As BSI reviews, an IT safety warning a couple of identified QT vulnerability has acquired an replace. You can discover out what affected customers can do right here.
Federal workplace for Security in Information Technology (BSI) printed an replace on May 21, 2024 for the QT safety vulnerability identified on December 26, 2023. The safety vulnerability impacts the Linux working system and merchandise Amazon Linux 2, Red Hat Enterprise Linux , SUSE Linux, Gentoo Linux and Open Source QT.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability might be discovered right here: Red Hat Security Advisory RHSA-2024:3056 (From 22 May 2024). Some helpful hyperlinks are listed later on this article.
QT security warning – threat: medium
Risk stage: 3 (average)
CVSS Base Score: 7.5
CVSS provisional rating: 6.5
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in laptop methods. The CVSS customary makes it potential to check potential or precise safety dangers primarily based on numerous standards as a way to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of the vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. For non permanent impact, body circumstances that will change over time are thought-about within the check. According to the CVSS, the present vulnerability is assessed as “average” with 7.5 foundation factors.
QT Bug: A vulnerability permits a denial of service
Qt is a C++ class library for cross-platform programming of graphical consumer interfaces.
A distant, unknown attacker might exploit a vulnerability in QT to trigger a denial of service situation.
Vulnerabilities have been categorised utilizing the CVE (Common Vulnerabilities and Exposures) reference system for every serial quantity CVE-2023-51714.
Systems affected by the QT safety vulnerability at a look
working system
Linux
Products
Amazon Linux 2 (cpe:/o:amazon:linux_2)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
SUSE Linux (cpe:/o:use:suse_linux)
Gentoo Linux (cpe:/o:gentoo:linux)
QT Open Source QT Open Source QT Open Source QT
General suggestions for coping with IT vulnerabilities
- Users of the affected apps ought to keep up-to-date. When safety holes are identified, producers are required to repair them rapidly by creating a patch or workaround. If safety patches can be found, set up them instantly.
- For data, see the sources listed within the subsequent part. This usually comprises extra details about the newest model of the software program in query and the provision of safety patches or efficiency suggestions.
- If you’ve gotten any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to recurrently verify the required sources to see if a brand new safety replace is offered.
Manufacturer details about updates, patches and workarounds
Here you will see that some hyperlinks with details about bug reviews, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:3056 vom 2024-05-22 (21.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2276 vom 2024-04-30 (29.04.2024)
For extra data, see:
Gentoo Linux Security Advisory GLSA-202402-21 vom 2024-02-18 (18.02.2024)
For extra data, see:
Amazon Linux Security Advisory ALAS-2024-2421 vom 2024-01-23 (22.01.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:0138-1 vom 2024-01-18 (18.01.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:0063-1 vom 2024-01-08 (08.01.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:0063-1 vom 2024-01-08 (08.01.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:0063-1 vom 2024-01-08 (08.01.2024)
For extra data, see:
Red Hat Bugzilla – Bug 2255856 from 2023-12-26 (26.12.2023)
For extra data, see:
Version historical past of this safety alert
This is model 7 of this QT IT safety discover. This doc shall be up to date as extra updates are introduced. You can examine adjustments or additions on this model historical past.
December 26, 2023 – First model
01/08/2024 – New updates from SUSE added
01/18/2024 – New updates from SUSE added
01/22/2024 – New updates from Amazon added
02/18/2024 – New updates from Gentoo added
April 29, 2024 – New updates from Red Hat have been added
May 21, 2024 – New updates from Red Hat added
+++ Editorial observe: This doc is predicated on present BSI knowledge and shall be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
comply with News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you will see that sizzling information, present movies and a direct line to the editorial crew.
kns/roj/information.de