A safety advisory issued for Red Hat Enterprise Linux and Directory Server has obtained an replace from BSI. You can examine which working techniques and merchandise are affected by the safety hole right here at information.de.
Federal Office for Security in Information Technology (BSI) printed an replace on May 21, 2024 for a safety vulnerability in Red Hat Enterprise Linux and Directory Server recognized on March 4, 2024. The safety vulnerability impacts the Linux working system and Red Hat Enterprise Linux merchandise , SUSE Linux and Red Hat Directory Server.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability may be discovered right here: Red Hat Security Advisory RHSA-2024:3047 (From 22 May 2024). Some helpful hyperlinks are listed later on this article.
Security Advisory for Red Hat Enterprise Linux and Directory Server – Risk: Medium
Risk stage: 3 (reasonable)
CVSS Base Score: 5.5
CVSS provisional rating: 4.8
Remote assault: No
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in pc techniques. The CVSS commonplace makes it attainable to match potential or precise safety dangers primarily based on numerous metrics to create a precedence listing for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of the vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. For momentary impact, body circumstances that will change over time are thought-about within the check. The severity of the vulnerability talked about right here is classed as “reasonable” in response to the CVSS with a base rating of 5.5.
Red Hat Enterprise Linux and listing server bug: Vulnerability allows a denial of service
Red Hat Enterprise Linux (RHEL) is a well-liked Linux distribution Red Hat Directory Server is an open supply LDAP server.
An area attacker might exploit vulnerabilities in Red Hat Enterprise Linux and Red Hat Directory Server to carry out a denial of service assault.
Vulnerabilities are recognized by a CVE (Common Vulnerabilities and Exposures) ID quantity. CVE-2024-1062 on the market.
Systems affected by the safety hole at a look
working system
Linux
Products
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
SUSE Linux (cpe:/o:use:suse_linux)
Red Hat Enterprise Linux Red Hat Enterprise Linux 8 (cpe:/o:redhat:enterprise_linux)
Red Hat Enterprise Linux 9 (cpe:/o:redhat:enterprise_linux)
Red Hat Directory Server 11 (cpe:/a:redhat:directory_server)
Red Hat Directory Server 12 (cpe:/a:redhat:directory_server)
Common steps to handle IT safety gaps
- Users of the affected apps ought to keep up-to-date. When safety holes are recognized, producers are required to repair them shortly by growing a patch or workaround. If safety patches can be found, set up them instantly.
- For data, see the sources listed within the subsequent part. This typically accommodates extra details about the most recent model of the software program in query and the provision of safety patches or efficiency suggestions.
- If you’ve any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to test each time a producing firm makes a brand new safety replace accessible.
Manufacturer details about updates, patches and workarounds
Here you’ll discover some hyperlinks with details about bug experiences, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:3047 vom 2024-05-22 (21.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1372 vom 2024-03-19 (18.03.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:0908-1 vom 2024-03-15 (17.03.2024)
For extra data, see:
RedHat Security Advisory vom 2024-03-04 (04.03.2024)
For extra data, see:
Version historical past of this safety alert
This is the fourth model of this IT safety advisory for Red Hat Enterprise Linux and Directory Server. This doc will probably be up to date as extra updates are introduced. You can see the modifications made utilizing the model historical past under.
March 4, 2024 – First model
03/17/2024 – New updates from SUSE added
03/18/2024 – New updates from Red Hat added
May 21, 2024 – New updates from Red Hat added
+++ Editorial be aware: This doc relies on present BSI knowledge and will probably be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you’ll discover scorching information, present movies and a direct line to the editorial crew.
kns/roj/information.de