As BSI experiences, an IT safety alert a few identified X.Org X11 vulnerability has obtained an replace. You can examine which functions and merchandise are affected by safety holes right here at information.de.
Federal Office for Security in Information Technology (BSI) revealed an replace on May 21, 2024 to the X.Org X11 high-risk safety gap identified on January 16, 2024. The safety vulnerability impacts Linux and UNIX working methods and open supply merchandise CentOS, Debian Linux, Amazon Linux 2, Red Hat Enterprise Linux, Fedora Linux, Ubuntu Linux, SUSE Linux, Oracle Linux, Gentoo Linux, OpenBSD OpenBSD, Open Source X .Org X11 and RESF Rocky Linux.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability could be discovered right here: Red Hat Security Advisory RHSA-2024:2996 (From 22 May 2024). Some helpful hyperlinks are listed later on this article.
Multiple X.Org X11 Vulnerabilities – Risk: High
Risk stage: 4 (excessive)
CVSS Base Score: 9.8
CVSS provisional rating: 8,5
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of pc methods. The CVSS normal makes it potential to match potential or precise safety dangers primarily based on numerous metrics to create a precedence listing for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of the vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. Temporal scores additionally take into consideration adjustments over time within the danger state of affairs. According to CVSS, the danger of the vulnerability talked about right here is rated as “excessive” with a base rating of 9.8.
IX.Org X11 Bug: The implications of an IT assault
IX Window System is used to create graphical interfaces in Unix methods.
An attacker might exploit a number of vulnerabilities in X.Org X11 to execute arbitrary code, expose data, or trigger a denial of service.
Vulnerabilities are categorised utilizing the CVE (Common Vulnerability and Exposure) designation system by their particular person serial numbers CVE-2023-6816, CVE-2024-0229, CVE-2024-0408, CVE-2024-0409, CVE-2024-21885 and CVE-2024-21886.
Systems affected by the safety hole at a look
Operating methods
Linux, UNIX
Products
Open Source CentOS (cpe:/o:centos:centos)
Debian Linux (cpe:/o:debian:debian_linux)
Amazon Linux 2 (cpe:/o:amazon:linux_2)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Fedora Linux (cpe:/o:fedoraproject:fedora)
Ubuntu Linux (cpe:/o:canonical:ubuntu_linux)
SUSE Linux (cpe:/o:use:suse_linux)
Oracle Linux (cpe:/o:oracle:linux)
Gentoo Linux (cpe:/o:gentoo:linux)
Ubuntu Linux (cpe:/o:canonical:ubuntu_linux)
OpenBSD OpenBSD (cpe:/a:openbsd:openbsd)
Open Source X.Org X11 Open Source X.Org X11 RESF Rocky Linux (cpe:/o:resf:rocky_linux)
General steps for coping with IT vulnerabilities
- Users of the affected apps ought to keep up-to-date. When safety holes are identified, producers are required to repair them rapidly by creating a patch or workaround. When new safety updates can be found, set up them instantly.
- For data, see the sources listed within the subsequent part. This typically incorporates extra details about the newest model of the software program in query and the supply of safety patches or efficiency ideas.
- If you have got any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to examine each time a producing firm makes a brand new safety replace obtainable.
