The safety alert issued for X.Org X11 has acquired an replace from BSI. You can learn how affected customers ought to behave right here.
Federal workplace for Security in Information Technology (BSI) issued an replace on May 21, 2024 to the X.Org X11 high-risk safety gap identified on October 3, 2023. The safety vulnerability impacts Linux, UNIX and Windows working programs and merchandise i -Debian Linux, Amazon Linux 2, Red Hat Enterprise Linux, Fedora Linux, Ubuntu Linux, SUSE Linux, IGEL OS, Open Source X.Org X11 and IBM Connect Business.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability may be discovered right here: Red Hat Security Advisory RHSA-2024:2973 (From 22 May 2024). Some helpful assets are listed later on this article.
Multiple X.Org X11 Vulnerabilities – Risk: High
Risk degree: 4 (excessive)
CVSS Base Score: 8.8
CVSS provisional rating: 7,7
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of pc programs. The CVSS commonplace makes it doable to check potential or precise safety dangers primarily based on numerous metrics with the intention to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of the vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. Temporary scores additionally bear in mind modifications over time within the threat scenario. According to CVSS, the severity of the present vulnerability is rated as “excessive” with a base rating of 8.8.
IX.Org X11 Bug: Description of assault
IX Window System is used to create graphical interfaces on Unix programs.
A distant, unknown attacker may exploit a number of vulnerabilities in X.Org X11 to execute arbitrary code, expose info, or trigger a denial of service.
Vulnerabilities are categorised utilizing the CVE (Common Vulnerability and Exposure) designation system by their particular person serial numbers CVE-2023-43785, CVE-2023-43786, CVE-2023-43787, CVE-2023-43788 and CVE-2023-43789.
Systems affected by the safety hole at a look
Operating programs
Linux, UNIX, Windows
Products
Debian Linux (cpe:/o:debian:debian_linux)
Amazon Linux 2 (cpe:/o:amazon:linux_2)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Fedora Linux (cpe:/o:fedoraproject:fedora)
Ubuntu Linux (cpe:/o:canonical:ubuntu_linux)
SUSE Linux (cpe:/o:use:suse_linux)
IGEL OS (cpe:/o:igel:os)
Open Source X.Org X11 IBM App Connect Enterprise (cpe:/a:ibm:app_connect_enterprise)
General suggestions for coping with IT vulnerabilities
- Users of affected programs ought to keep up-to-date. When safety holes are identified, producers are required to repair them rapidly by growing a patch or workaround. If safety patches can be found, set up them instantly.
- For info, see the sources listed within the subsequent part. This typically incorporates further details about the most recent model of the software program in query and the supply of safety patches or efficiency ideas.
- If you may have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to examine each time a producing firm makes a brand new safety replace accessible.
Manufacturer details about updates, patches and workarounds
Here you can find some hyperlinks with details about bug experiences, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:2973 vom 2024-05-22 (21.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2974 vom 2024-05-22 (21.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:3022 vom 2024-05-22 (21.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2145 vom 2024-04-30 (01.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2217 vom 2024-04-30 (29.04.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2146 vom 2024-04-30 (29.04.2024)
For extra info, see:
IBM Security Bulletin 7114471 vom 2024-02-02 (04.02.2024)
For extra info, see:
Amazon Linux Security Advisory ALAS-2024-2389 vom 2024-01-10 (09.01.2024)
For extra info, see:
Amazon Linux Security Advisory ALAS-2023-1894 vom 2023-12-06 (05.12.2023)
For extra info, see:
Amazon Linux Security Advisory ALAS-2023-1895 vom 2023-12-06 (05.12.2023)
For extra info, see:
Amazon Linux Security Advisory ALAS-2023-2356 vom 2023-12-05 (04.12.2023)
For extra info, see:
Fedora Security Advisory FEDORA-2023-E1C7FAE02E vom 2023-11-27 (27.11.2023)
For extra info, see:
Fedora Security Advisory FEDORA-2023-BA2E60E743 vom 2023-11-27 (27.11.2023)
For extra info, see:
Fedora Security Advisory FEDORA-2023-25329C196B vom 2023-11-27 (27.11.2023)
For extra info, see:
Amazon Linux Security Advisory ALAS-2023-1875 vom 2023-11-04 (05.11.2023)
For extra info, see:
Amazon Linux Security Advisory ALAS-2023-1859 vom 2023-10-25 (24.10.2023)
For extra info, see:
Ubuntu Security Notice USN-6408-2 vom 2023-10-23 (23.10.2023)
For extra info, see:
Amazon Linux Security Advisory ALAS2-2023-2296 vom 2023-10-20 (19.10.2023)
For extra info, see:
Amazon Linux Security Advisory ALAS2-2023-2295 vom 2023-10-20 (19.10.2023)
For extra info, see:
Fedora Security Advisory FEDORA-2023-591B7F5047 vom 2023-10-11 (10.10.2023)
For extra info, see:
Ubuntu Security Notice USN-6407-2 vom 2023-10-10 (10.10.2023)
For extra info, see:
IGEL Security Notice ISN-2023-22 vom 2023-10-06 (08.10.2023)
For extra info, see:
Debian Security Advisory DSA-5517 vom 2023-10-05 (05.10.2023)
For extra info, see:
Debian Security Advisory DLA-3603 vom 2023-10-05 (05.10.2023)
For extra info, see:
Debian Security Advisory DSA-5516 vom 2023-10-05 (05.10.2023)
For extra info, see:
SUSE Security Update SUSE-SU-2023:3989-1 vom 2023-10-05 (05.10.2023)
For extra info, see:
Debian Security Advisory DLA-3602 vom 2023-10-05 (04.10.2023)
For extra info, see:
Fedora Security Advisory FEDORA-2023-C4CF6646B9 vom 2023-10-05 (04.10.2023)
For extra info, see:
SUSE Security Update SUSE-SU-2023:3962-1 vom 2023-10-04 (03.10.2023)
For extra info, see:
SUSE Security Update SUSE-SU-2023:3963-1 vom 2023-10-04 (03.10.2023)
For extra info, see:
SUSE Security Update SUSE-SU-2023:3965-1 vom 2023-10-04 (03.10.2023)
For extra info, see:
Joining the OSS mailing checklist from 2023-10-03 (03.10.2023)
For extra info, see:
Version historical past of this safety alert
This is model 17 of this X.Org X11 IT safety discover. If additional updates are introduced, this doc shall be up to date. You can examine modifications or additions on this model historical past.
October 3, 2023 – First model
October 4, 2023 – New updates from Fedora added
October 5, 2023 – Added new updates from SUSE and Debian
October 8, 2023 – New updates from IGEL added
October 10, 2023 – Added new persona updates
October 19, 2023 – Added new updates from Amazon
October 23, 2023 – Added new persona updates
October 24, 2023 – Added new updates from Amazon
November 5, 2023 – Added new updates from Amazon
November 27, 2023 – New updates from Fedora added
12/04/2023 – New updates from Amazon added
12/05/2023 – New updates from Amazon added
January 9, 2024 – New updates from Amazon added
02/04/2024 – New updates from IBM added
April 29, 2024 – New updates from Red Hat have been added
May 1, 2024 – New updates from Red Hat added
May 21, 2024 – New updates from Red Hat added
+++ Editorial be aware: This doc relies on present BSI information and shall be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you can find sizzling information, present movies and a direct line to the editorial group.
kns/roj/information.de