As BSI reviews, the IT safety alert, concerning the X.Org X11 vulnerability, has obtained an replace. You can learn the way affected customers ought to behave right here.
Federal workplace for Security in Information Technology (BSI) printed an replace on May 21, 2024 to the X.Org X11 high-risk safety gap identified on October 25, 2023. The safety vulnerability impacts Linux and UNIX working programs and merchandise Amazon Linux 2 , Red Hat Enterprise Linux, Fedora Linux, Ubuntu Linux, SUSE Linux, Oracle Linux, Gentoo Linux, IGEL OS, OpenBSD OpenBSD and Open Source X.Org X11.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability could be discovered right here: Red Hat Security Advisory RHSA-2024:3067 (From 22 May 2024). Some helpful assets are listed later on this article.
X.Org X11 Multi-Vulnerability – Risk: average
Risk stage: 5 (average)
CVSS Base Score: 7.8
CVSS provisional rating: 6,8
Remote assault: No
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of safety vulnerabilities in pc programs. The CVSS customary makes it potential to check potential or precise safety dangers primarily based on numerous standards to create a precedence record for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of the vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. For short-term impact, body situations that will change over time are thought of within the take a look at. According to CVSS, the danger of the vulnerability talked about right here is rated as “average” with 7.8 foundation factors.
IX.Org X11 Bug: Description of assault
IX Window System is used to create graphical interfaces on Unix programs.
An area attacker can exploit a number of vulnerabilities in X.Org X11 to raise his privileges or trigger a denial of service.
Vulnerabilities are categorized utilizing the CVE (Common Vulnerabilities and Exposures) reference system utilizing particular person serial numbers. CVE-2023-5367, CVE-2023-5380 and CVE-2023-5574.
Systems affected by the safety hole at a look
Operating programs
Linux, UNIX
Products
Amazon Linux 2 (cpe:/o:amazon:linux_2)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Fedora Linux (cpe:/o:fedoraproject:fedora)
Ubuntu Linux (cpe:/o:canonical:ubuntu_linux)
SUSE Linux (cpe:/o:use:suse_linux)
Oracle Linux (cpe:/o:oracle:linux)
Gentoo Linux (cpe:/o:gentoo:linux)
IGEL OS (cpe:/o:igel:os)
OpenBSD OpenBSD 7.3 (cpe:/a:openbsd:openbsd)
Open Source X.Org X11 OpenBSD OpenBSD 7.4 (cpe:/a:openbsd:openbsd)
General suggestions for coping with IT vulnerabilities
- Users of affected programs ought to keep up-to-date. When safety holes are identified, producers are required to repair them rapidly by creating a patch or workaround. If safety patches can be found, set up them instantly.
- For data, see the sources listed within the subsequent part. This usually comprises further details about the most recent model of the software program in query and the supply of safety patches or efficiency ideas.
- If you could have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to frequently examine the desired sources to see if a brand new safety replace is on the market.
Manufacturer details about updates, patches and workarounds
Here you’ll find some hyperlinks with details about bug reviews, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:3067 vom 2024-05-22 (21.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2996 vom 2024-05-22 (21.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2995 vom 2024-05-22 (21.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2169 vom 2024-04-30 (29.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2298 vom 2024-04-30 (29.04.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-2080 vom 2024-04-30 (29.04.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-2037 vom 2024-04-25 (24.04.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-0629 vom 2024-02-01 (01.02.2024)
For extra data, see:
Gentoo Linux Security Advisory GLSA-202401-30 vom 2024-01-31 (31.01.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:0128 vom 2024-01-10 (10.01.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-0018 vom 2024-01-04 (04.01.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-0006 vom 2024-01-03 (03.01.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-0010 vom 2024-01-03 (03.01.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:0010 vom 2024-01-02 (02.01.2024)
For extra data, see:
Amazon Linux Security Advisory ALAS-2023-1892 vom 2023-12-06 (05.12.2023)
For extra data, see:
Amazon Linux Security Advisory ALAS-2023-2352 vom 2023-12-05 (04.12.2023)
For extra data, see:
Amazon Linux Security Advisory ALAS-2023-1884 vom 2023-12-04 (04.12.2023)
For extra data, see:
Red Hat Security Advisory RHSA-2023:7526 vom 2023-11-28 (28.11.2023)
For extra data, see:
Red Hat Security Advisory RHSA-2023:7533 vom 2023-11-28 (28.11.2023)
For extra data, see:
Oracle Linux Security Advisory ELSA-2023-7428 vom 2023-11-22 (22.11.2023)
For extra data, see:
Red Hat Security Advisory RHSA-2023:7436 vom 2023-11-21 (21.11.2023)
For extra data, see:
Red Hat Security Advisory RHSA-2023:7428 vom 2023-11-21 (21.11.2023)
For extra data, see:
Red Hat Security Advisory RHSA-2023:7405 vom 2023-11-21 (21.11.2023)
For extra data, see:
Red Hat Security Advisory RHSA-2023:7373 vom 2023-11-21 (21.11.2023)
For extra data, see:
Red Hat Security Advisory RHSA-2023:7388 vom 2023-11-21 (21.11.2023)
For extra data, see:
Amazon Linux Security Advisory ALAS-2023-2335 vom 2023-11-16 (15.11.2023)
For extra data, see:
IGEL Security Notice ISN-2023-26 vom 2023-11-09 (09.11.2023)
For extra data, see:
Red Hat Security Advisory RHSA-2023:6808 vom 2023-11-08 (08.11.2023)
For extra data, see:
Red Hat Security Advisory RHSA-2023:6802 vom 2023-11-08 (08.11.2023)
For extra data, see:
SUSE Security Update SUSE-SU-2023:4338-1 vom 2023-11-02 (02.11.2023)
For extra data, see:
Fedora Security Advisory FEDORA-2023-4BB75FA8F2 vom 2023-11-02 (02.11.2023)
For extra data, see:
SUSE Security Update SUSE-SU-2023:4306-1 vom 2023-10-31 (31.10.2023)
For extra data, see:
Ubuntu Security Notice USN-6453-2 vom 2023-10-31 (31.10.2023)
For extra data, see:
SUSE Security Update SUSE-SU-2023:4293-1 vom 2023-10-31 (31.10.2023)
For extra data, see:
SUSE Security Update SUSE-SU-2023:4292-1 vom 2023-10-31 (31.10.2023)
For extra data, see:
SUSE Security Update SUSE-SU-2023:4272-1 vom 2023-10-30 (30.10.2023)
For extra data, see:
SUSE Security Update SUSE-SU-2023:4269-1 vom 2023-10-30 (30.10.2023)
For extra data, see:
OpenBSD 7.3 Errata (25.10.2023)
For extra data, see:
OpenBSD 7.4 Errata (25.10.2023)
For extra data, see:
Fedora Security Advisory FEDORA-2023-2EB445D52B vom 2023-10-26 (25.10.2023)
For extra data, see:
IX.Org Security Advisory vom 2023-10-25 (25.10.2023)
For extra data, see:
Version historical past of this safety alert
This is model 21 of this X.Org X11 IT safety discover. This doc can be up to date as extra updates are introduced. You can examine modifications or additions on this model historical past.
October 25, 2023 – First model
October 30, 2023 – New updates from SUSE added
October 31, 2023 – Added new updates from SUSE and Ubuntu
November 2, 2023 – New updates from Fedora and SUSE added
11/08/2023 – New updates from Red Hat added
November 9, 2023 – New updates from IGEL added
November 15, 2023 – Added new updates from Amazon
11/21/2023 – New updates from Red Hat added
November 22, 2023 – New Oracle Linux updates added
11/28/2023 – New updates from Red Hat added
12/04/2023 – New updates from Amazon added
12/05/2023 – New updates from Amazon added
02.01.2024 – New updates from Red Hat have been added
January 3, 2024 – New Oracle Linux updates added
January 4, 2024 – New updates from the Zero Day Initiative and Oracle Linux have been added
01/10/2024 – New updates from Red Hat added
01/31/2024 – New updates from Gentoo added
02/01/2024 – New Oracle Linux updates added
April 24, 2024 – New updates for Oracle Linux have been added
April 29, 2024 – New updates for Oracle Linux have been added
May 21, 2024 – New updates from Red Hat added
+++ Editorial word: This doc relies on present BSI knowledge and can be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
comply with News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you’ll find sizzling information, present movies and a direct line to the editorial staff.
kns/roj/information.de