Home » IT Security: Vulnerable Linux and Windows – IT safety alert replace about SLF4J (vulnerability: medium)

IT Security: Vulnerable Linux and Windows – IT safety alert replace about SLF4J (vulnerability: medium)

by admin
IT Security: Vulnerable Linux and Windows – IT safety alert replace about SLF4J (vulnerability: medium)

As BSI stories, an IT safety warning a few identified SLF4J vulnerability has obtained an replace. You can learn how affected customers ought to behave right here.

Federal workplace for Security in Information Technology (BSI) revealed an replace on May 16, 2024 for the SLF4J safety vulnerability identified on March 26, 2018. The safety vulnerability impacts Linux and Windows working methods and open supply merchandise CentOS, Oracle Linux, SUSE Linux, Red Hat Enterprise Linux, open supply SLF4J and NetApp ActiveIQ Unified Manager.

The newest producer suggestions for updates, workarounds and safety patches for this vulnerability might be discovered right here: IBM Security Bulletin 7153639 (From 17 May 2024). Some helpful hyperlinks are listed later on this article.

SLF4J safety discover – Vulnerability: medium

Risk degree: 4 (reasonable)
CVSS Base Score: 7.3
CVSS provisional rating: 6,4
Remote management: Ja

The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of laptop methods. The CVSS customary makes it attainable to check potential or precise safety dangers primarily based on numerous standards in an effort to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. Temporary scores additionally consider modifications over time within the danger scenario. According to CVSS, the chance of the vulnerability talked about right here is taken into account “reasonable” with 7.3 foundation factors.

SLF4J Bug: Vulnerability permits code execution

A Simple Java Logging Facade (SLF4J) (SLF4J) offers a Java Logging API.

See also  The Intel Arc A380 graphics card is installed with a 15-year-old zero-noise radiator, and the result can be called "tailor-made"! | T Kebang

A distant, unknown attacker may exploit a vulnerability in SLF4J to execute arbitrary code.

Vulnerabilities had been labeled utilizing the CVE (Common Vulnerabilities and Exposures) reference system for every serial quantity CVE-2018-8088.

Systems affected by the SLF4J vulnerability at a look

Operating methods
Linux, Windows

Products
Open Source CentOS (cpe:/o:centos:centos)
Oracle Linux 7 (cpe:/o:oracle:linux)
SUSE Linux (cpe:/o:use:suse_linux)
Red Hat Enterprise Linux 7 (cpe:/o:redhat:enterprise_linux)
SLF4J open supply (cpe:/a:open_source:slf4j)
NetApp ActiveIQ Unified Manager for Linux (cpe:/a:netapp:active_iq_unified_manager)
NetApp ActiveIQ Unified Manager for VMware vSphere (cpe:/a:netapp:active_iq_unified_manager)
NetApp ActiveIQ Unified Manager for Microsoft Windows (cpe:/a:netapp:active_iq_unified_manager)

General steps for coping with IT vulnerabilities

  1. Users of the affected apps ought to keep up-to-date. When safety holes are identified, producers are required to repair them rapidly by creating a patch or workaround. If safety patches can be found, set up them instantly.
  2. For data, see the sources listed within the subsequent part. This typically incorporates further details about the newest model of the software program in query and the provision of safety patches or efficiency ideas.
  3. If you have got any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to usually verify the desired sources to see if a brand new safety replace is offered.

Sources for updates, patches and workarounds

Here you will discover some hyperlinks with details about bug stories, safety fixes and workarounds.

IBM Security Bulletin 7153639 vom 2024-05-17 (16.05.2024)
For extra data, see:

NetApp Security Advisory NTAP-20231227-0010 vom 2023-12-27 (27.12.2023)
For extra data, see:

Red Hat Security Advisory RHSA-2018:2419 vom 2018-08-16 (15.08.2018)
For extra data, see:

See also  IT Security: Threats to Linux - IT safety alert replace for Red Hat Enterprise Linux (cockpit) (Risk: medium)

Red Hat Security Advisory RHSA-2018:2420 vom 2018-08-16 (15.08.2018)
For extra data, see:

Red Hat Security Advisory RHSA-2018:2143 vom 2018-07-06 (05.07.2018)
For extra data, see:

SUSE Security Update SUSE-SU-2018:1744-1 vom 2018-06-20 (19.06.2018)
For extra data, see:

Red Hat Security Advisory RHSA-2018:1525 vom 2018-05-16 (15.05.2018)
For extra data, see:

Red Hat Security Advisory RHSA-2018:1323 vom 2018-05-07 (06.05.2018)
For extra data, see:

Red Hat Security Advisory RHSA-2018:0630 vom 2018-04-03 (03.04.2018)
For extra data, see:

Red Hat Security Advisory RHSA-2018:0629 vom 2018-04-03 (03.04.2018)
For extra data, see:

Red Hat Security Advisory RHSA-2018:0628 vom 2018-04-03 (03.04.2018)
For extra data, see:

Red Hat Security Advisory RHSA-2018:0627 vom 2018-04-03 (03.04.2018)
For extra data, see:

CentOS Security Advisory CESA-2018:0592 vom 2018-03-27 (27.03.2018)
For extra data, see:

SLF4J Git Commit (26.03.2018)
For extra data, see:

Oracle Linux Security Advisory ELSA-2018-0592 vom 2018-03-26 (26.03.2018)
For extra data, see:

Red Hat Security Advisory RHSA-2018:0592 vom 2018-03-26 (26.03.2018)
For extra data, see:

Red Hat Security Advisory RHSA-2018:0582 vom 2018-03-26 (26.03.2018)
For extra data, see:

Version historical past of this safety alert

This is model 14 of this SLF4J IT safety discover. If additional updates are introduced, this doc shall be up to date. You can examine modifications or additions on this model historical past.

26.03.2018 – Early Release
03/26/2018 – Version not obtainable
March 26, 2018 – Version not obtainable
27.03.2018 – A brand new repair is ​​obtainable
03.04.2018 – A brand new repair is ​​obtainable
April 3, 2018 – Version not obtainable
06.05.2018 – A brand new repair is ​​obtainable
15.05.2018 – A brand new repair is ​​obtainable
19.06.2018 – A brand new repair is ​​obtainable
05.07.2018 – A brand new repair is ​​obtainable
15.08.2018 – New repair obtainable
11.09.2018 – Additional references
December 27, 2023 – NetApp product added
May 16, 2024 – New updates from IBM added

See also  Transform Your Apple Watch: The Best Watch Face Apps for Customization and Functionality

+++ Editorial be aware: This doc relies on present BSI information and shall be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++

comply with News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you will discover scorching information, present movies and a direct line to the editorial group.

kns/roj/information.de

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy