An IT safety alert replace for a identified vulnerability has been launched for Red Hat Enterprise Linux. You can learn how affected customers ought to behave right here.
Federal workplace for Security in Information Technology (BSI) has revealed an replace on May 22, 2024 to a high-risk safety gap in Red Hat Enterprise Linux identified on May 1, 2024. The safety vulnerability impacts the Linux working system and the Red Hat Enterprise Linux and Oracle Linux merchandise .
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability may be discovered right here: Red Hat Security Advisory RHSA-2024:3325 (From 23 May 2024). Some helpful hyperlinks are listed later on this article.
Multiple Vulnerabilities for Red Hat Enterprise Linux – Risk: High
Risk stage: 4 (excessive)
CVSS Base Score: 8.8
CVSS provisional rating: 7,7
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in pc methods. The CVSS commonplace makes it attainable to match potential or precise safety dangers primarily based on numerous metrics in an effort to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. For short-term impact, body circumstances which will change over time are thought of within the check. According to CVSS, the danger of the present vulnerability is assessed as “excessive” with 8.8 foundation factors.
Red Hat Enterprise Linux Bug: Description of the assault
Red Hat Enterprise Linux (RHEL) is a well-liked Linux distribution.
An attacker might exploit a number of vulnerabilities in Red Hat Enterprise Linux to trigger a denial of service, execute malicious code, expose delicate info, manipulate information, carry out a cross-site scripting (XSS) assault, or a menu-in-the-middle assault.
Vulnerabilities are recognized by CVE (Common Vulnerabilities and Exposures) ID numbers. CVE-2023-45803, CVE-2024-28102, CVE-2023-52323, CVE-2024-22195, CVE-2024-3019, CVE-2023-45897 and CVE-2024-2307 on the market.
Systems affected by the safety hole at a look
working system
Linux
Products
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Oracle Linux (cpe:/o:oracle:linux)
Red Hat Enterprise Linux
Common steps to handle IT safety gaps
- Users of the affected apps ought to keep up-to-date. When safety holes are identified, producers are required to repair them shortly by growing a patch or workaround. When new safety updates can be found, set up them instantly.
- For info, see the sources listed within the subsequent part. This typically accommodates extra details about the most recent model of the software program in query and the supply of safety patches or efficiency ideas.
- If you may have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to repeatedly test the required sources to see if a brand new safety replace is obtainable.
Manufacturer details about updates, patches and workarounds
Here you’ll find some hyperlinks with details about bug experiences, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:3325 vom 2024-05-23 (22.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:3324 vom 2024-05-23 (22.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:3323 vom 2024-05-23 (22.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:3322 vom 2024-05-23 (22.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:3321 vom 2024-05-23 (22.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:3264 vom 2024-05-22 (21.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:3267 vom 2024-05-22 (21.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2987 vom 2024-05-22 (21.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:3102 vom 2024-05-22 (21.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2952 vom 2024-05-22 (21.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2961 vom 2024-05-22 (21.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2968 vom 2024-05-22 (21.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2988 vom 2024-05-22 (21.05.2024)
For extra info, see:
Oracle Linux Security Advisory ELSA-2024-2566 vom 2024-05-09 (09.05.2024)
For extra info, see:
Oracle Linux Security Advisory ELSA-2024-2559 vom 2024-05-07 (07.05.2024)
For extra info, see:
RedHat Security Advisory vom 2024-05-01 (01.05.2024)
For extra info, see:
RedHat Security Advisory vom 2024-05-01 (01.05.2024)
For extra info, see: RHSA-2024:2559
RedHat Security Advisory vom 2024-05-01 (01.05.2024)
For extra info, see: RHSA-2024:2437
RedHat Security Advisory vom 2024-05-01 (01.05.2024)
For extra info, see: RHSA-2024:2132
RedHat Security Advisory vom 2024-05-01 (01.05.2024)
For extra info, see: RHSA-2024:2119
Version historical past of this safety alert
This is model 5 of this IT safety advisory for Red Hat Enterprise Linux. If additional updates are introduced, this doc will probably be up to date. You can examine adjustments or additions on this model historical past.
May 1, 2024 – First model
May 7, 2024 – New Oracle Linux updates added
May 9, 2024 – New Oracle Linux updates added
May 21, 2024 – New updates from Red Hat added
05/22/2024 – New updates from Red Hat have been added
+++ Editorial be aware: This doc is predicated on present BSI information and will probably be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you’ll find scorching information, present movies and a direct line to the editorial group.
kns/roj/information.de