Manufacturer details about updates, patches and workarounds
Here one can find some hyperlinks with details about bug experiences, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:2996 vom 2024-05-22 (21.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2995 vom 2024-05-22 (21.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2169 vom 2024-04-30 (29.04.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-2080 vom 2024-04-30 (29.04.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-2037 vom 2024-04-25 (24.04.2024)
For extra data, see:
Ubuntu Security Notice USN-6587-5 vom 2024-03-13 (13.03.2024)
For extra data, see:
Amazon Linux Security Advisory ALAS-2024-2455 vom 2024-02-19 (19.02.2024)
For extra data, see:
Rocky Linux Security Advisory RLSA-2024:0607 vom 2024-02-12 (12.02.2024)
For extra data, see:
CentOS Security Advisory CESA-2024:0629 vom 2024-02-05 (05.02.2024)
For extra data, see:
Ubuntu Security Notice USN-6587-4 vom 2024-02-01 (01.02.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-0629 vom 2024-02-01 (01.02.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-0607 vom 2024-02-01 (01.02.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:0629 vom 2024-01-31 (31.01.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-0557 vom 2024-01-31 (31.01.2024)
For extra data, see:
Gentoo Linux Security Advisory GLSA-202401-30 vom 2024-01-31 (31.01.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:0626 vom 2024-01-31 (30.01.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:0621 vom 2024-01-30 (30.01.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:0617 vom 2024-01-30 (30.01.2024)
For extra data, see:
Ubuntu Security Notice USN-6587-3 vom 2024-01-30 (30.01.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:0607 vom 2024-01-30 (30.01.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:0614 vom 2024-01-30 (30.01.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:0557 vom 2024-01-30 (30.01.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:0597 vom 2024-01-30 (30.01.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:0558 vom 2024-01-30 (29.01.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:0252-1 vom 2024-01-26 (28.01.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:0251-1 vom 2024-01-26 (28.01.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:0249-1 vom 2024-01-26 (28.01.2024)
For extra data, see:
CentOS Security Advisory CESA-2024:0320 vom 2024-01-26 (28.01.2024)
For extra data, see:
Debian Security Advisory DLA-3721 vom 2024-01-25 (25.01.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:0236-1 vom 2024-01-25 (25.01.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:0212-1 vom 2024-01-24 (24.01.2024)
For extra data, see:
Debian Security Advisory DSA-5603 vom 2024-01-23 (23.01.2024)
For extra data, see:
Ubuntu Security Notice USN-6587-2 vom 2024-01-22 (22.01.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-0320 vom 2024-01-23 (22.01.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:0320 vom 2024-01-22 (22.01.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:0165-1 vom 2024-01-19 (21.01.2024)
For extra data, see:
Fedora Security Advisory FEDORA-2024-2815D55CDF vom 2024-01-19 (18.01.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:0109-1 vom 2024-01-17 (17.01.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:0114-1 vom 2024-01-17 (17.01.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:0121-1 vom 2024-01-17 (17.01.2024)
For extra data, see:
Fedora Security Advisory FEDORA-2024-5762D637DD vom 2024-01-18 (17.01.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:0116-1 vom 2024-01-17 (17.01.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:0111-1 vom 2024-01-17 (17.01.2024)
For extra data, see:
OpenBSD Patch vom 2024-01-16 (16.01.2024)
For extra data, see:
Fedora Security Advisory vom 2024-01-16 (16.01.2024)
For extra data, see:
Fedora Security Advisory vom 2024-01-16 (16.01.2024)
For extra data, see:
Ubuntu Security Advisory vom 2024-01-16 (16.01.2024)
For extra data, see:
Xming adjustments vom 2024-01-16 (16.01.2024)
For extra data, see:
IX.Org Security Advisory vom 2024-01-16 (16.01.2024)
For extra data, see:
Version historical past of this safety alert
This is model 20 of this X.Org X11 IT safety discover. If additional updates are introduced, this doc will probably be up to date. You can examine adjustments or additions on this model historical past.
January 16, 2024 – First model
01/17/2024 – New updates from SUSE and Fedora added
01/18/2024 – New updates from Fedora added
01/21/2024 – New updates from SUSE added
01/22/2024 – New updates from Red Hat added
01/23/2024 – New updates from Debian added
01/24/2024 – New updates from SUSE added
01/25/2024 – New updates from SUSE and Debian added
01/28/2024 – New updates from CentOS and SUSE added
01/29/2024 – New updates from Red Hat added
01/30/2024 – New updates from Red Hat and Ubuntu have been added
01/31/2024 – New updates from Gentoo, Oracle Linux and Red Hat added
02/01/2024 – Added new updates for Oracle Linux and Ubuntu
02/05/2024 – Added new updates to CentOS
02/12/2024 – New updates from the Rocky Enterprise Software Foundation have been added
02/19/2024 – New updates from Amazon added
03/13/2024 – Added new persona updates
April 24, 2024 – New updates for Oracle Linux have been added
April 29, 2024 – New updates for Oracle Linux have been added
May 21, 2024 – New updates from Red Hat added
+++ Editorial notice: This doc is predicated on present BSI information and will probably be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
comply with News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here one can find scorching information, present movies and a direct line to the editorial workforce.
kns/roj/information.de