023)
For extra info, see:

RedHatSecurity Advisory vom 2023-11-07 (07.11.2023)
For extra info, see:

RedHatSecurity Advisory vom 2023-11-07 (07.11.2023)
For extra info, see:

RedHatSecurity Advisory vom 2023-11-07 (07.11.2023)
For extra info, see:

RedHatSecurity Advisory vom 2023-11-07 (07.11.2023)
For extra info, see:

RedHatSecurity Advisory vom 2023-11-07 (07.11.2023)
For extra info, see:

RedHatSecurity Advisory vom 2023-11-07 (07.11.2023)
For extra info, see:

RedHatSecurity Advisory vom 2023-11-07 (07.11.2023)
For extra info, see:

RedHatSecurity Advisory vom 2023-11-07 (07.11.2023)
For extra info, see:

RedHatSecurity Advisory vom 2023-11-07 (07.11.2023)
For extra info, see:

RedHatSecurity Advisory vom 2023-11-07 (07.11.2023)
For extra info, see:

RedHatSecurity Advisory vom 2023-11-07 (07.11.2023)
For extra info, see:

RedHatSecurity Advisory vom 2023-11-07 (07.11.2023)
For extra info, see:

RedHatSecurity Advisory vom 2023-11-07 (07.11.2023)
For extra info, see:

RedHatSecurity Advisory vom 2023-11-07 (07.11.2023)
For extra info, see:

RedHatSecurity Advisory vom 2023-11-07 (07.11.2023)
For extra info, see:

RedHatSecurity Advisory vom 2023-11-07 (07.11.2023)
For extra info, see:

Version historical past of this safety alert

This is model 18 of this IT safety advisory for Red Hat Enterprise Linux. This doc can be up to date as extra updates are introduced. You can examine modifications or additions on this model historical past.

November 7, 2023 – First model
11/14/2023 – New updates from Red Hat added
November 15, 2023 – New Oracle Linux updates added
November 21, 2023 – New Oracle Linux updates added
November 27, 2023 – New updates from Gentoo added
12/04/2023 – New updates from Amazon added
12/12/2023 – New updates from Red Hat added
12/13/2023 – New updates from Red Hat added
01/23/2024 – New Oracle Linux updates added
01/25/2024 – New updates from Red Hat added
01/28/2024 – Added new updates to CentOS
01/30/2024 – New updates from Red Hat added
03/05/2024 – New updates from Red Hat have been added
03/19/2024 – New updates from Red Hat have been added
April 24, 2024 – New updates for Oracle Linux have been added
04/25/2024 – New updates from Red Hat have been added
May 1, 2024 – New updates from Red Hat added
May 21, 2024 – New updates from Red Hat added

+++ Editorial notice: This doc is predicated on present BSI information and can be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++

observe News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you will discover scorching information, present movies and a direct line to the editorial staff.

kns/roj/information.de