An IT safety alert replace for a recognized vulnerability has been issued for Red Hat Enterprise Linux. You can learn how affected customers ought to behave right here.
Federal workplace for Security in Information Technology (BSI) has issued an replace on May 21, 2024 for the safety vulnerability of Red Hat Enterprise Linux recognized on March 20, 2024. The safety vulnerability impacts the Linux working system and merchandise Red Hat Ansible Automation Platform, Red Hat Enterprise Linux, Oracle Linux, IBM MQ, Red Hat OpenShift and RESF Rocky Linux.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability will be discovered right here: Red Hat Security Advisory RHSA-2024:3265 (From 22 May 2024). Some helpful assets are listed later on this article.
Red Hat Enterprise Linux Security Advisory – Risk: Medium
Risk degree: 3 (average)
CVSS Base Score: 7.5
CVSS provisional rating: 6.9
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in laptop methods. The CVSS customary makes it potential to match potential or precise safety dangers primarily based on varied standards to create a precedence record for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. For momentary impact, body situations that will change over time are thought of within the take a look at. According to CVSS, the present vulnerability is assessed as “average” with 7.5 foundation factors.
Red Hat Enterprise Linux Bug: Vulnerability in Golang part permits denial of service
Red Hat OpenShift is a “Platform as a Service” (PaaS) resolution for delivering purposes within the cloud. Red Hat Ansible Automation Platform is an end-to-end automation platform for system configuration, software program supply and superior workflow planning. Red Hat Enterprise Linux (RHEL) is a well-liked Linux distribution.
A distant, unknown attacker might exploit a vulnerability in Red Hat OpenShift, Red Hat Ansible Automation Platform, and Red Hat Enterprise Linux to conduct a denial of service assault.
Vulnerabilities had been categorised utilizing the CVE (Common Vulnerability and Exposure) designation system for every serial quantity CVE-2024-1394.
Systems affected by the safety hole at a look
working system
Linux
Products
Red Hat Ansible Automation Platform 2.4 (cpe:/a:redhat:ansible_automation_platform)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Oracle Linux (cpe:/o:oracle:linux)
IBM MQ (cpe:/a:ibm:mq)
Red Hat OpenShift Container Platform 4.14 (cpe:/a:redhat:openshift)
RESF Rocky Linux (cpe:/o:resf:rocky_linux)
OpenShift Red Hat Developer Tools and Services (cpe:/a:redhat:openshift)
OpenShift Hat Red Pipelines (cpe:/a:redhat:openshift)
Red Hat Ansible Automation Platform (cpe:/a:redhat:ansible_automation_platform)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Red Hat OpenShift Container Platform Red Hat OpenShift Container Platform 4.15 (cpe:/a:redhat:openshift)
Red Hat OpenShift Container Platform
General suggestions for coping with IT vulnerabilities
- Users of the affected apps ought to keep up-to-date. When safety holes are recognized, producers are required to repair them rapidly by creating a patch or workaround. If safety patches can be found, set up them instantly.
- For data, see the sources listed within the subsequent part. This usually incorporates extra details about the newest model of the software program in query and the supply of safety patches or efficiency suggestions.
- If you could have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to repeatedly examine the required sources to see if a brand new safety replace is out there.
Sources for updates, patches and workarounds
Here one can find some hyperlinks with details about bug studies, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:3265 vom 2024-05-22 (21.05.2024)
For extra data, see:
Rocky Linux Security Advisory RLSA-2024:1502 vom 2024-05-10 (12.05.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-2562 vom 2024-05-08 (07.05.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-2568 vom 2024-05-08 (07.05.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-2569 vom 2024-05-08 (07.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2568 vom 2024-04-30 (01.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2562 vom 2024-04-30 (01.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2569 vom 2024-04-30 (01.05.2024)
For extra data, see:
IBM Security Bulletin 7149801 vom 2024-04-30 (29.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1897 vom 2024-04-26 (28.04.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-1962 vom 2024-04-24 (24.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1763 vom 2024-04-18 (18.04.2024)
For extra data, see:
Rocky Linux Security Advisory RLSA-2024:1644 vom 2024-04-05 (07.04.2024)
For extra data, see:
Rocky Linux Security Advisory RLSA-2024:1646 vom 2024-04-05 (07.04.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-1644 vom 2024-04-03 (03.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1567 vom 2024-04-03 (03.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1566 vom 2024-04-03 (03.04.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-1646 vom 2024-04-03 (03.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1574 vom 2024-04-03 (02.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1563 vom 2024-04-02 (02.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1644 vom 2024-04-02 (02.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1646 vom 2024-04-02 (02.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1640 vom 2024-04-02 (02.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1561 vom 2024-04-02 (02.04.2024)
For extra data, see:
Rocky Linux Security Advisory RLSA-2024:1472 vom 2024-03-27 (26.03.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-1501 vom 2024-03-27 (26.03.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-1502 vom 2024-03-27 (26.03.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1502 vom 2024-03-25 (25.03.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1501 vom 2024-03-25 (25.03.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-1472 vom 2024-03-22 (24.03.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1468 vom 2024-03-21 (21.03.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-1462 vom 2024-03-21 (21.03.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1472 vom 2024-03-21 (21.03.2024)
For extra data, see:
RedHat Security Advisory vom 2024-03-20 (20.03.2024)
For extra data, see:
RedHat Security Advisory vom 2024-03-20 (20.03.2024)
For extra data, see:
Version historical past of this safety alert
This is model 16 of this IT safety advisory for Red Hat Enterprise Linux. This doc will probably be up to date as extra updates are introduced. You can examine adjustments or additions on this model historical past.
March 20, 2024 – First model
March 21, 2024 – New updates from Red Hat and Oracle Linux have been added
03/24/2024 – New Oracle Linux updates added
03/25/2024 – New updates from Red Hat added
03/26/2024 – New updates from Oracle Linux and Rocky Enterprise Software Foundation added
04/02/2024 – New updates from Red Hat have been added
April 3, 2024 – New updates from Oracle Linux and Red Hat have been added
04/07/2024 – New updates from the Rocky Enterprise Software Foundation have been added
April 18, 2024 – New updates from Red Hat have been added
April 24, 2024 – New updates for Oracle Linux have been added
April 28, 2024 – New updates from Red Hat have been added
April 29, 2024 – Added new updates from IBM
May 1, 2024 – New updates from Red Hat added
May 7, 2024 – New Oracle Linux updates added
May 12, 2024 – New updates from the Rocky Enterprise Software Foundation have been added
May 21, 2024 – New updates from Red Hat added
+++ Editorial be aware: This doc is predicated on present BSI knowledge and will probably be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here one can find scorching information, present movies and a direct line to the editorial group.
kns/roj/information.de