Home » OpenSSL: Vulnerability permits safety measures to be bypassed

OpenSSL: Vulnerability permits safety measures to be bypassed

by admin
OpenSSL: Vulnerability permits safety measures to be bypassed

The safety alert issued for OpenSSL has acquired an replace from BSI. You can learn the way affected customers ought to behave right here.

Federal workplace for Security in Information Technology (BSI) printed an replace on June 3, 2024 concerning an OpenSSL safety vulnerability identified on November 2, 2017. The safety vulnerability impacts Linux, NetApp Appliance, UNIX and Windows working techniques and merchandise i -Debian Linux, FreeBSD Project FreeBSD OS, Juniper JUNOS, Red Hat Enterprise Linux, NetApp Data ONTAP, Ubuntu Linux, SUSE Linux, Oracle Linux, NetApp OnCommand Unified Manager , Hitachi Command Suite, Open Source OpenSSL, Dell NetWorker and SolarWinds Platform.

The newest producer suggestions for updates, workarounds and safety patches for this vulnerability may be discovered right here: SolarWinds Platform 2024.2 launch notes (As of June 4, 2024). Some helpful assets are listed later on this article.

OpenSSL Security Notice – Risk: reasonable

Risk stage: 5 (reasonable)
CVSS Base Score: 5.9
CVSS interim rating: 5,2
Remote assault: No

The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of pc techniques. The CVSS commonplace makes it attainable to check potential or precise safety dangers based mostly on numerous metrics with a view to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. Temporal scores additionally keep in mind modifications over time within the danger state of affairs. The severity of the present vulnerability is classed as “reasonable” based on the CVSS with a base rating of 5.9.

See also  IT safety: A brand new safety hole in IBM AIX and VIOS

OpenSSL bug: Vulnerability permits safety measures to be bypassed

OpenSSL is a freely out there supply code library that implements Secure Sockets Layer (SSL) and Transport Layer Security (TLS).

An area attacker might exploit a vulnerability in OpenSSL to bypass safety measures.

Vulnerabilities have been categorized utilizing the CVE (Common Vulnerabilities and Exposures) reference system for every serial quantity CVE-2017-3736.

Systems affected by the OpenSSL safety vulnerability at a look

Operating techniques
Linux, NetApp Appliance, UNIX, Windows

Products
Debian Linux (cpe:/o:debian:debian_linux)
FreeBSD Project FreeBSD OS (cpe:/o:freebsd:freebsd)
Juniper JUNOS (cpe:/o:juniper:junos)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
NetApp Data ONTAP (cpe:/a:netapp:data_ontap)
Ubuntu Linux (cpe:/o:canonical:ubuntu_linux)
SUSE Linux (cpe:/o:use:suse_linux)
Oracle Linux (cpe:/o:oracle:linux)
NetApp OnCommand Unified Manager (cpe:/a:netapp:oncommand_unified_manager)
Hitachi Command Suite (cpe:/a:hitachi:command_suite)
Open Source OpenSSL Open Source OpenSSL Dell NetWorker SolarWinds Platform

General suggestions for addressing IT safety gaps

  1. Users of affected techniques ought to keep up-to-date. When safety holes are identified, producers are required to repair them rapidly by creating a patch or workaround. When new safety updates can be found, set up them instantly.
  2. For info, see the sources listed within the subsequent part. This typically incorporates extra details about the most recent model of the software program in query and the supply of safety patches or efficiency suggestions.
  3. If you could have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to usually verify the desired sources to see if a brand new safety replace is offered.

Manufacturer details about updates, patches and workarounds

Here you’ll discover some hyperlinks with details about bug stories, safety fixes and workarounds.

SolarWinds Platform 2024.2 launch notes vom 2024-06-04 (03.06.2024)
For extra info, see:

See also  Who was Griselda Blanco? See the real story of the drug trafficker behind the Netflix series - World

Dell Knowledge Base Article (25.01.2024)
For extra info, see:

Oracle Linux Security Advisory ELSA-2019-4581 vom 2019-03-13 (13.03.2019)
For extra info, see:

SUSE Security Update SUSE-SU-2018:2839-1 vom 2018-09-24 (24.09.2018)
For extra info, see:

Red Hat Security Advisory RHSA-2018:2568 vom 2018-08-27 (27.08.2018)
For extra info, see:

Hitachi Safety Information hitachi-sec-2018-124 (07.08.2018)
For extra info, see:

Red Hat Security Advisory RHSA-2018:2185 vom 2018-07-13 (12.07.2018)
For extra info, see:

Oracle Linux Security Advisory ELSA-2018-4077 vom 2018-04-19 (18.04.2018)
For extra info, see:

Juniper Security Advisory JSA10851 vom 2018-04-12 (12.04.2018)
For extra info, see:

SUSE Security Update SUSE-SU-2018:0293-1 vom 2018-01-30 (30.01.2018)
For extra info, see:

SUSE Security Update SUSE-SU-2018:0002-1 vom 2018-01-02 (02.01.2018)
For extra info, see:

McAfee Security Bulletin: SB10220 (21.12.2017)
For extra info, see:

F5 Security Advisory K14363514 vom 2017-12-15 (17.12.2017)
For extra info, see:

SUSE Security Update SUSE-SU-2017:3343-1 vom 2017-12-16 (17.12.2017)
For extra info, see:

Paid Security Advisory ID: TNS-2017-15 (07.12.2017)
For extra info, see:

SUSE Security Update SUSE-SU-2017:3169-1 vom 2017-12-01 (30.11.2017)
For extra info, see:

FreeBSD Security Advisory FREEBSD-SA-17:11.OPENSSL vom 2017-11-29 (28.11.2017)
For extra info, see:

NetAPP Security Advisory NTAP-20171107-0002 vom 2017-11-08 (08.11.2017)
For extra info, see:

Ubuntu Security Notice USN-3475-1 vom 2017-11-06 (06.11.2017)
For extra info, see:

Debian Security Advisory DSA-4017 vom 2017-11-04 (05.11.2017)
For extra info, see:

Debian Security Advisory DSA-4018 vom 2017-11-04 (05.11.2017)
For extra info, see:

OpenSSL Security Advisory vom 2017-11-02 (02.11.2017)
For extra info, see:

Version historical past of this safety alert

This is model 28 of this OpenSSL IT safety discover. This doc will likely be up to date as extra updates are introduced. You can examine modifications or additions on this model historical past.

See also  #believebandich Challenge: These sustainability startups are there

02.11.2017 – Original Release
11/02/2017 – Version not out there
05.11.2017 – A brand new repair is ​​out there
06.11.2017 – A brand new repair is ​​out there
11/06/2017 – Version not out there
13.11.2017 – Added references
11/13/2017 – Version not out there
14.11.2017 – Added references
30.11.2017 – New repair out there
07.12.2017 – A brand new repair is ​​out there
14.12.2017 – Added references
21.12.2017 – New repair out there
02.01.2018 – A brand new repair is ​​out there
02/01/2018 – Version not out there
30.01.2018 – A brand new repair is ​​out there
12.04.2018 – New repair out there
April 12, 2018 – Version not out there
18.04.2018 – A brand new repair is ​​out there
12.07.2018 – New repair out there
07.08.2018 – A brand new repair is ​​out there
Aug 7, 2018 – Version not out there
Aug 7, 2018 – Version not out there
Aug 7, 2018 – Version not out there
27.08.2018 – A brand new repair is ​​out there
24.09.2018 – A brand new repair is ​​out there
March 13, 2019 – Added new updates for Oracle Linux
01/25/2024 – New updates from Dell added
June 3, 2024 – New updates added

+++ Editorial be aware: This doc relies on present BSI information and will likely be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++

comply with News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you’ll discover scorching information, present movies and a direct line to the editorial group.

kns/roj/information.de

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy