As BSI studies, the IT safety alert, which offers with vulnerabilities in X.Org X Server and Xming, has obtained an replace. You can examine which purposes and merchandise are affected by safety holes right here at information.de.
Federal workplace for Security in Information Technology (BSI) has issued an replace on May 23, 2024 to probably the most susceptible safety gap in X.Org X Server and Xming identified on April 3, 2024. Operating techniques Linux, macOS Source Xming and Open Source X.Org X11.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability might be discovered right here: Red Hat Security Advisory RHSA-2024:3343 (From 23 May 2024). Some helpful sources are listed later on this article.
Multiple X.Org X and Xming server vulnerabilities – Risk: reasonable
Risk stage: 3 (reasonable)
CVSS Base Score: 7.5
CVSS provisional rating: 6.5
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of laptop techniques. The CVSS normal makes it potential to match potential or precise safety dangers based mostly on varied metrics to create a precedence record for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. Temporal scores additionally take into consideration adjustments over time within the threat state of affairs. According to CVSS, the present vulnerability is assessed as “reasonable” with 7.5 foundation factors.
X.Org X Server and Xming Bug: Description of the assault
IX Window System is used to create graphical interfaces in Unix techniques. Xming is an X server for Windows with graphical communication.
A distant, unknown attacker might exploit a number of vulnerabilities within the X.Org X and Xming Server to show delicate info and trigger a denial of service situation.
Vulnerabilities are categorised utilizing the CVE (Common Vulnerability and Exposure) designation system by their particular person serial numbers CVE-2024-31080, CVE-2024-31081, CVE-2024-31082 and CVE-2024-31083.
Systems affected by the safety hole at a look
Operating techniques
Linux, MacOS X, UNIX, Windows
Products
Debian Linux (cpe:/o:debian:debian_linux)
Amazon Linux 2 (cpe:/o:amazon:linux_2)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Fedora Linux (cpe:/o:fedoraproject:fedora)
Ubuntu Linux (cpe:/o:canonical:ubuntu_linux)
SUSE Linux (cpe:/o:use:suse_linux)
Oracle Linux (cpe:/o:oracle:linux)
OpenBSD OpenBSD 7.3 (cpe:/a:openbsd:openbsd)
OpenBSD OpenBSD 7.3 (cpe:/a:openbsd:openbsd)
OpenBSD OpenBSD 7.4 (cpe:/a:openbsd:openbsd)
RESF Rocky Linux (cpe:/o:resf:rocky_linux)
OpenBSD OpenBSD 7.4 (cpe:/a:openbsd:openbsd)
Open Source Xming Open Source X.Org X11 OpenBSD OpenBSD 7.5 (cpe:/a:openbsd:openbsd)
General steps for coping with IT vulnerabilities
- Users of affected techniques ought to keep up-to-date. When safety holes are identified, producers are required to repair them rapidly by creating a patch or workaround. If safety patches can be found, set up them instantly.
- For info, see the sources listed within the subsequent part. This usually accommodates further details about the most recent model of the software program in query and the supply of safety patches or efficiency ideas.
- If you’ve gotten any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to often verify if IT safety alert Affected producers present a brand new safety replace.
Sources for updates, patches and workarounds
Here you will see some hyperlinks with details about bug studies, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:3343 vom 2024-05-23 (23.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:3261 vom 2024-05-22 (21.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:3258 vom 2024-05-22 (21.05.2024)
For extra info, see:
Oracle Linux Security Advisory ELSA-2024-2616 vom 2024-05-07 (07.05.2024)
For extra info, see:
Rocky Linux Security Advisory RLSA-2024:2037 vom 2024-05-06 (06.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2616 vom 2024-04-30 (01.05.2024)
For extra info, see:
Oracle Linux Security Advisory ELSA-2024-2080 vom 2024-04-30 (29.04.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2080 vom 2024-04-29 (29.04.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2037 vom 2024-04-24 (24.04.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2038 vom 2024-04-24 (24.04.2024)
For extra info, see:
Oracle Linux Security Advisory ELSA-2024-2037 vom 2024-04-25 (24.04.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2039 vom 2024-04-24 (24.04.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2040 vom 2024-04-24 (24.04.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2042 vom 2024-04-24 (24.04.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2041 vom 2024-04-24 (24.04.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2036 vom 2024-04-24 (24.04.2024)
For extra info, see:
Amazon Linux Security Advisory ALAS-2024-2510 vom 2024-04-18 (17.04.2024)
For extra info, see:
Amazon Linux Security Advisory ALAS-2024-1927 vom 2024-04-16 (16.04.2024)
For extra info, see:
Amazon Linux Security Advisory ALAS-2024-1928 vom 2024-04-16 (16.04.2024)
For extra info, see:
Debian Security Advisory DLA-3787 vom 2024-04-15 (15.04.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1263-1 vom 2024-04-12 (14.04.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1262-1 vom 2024-04-12 (14.04.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1261-1 vom 2024-04-12 (14.04.2024)
For extra info, see:
Debian Security Advisory DSA-5657 vom 2024-04-12 (14.04.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1260-1 vom 2024-04-12 (14.04.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1265-1 vom 2024-04-12 (14.04.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1264-1 vom 2024-04-12 (14.04.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:1785 vom 2024-04-11 (11.04.2024)
For extra info, see:
Oracle Linux Security Advisory ELSA-2024-1785 vom 2024-04-12 (11.04.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1199-1 vom 2024-04-10 (10.04.2024)
For extra info, see:
Ubuntu Security Notice USN-6721-2 vom 2024-04-09 (09.04.2024)
For extra info, see:
Fedora Security Advisory FEDORA-2024-5AF98298C7 vom 2024-04-09 (09.04.2024)
For extra info, see:
Fedora Security Advisory FEDORA-2024-1706127797 vom 2024-04-09 (09.04.2024)
For extra info, see:
Fedora Security Advisory FEDORA-2024-01A9916E9E vom 2024-04-09 (09.04.2024)
For extra info, see:
OpenBSD 7.3 Errata (07.04.2024)
For extra info, see:
OpenBSD 7.4 Errata (07.04.2024)
For extra info, see:
Ubuntu Security Notice USN-6721-1 vom 2024-04-04 (04.04.2024)
For extra info, see:
OpenBSD Errata 7.5 dated 2024-04-04 (03.04.2024)
For extra info, see:
OpenBSD Errata 7.4 dated 2024-04-04 (03.04.2024)
For extra info, see:
OpenBSD Errata 7.3 dated 2024-04-04 (03.04.2024)
For extra info, see:
Fedora Security Advisory FEDORA-2024-77FD3B2F2A vom 2024-04-04 (03.04.2024)
For extra info, see:
Fedora Security Advisory FEDORA-2024-DD905788C4 vom 2024-04-04 (03.04.2024)
For extra info, see:
IX.Org Security Advisory (03.04.2024)
For extra info, see:
[ANNOUNCE] xorg-server 21.1.12 (03.04.2024)
For extra info, see:
Fedora Security Advisory vom 2024-04-03 (03.04.2024)
For extra info, see:
Fedora Security Advisory vom 2024-04-03 (03.04.2024)
For extra info, see:
Xming adjustments vom 2024-04-03 (03.04.2024)
For extra info, see:
IX.Org Security Advisory vom 2024-04-03 (03.04.2024)
For extra info, see:
Version historical past of this safety alert
This is model 17 of this IT safety discover for X.Org X Server and Xming. This doc might be up to date as extra updates are introduced. You can see the adjustments made utilizing the model historical past beneath.
April 3, 2024 – First model
04/04/2024 – Added new character updates
04/07/2024 – New updates added
04/09/2024 – New Fedora updates added
April 10, 2024 – New updates from SUSE added
April 11, 2024 – Added new updates from Oracle Linux and Red Hat
April 14, 2024 – Added new updates from SUSE and Debian
April 15, 2024 – New updates from Debian added
April 16, 2024 – Added new updates from Amazon
April 17, 2024 – Added new updates from Amazon
April 24, 2024 – New updates from Red Hat and Oracle Linux have been added
April 29, 2024 – New updates from Red Hat and Oracle Linux have been added
May 1, 2024 – New updates from Red Hat added
May 6, 2024 – New updates from the Rocky Enterprise Software Foundation have been added
May 7, 2024 – New Oracle Linux updates added
May 21, 2024 – New updates from Red Hat added
05/23/2024 – New updates from Red Hat have been added
+++ Editorial notice: This doc relies on present BSI knowledge and might be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
comply with News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you will see sizzling information, present movies and a direct line to the editorial staff.
kns/roj/information.de