As BSI reviews, an IT safety alert, relating to a vulnerability in Red Hat Enterprise Linux, has obtained an replace. You can learn the outline of the safety holes together with the most recent updates and details about the affected working programs and merchandise right here.
Federal Office for Security in Information Technology (BSI) has issued an replace on May 21, 2024 to a important safety gap in Red Hat Enterprise Linux identified on May 1, 2024. The safety vulnerability impacts the Linux working system and the Red Hat Enterprise Linux and Oracle Linux merchandise .
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability will be discovered right here: Red Hat Security Advisory RHSA-2024:2987 (From 22 May 2024). Some helpful hyperlinks are listed later on this article.
Multiple Vulnerabilities for Red Hat Enterprise Linux – Risk: High
Risk stage: 4 (excessive)
CVSS Base Score: 8.8
CVSS provisional rating: 7,7
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in laptop programs. The CVSS customary makes it attainable to check potential or precise safety dangers primarily based on numerous metrics to create a precedence checklist for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of the vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. Temporal scores additionally keep in mind modifications over time within the danger scenario. The severity of the present vulnerability is assessed as “excessive” in accordance with the CVSS with a base rating of 8.8.
Red Hat Enterprise Linux Bug: Impact of IT assaults
Red Hat Enterprise Linux (RHEL) is a well-liked Linux distribution.
An attacker might exploit a number of vulnerabilities in Red Hat Enterprise Linux to trigger a denial of service, execute malicious code, expose delicate info, manipulate information, carry out a cross-site scripting (XSS) assault, or a menu-in-the-middle assault.
Vulnerabilities are labeled utilizing the CVE (Common Vulnerability and Exposure) designation system by their particular person serial numbers CVE-2023-45803, CVE-2024-28102, CVE-2023-52323, CVE-2024-22195, CVE-2024-3019, CVE-2023-45897 and CVE-2024-2307.
Systems affected by the safety hole at a look
working system
Linux
Products
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Oracle Linux (cpe:/o:oracle:linux)
Red Hat Enterprise Linux
General suggestions for addressing IT safety gaps
- Users of affected programs ought to keep up-to-date. When safety holes are identified, producers are required to repair them rapidly by creating a patch or workaround. If safety patches can be found, set up them instantly.
- For info, see the sources listed within the subsequent part. This usually comprises further details about the most recent model of the software program in query and the provision of safety patches or efficiency ideas.
- If you’ve gotten any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to often verify the required sources to see if a brand new safety replace is offered.
Manufacturer details about updates, patches and workarounds
Here you will discover some hyperlinks with details about bug reviews, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:2987 vom 2024-05-22 (21.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:3102 vom 2024-05-22 (21.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2952 vom 2024-05-22 (21.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2961 vom 2024-05-22 (21.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2968 vom 2024-05-22 (21.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2988 vom 2024-05-22 (21.05.2024)
For extra info, see:
Oracle Linux Security Advisory ELSA-2024-2566 vom 2024-05-09 (09.05.2024)
For extra info, see:
Oracle Linux Security Advisory ELSA-2024-2559 vom 2024-05-07 (07.05.2024)
For extra info, see:
RedHat Security Advisory vom 2024-05-01 (01.05.2024)
For extra info, see:
RedHat Security Advisory vom 2024-05-01 (01.05.2024)
For extra info, see: RHSA-2024:2559
RedHat Security Advisory vom 2024-05-01 (01.05.2024)
For extra info, see: RHSA-2024:2437
RedHat Security Advisory vom 2024-05-01 (01.05.2024)
For extra info, see: RHSA-2024:2132
RedHat Security Advisory vom 2024-05-01 (01.05.2024)
For extra info, see: RHSA-2024:2119
Version historical past of this safety alert
This is the fourth model of this IT safety advisory for Red Hat Enterprise Linux. If additional updates are introduced, this doc might be up to date. You can examine modifications or additions on this model historical past.
May 1, 2024 – First model
May 7, 2024 – New Oracle Linux updates added
May 9, 2024 – New Oracle Linux updates added
May 21, 2024 – New updates from Red Hat added
+++ Editorial be aware: This doc is predicated on present BSI knowledge and might be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
comply with News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you will discover scorching information, present movies and a direct line to the editorial group.
kns/roj/information.de