Home » OpenSSL: Vulnerability permits safety measures to be bypassed

OpenSSL: Vulnerability permits safety measures to be bypassed

by admin
OpenSSL: Vulnerability permits safety measures to be bypassed

As BSI studies, an IT safety alert, relating to the OpenSSL vulnerability, has obtained an replace. You can learn the way affected customers ought to behave right here.

Federal workplace for Security in Information Technology (BSI) issued an replace on June 3, 2024 for the OpenSSL safety vulnerability identified on April 16, 2018. Appliance for functions, Juniper Appliance, Linux, UNIX and Windows and merchandise Debian Linux, Juniper JUNOS, Red Hat Enterprise Linux, Ubuntu Linux, SUSE Linux, Oracle Linux, NetApp OnCommand Unified Manager, Oracle VM, Open Source are affected. safety vulnerabilities in OpenSSL, PaloAlto Networks PAN-OS, Tenable Security Nessus, Dell NetWorker and SolarWinds Platform.

The newest producer suggestions for updates, workarounds and safety patches for this vulnerability could be discovered right here: SolarWinds Platform 2024.2 launch notes (As of June 4, 2024). Some helpful hyperlinks are listed later on this article.

OpenSSL Security Notice – Risk: low

Risk degree: 5 (low)
CVSS Base Score: 4.4
CVSS provisional rating: 3.9
Remote assault: No

The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in laptop techniques. The CVSS customary makes it attainable to check potential or precise safety dangers based mostly on varied standards to create a precedence record for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. For short-term impact, body situations which will change over time are thought-about within the take a look at. According to CVSS, the severity of the present vulnerability is rated as “low” with a base rating of 4.4.

OpenSSL bug: Vulnerability permits safety measures to be bypassed

OpenSSL is a freely accessible supply code library that implements Secure Sockets Layer (SSL) and Transport Layer Security (TLS).

An area attacker may exploit a vulnerability in OpenSSL to bypass safety measures.

Vulnerabilities had been labeled utilizing the CVE (Common Vulnerability and Exposure) designation system for every serial quantity CVE-2018-0737.

Systems affected by the OpenSSL safety vulnerability at a look

Operating techniques
Appliance, Juniper Appliance, Linux, UNIX, Windows

See also  Conference speaker Jabra Speak 2 in the test

Products
Debian Linux (cpe:/o:debian:debian_linux)
Juniper JUNOS (cpe:/o:juniper:junos)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Ubuntu Linux (cpe:/o:canonical:ubuntu_linux)
SUSE Linux (cpe:/o:use:suse_linux)
Oracle Linux (cpe:/o:oracle:linux)
NetApp OnCommand Unified Manager (cpe:/a:netapp:oncommand_unified_manager)
Oracle VM (cpe:/a:oracle:vm)
Open Source OpenSSL Open Source OpenSSL PaloAlto Networks PAN-OS Tenable Security Nessus Dell NetWorker SolarWinds Platform

General steps for coping with IT vulnerabilities

  1. Users of affected techniques ought to keep up-to-date. When safety holes are identified, producers are required to repair them shortly by creating a patch or workaround. If safety patches can be found, set up them instantly.
  2. For info, see the sources listed within the subsequent part. This usually incorporates extra details about the most recent model of the software program in query and the supply of safety patches or efficiency ideas.
  3. If you may have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to commonly verify the desired sources to see if a brand new safety replace is offered.

Sources for updates, patches and workarounds

Here you will see that some hyperlinks with details about bug studies, safety fixes and workarounds.

SolarWinds Platform 2024.2 launch notes vom 2024-06-04 (03.06.2024)
For extra info, see:

Dell Knowledge Base Article (25.01.2024)
For extra info, see:

Oracle Linux Security Advisory ELSA-2022-9272 vom 2022-04-08 (10.04.2022)
For extra info, see:

Oracle Linux Security Advisory ELSA-2021-9150 vom 2021-04-01 (31.03.2021)
For extra info, see:

Pulse Secure Security Advisory SA44073 vom 2020-06-23 (23.06.2020)
For extra info, see:

Juniper Security Advisory JSA10990 vom 2020-01-08 (08.01.2020)
For extra info, see:

Red Hat Security Advisory RHSA-2019:3935 vom 2019-11-20 (20.11.2019)
For extra info, see:

Red Hat Security Advisory RHSA-2019:3933 vom 2019-11-20 (20.11.2019)
For extra info, see:

Red Hat Security Advisory RHSA-2019:3932 vom 2019-11-20 (20.11.2019)
For extra info, see:

Oracle Linux Security Advisory ELSA-2019-4747 vom 2019-08-16 (18.08.2019)
For extra info, see:

Oraclevm-errata OVMSA-2019-0040 vom 2019-08-15 (15.08.2019)
For extra info, see:

Oracle Linux Security Advisory ELSA-2019-2471 vom 2019-08-14 (13.08.2019)
For extra info, see:

SUSE Security Update SUSE-SU-2019:1553-1 vom 2019-06-19 (18.06.2019)
For extra info, see:

SUSE Security Update SUSE-SU-2018:3864-2 vom 2019-04-28 (28.04.2019)
For extra info, see:

See also  Minors and artificial intelligence: in search of critical thinking

Oracle Linux Security Advisory ELSA-2019-4581 vom 2019-03-13 (13.03.2019)
For extra info, see:

SUSE Security Update SUSE-SU-2019:0197-1 vom 2019-01-30 (29.01.2019)
For extra info, see:

Debian Security Advisory DSA-4348 vom 2018-12-01 (02.12.2018)
For extra info, see:

GENTOO Security Advisory GLSA201811-21 vom 2018-11-29 (28.11.2018)
For extra info, see:

SUSE Security Update SUSE-SU-2018:3864-1 vom 2018-11-23 (22.11.2018)
For extra info, see:

Oracle Linux Security Advisory ELSA-2018-4267 vom 2018-11-07 (06.11.2018)
For extra info, see:

Oracle Linux Security Advisory ELSA-2018-3221 vom 2018-11-06 (05.11.2018)
For extra info, see:

Red Hat Security Advisory RHSA-2018:3221 vom 2018-10-31 (30.10.2018)
For extra info, see:

Paid Security Advisory ID:TNS-2018-14 (23.10.2018)
For extra info, see:

Oracle Linux Security Advisory ELSA-2018-4253 vom 2018-10-16 (15.10.2018)
For extra info, see:

Oracle Linux Security Advisory ELSA-2018-4254 vom 2018-10-16 (15.10.2018)
For extra info, see:

Oracle Linux Security Advisory ELSA-2018-4249 vom 2018-10-13 (14.10.2018)
For extra info, see:

Oracle Linux Security Advisory ELSA-2018-4248 vom 2018-10-13 (14.10.2018)
For extra info, see:

Palo Alto Networks Security Advisory (11.10.2018)
For extra info, see:

SUSE Security Update SUSE-SU-2018:2965-1 vom 2018-10-02 (01.10.2018)
For extra info, see:

SUSE Security Update SUSE-SU-2018:2928-1 vom 2018-09-28 (30.09.2018)
For extra info, see:

SUSE Security Update SUSE-SU-2018:2683-1 vom 2018-09-11 (10.09.2018)
For extra info, see:

SUSE Security Update SUSE-SU-2018:2545-1 vom 2018-08-29 (28.08.2018)
For extra info, see:

SUSE Security Update SUSE-SU-2018:2492-1 vom 2018-08-24 (26.08.2018)
For extra info, see:

SUSE Security Update SUSE-SU-2018:2486-1 vom 2018-08-24 (23.08.2018)
For extra info, see:

NetApp Security Advisory NTAP-20180726-0003 vom 2018-07-27 (26.07.2018)
For extra info, see:

Ubuntu Security Notice USN-3692-1 vom 2018-06-27 (26.06.2018)
For extra info, see:

OpenSSL Security Advisory vom 2018-04-16 (16.04.2018)
For extra info, see:

Version historical past of this safety alert

This is model 42 of this OpenSSL IT safety discover. This doc will likely be up to date as extra updates are introduced. You can see the modifications made utilizing the model historical past under.

16.04.2018 – Early Release
April 16, 2018 – Version not accessible
26.06.2018 – A brand new repair is ​​accessible
26.07.2018 – A brand new repair is ​​accessible
July 26, 2018 – Version not accessible
July 26, 2018 – Version not accessible
July 26, 2018 – Version not accessible
23.08.2018 – A brand new repair is ​​accessible
26.08.2018 – A brand new repair is ​​accessible
28.08.2018 – A brand new repair is ​​accessible
10.09.2018 – New repair accessible
23.09.2018 – Additional references
30.09.2018 – A brand new repair is ​​accessible
01.10.2018 – A brand new repair is ​​accessible
11.10.2018 – New repair accessible
14.10.2018 – New repair accessible
15.10.2018 – New repair accessible
23.10.2018 – New repair accessible
28.10.2018 – A brand new repair is ​​accessible
30.10.2018 – A brand new repair is ​​accessible
05.11.2018 – A brand new repair is ​​accessible
06.11.2018 – A brand new repair is ​​accessible
22.11.2018 – New repair accessible
28.11.2018 – A brand new repair is ​​accessible
02.12.2018 – A brand new repair is ​​accessible
01/29/2019 – New updates from SUSE added
02/28/2019 – Reference added:
March 13, 2019 – Added new updates for Oracle Linux
April 28, 2019 – New updates from SUSE have been added
June 18, 2019 – New updates from SUSE added
08/13/2019 – New updates for Oracle Linux have been added
August 15, 2019 – New updates from Oracle
August 18, 2019 – New updates for Oracle Linux have been added
09/10/2019 – References added: FEDORA-2019-9A0A7C0986, FEDORA-2019-00C25B9379
09/11/2019 – References added: FEDORA-2019-DB06EFDEA1
November 20, 2019 – New updates from Red Hat have been added
January 8, 2020 – New updates from Juniper added
June 23, 2020 – New updates from Pulse Secure have been added
March 31, 2021 – New Oracle Linux updates added
April 10, 2022 – New updates for Oracle Linux have been added
01/25/2024 – New updates from Dell added
June 3, 2024 – New updates added

See also  Stock market podcast: Mercedes, Waymo, Uber - who benefits from Tesla's robo-fantasy

+++ Editorial word: This doc relies on present BSI information and will likely be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++

observe News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you will see that scorching information, present movies and a direct line to the editorial workforce.

kns/roj/information.de

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy