A safety alert issued for Red Hat Enterprise Linux (pillow) has acquired an replace from BSI. You can learn an outline of the safety hole together with the most recent updates and details about affected working methods and merchandise right here.
Federal Office for Security in Information Technology (BSI) printed an replace on May 21, 2024 for a safety vulnerability in Red Hat Enterprise Linux (pillow) that was additionally recognized on January 23, 2024. The safety vulnerability impacts the Linux working system and the open supply CentOS, Amazon Linux 2, Red Hat Enterprise Linux, Fedora Linux, Oracle Linux and Gentoo Linux merchandise.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability may be discovered right here: Red Hat Security Advisory RHSA-2024:3005 (From 22 May 2024). Some helpful sources are listed later on this article.
Security Advisory for Red Hat Enterprise Linux (pillow) – Risk: Medium
Risk degree: 3 (average)
CVSS Base Score: 7.5
CVSS provisional rating: 6.5
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of safety vulnerabilities in pc methods. The CVSS commonplace makes it attainable to check potential or precise safety dangers primarily based on numerous standards to create a precedence listing for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of the vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. For short-term impact, body circumstances that will change over time are thought-about within the check. According to CVSS, the present vulnerability risk is assessed as “average” with a base rating of seven.5.
Red Hat Enterprise Linux (pillow) Bug: Vulnerability permits a denial of service
Red Hat Enterprise Linux (RHEL) is a well-liked Linux distribution.
A distant, unknown attacker may exploit a vulnerability in Red Hat Enterprise Linux to conduct a denial of service assault.
Vulnerabilities have been categorized utilizing the CVE (Common Vulnerability and Exposure) designation system for every serial quantity CVE-2023-44271.
Systems affected by the safety hole at a look
working system
Linux
Products
Open Source CentOS (cpe:/o:centos:centos)
Amazon Linux 2 (cpe:/o:amazon:linux_2)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Fedora Linux (cpe:/o:fedoraproject:fedora)
Oracle Linux (cpe:/o:oracle:linux)
Gentoo Linux (cpe:/o:gentoo:linux)
Red Hat Enterprise Linux Pillow
General suggestions for addressing IT safety gaps
- Users of affected methods ought to keep up-to-date. When safety holes are recognized, producers are required to repair them rapidly by growing a patch or workaround. If safety patches can be found, set up them instantly.
- For data, see the sources listed within the subsequent part. This usually comprises further details about the most recent model of the software program in query and the supply of safety patches or efficiency suggestions.
- If you might have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to repeatedly test the required sources to see if a brand new safety replace is offered.
Sources for updates, patches and workarounds
Here you will see that some hyperlinks with details about bug reviews, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:3005 vom 2024-05-22 (21.05.2024)
For extra data, see:
Gentoo Linux Security Advisory GLSA-202405-12 vom 2024-05-05 (05.05.2024)
For extra data, see:
Amazon Linux Security Advisory ALAS-2024-2508 vom 2024-04-01 (01.04.2024)
For extra data, see:
CentOS Security Advisory CESA-2024:0345 vom 2024-01-26 (28.01.2024)
For extra data, see:
Fedora Security Advisory FEDORA-2024-4EF97EBBFC vom 2024-01-27 (28.01.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-0345 vom 2024-01-25 (24.01.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-0345 vom 2024-01-25 (24.01.2024)
For extra data, see:
RedHat Security Advisory vom 2024-01-23 (23.01.2024)
For extra data, see:
RedHat Security Advisory vom 2024-01-23 (23.01.2024)
For extra data, see:
Version historical past of this safety alert
This is model 6 of this IT safety advisory for Red Hat Enterprise Linux (pillow). This doc can be up to date as extra updates are introduced. You can examine modifications or additions on this model historical past.
01/23/2024 – First model
01/24/2024 – New Oracle Linux updates added
01/28/2024 – Added new updates to Fedora and CentOS
April 1, 2024 – Added new updates from Amazon
05/05/2024 – New updates from Gentoo added
May 21, 2024 – New updates from Red Hat added
+++ Editorial be aware: This doc is predicated on present BSI knowledge and can be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you will see that sizzling information, present movies and a direct line to the editorial workforce.
kns/roj/information.de