close
close

GNU libc: Multiple vulnerabilities could allow Denial of Service

An IT security alert has been issued to replace an identified vulnerability for GNU libc. On information.de you can find out which work programs and products are affected by the security vulnerability.

Federal workplace for Security in Information Technology (BSI) printed on June 4, 2024 a replacement for a security vulnerability in GNU libc referenced as of April 25, 2024. The security vulnerability affects the Linux operating system and merchandise Debian Linux, Red Hat Enterprise Linux, Ubuntu Linux , SUSE Linux, Oracle Linux, Gentoo Linux, Open Source GNU libc and IBM MQ.

The latest vendor suggestions for updates, fixes, and security patches for this vulnerability can be found here: Red Hat Security Advisory RHSA-2024:3588 (As of June 4, 2024). Some useful tools are listed later in this article.

Security advice for GNU libc – Risk: moderate

Risk phase: 3 (fair)
CVSS baseline score: 7.6
CVSS preliminary rating: 6.6
Remote management: Yes

The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of laptop programs. The usual CVSS makes it possible to check potential or precise security risks mainly based on numerous standards, thus creating a priority checklist for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to determine the severity of the vulnerability. The Basic Score evaluates the need for an attack (along with authentication, complexity, privileges, consumer interaction) and its outcomes. For a non-permanent impact, the test takes into account body situations that will change over time. According to the CVSS, the current vulnerability threat is rated as “fair” with a base score of seven.6.

GNU libc bug: Multiple vulnerabilities allow Denial of Service

GNU libc is the core C library under Linux and several Unix working programs, providing system calls and primary performance.

A remote attacker can exploit a number of vulnerabilities in GNU libc to conduct a denial of service attack.

Vulnerabilities are recognized by distinctive CVE numbers (Common Vulnerabilities and Exposures). CVE-2024-33599, CVE-2024-33600, CVE-2024-33601 and CVE-2024-33602 on the market.

Systems affected by the security hole at a glance

working system
Linux

Products
Debian Linux (cpe:/o:debian:debian_linux)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Ubuntu Linux (cpe:/o:canonical:ubuntu_linux)
SUSE Linux (cpe:/o:use:suse_linux)
Oracle Linux (cpe:/o:oracle:linux)
Gentoo Linux (cpe:/o:gentoo:linux)
Open Source GNU libc IBM MQ Operator IBM MQ Operator

General suggestions for dealing with IT vulnerabilities

  1. Users of affected programs should stay informed. When security holes are identified, manufacturers must quickly fix them by applying a patch or workaround. If any security patches are found, install them immediately.
  2. For more information, see the resources in the next section. Usually this accommodates further details about the latest model of the software program in question and the offering of security patches or efficiency ideas.
  3. If you have any questions or concerns, please contact your responsible administrator. IT security managers usually need to test the required resources to see if a brand new security replacement is offered.

Manufacturer details on updates, patches and fixes

Here you will see some hyperlinks detailing bug experiences, security fixes and workarounds.

Red Hat Security Advisory RHSA-2024:3588 dated 2024-06-04 (04.06.2024)
For additional information, see:

SUSE security update SUSE-SU-2024:1895-1 dated 2024-06-03 (02.06.2024)
For additional information, see:

Ubuntu Security Notice USN-6804-1 dated 2024-05-31 (02.06.2024)
For additional information, see:

Oracle Linux Security Advisory ELSA-2024-3344 dated May 31, 2024 (02.06.2024)
For additional information, see:

Oracle Linux Security Advisory ELSA-2024-3339 dated May 30, 2024 (30.05.2024)
For additional information, see:

Red Hat Security Advisory RHSA-2024:3464 dated 2024-05-29 (28.05.2024)
For additional information, see:

Red Hat Security Advisory RHSA-2024:3423 dated 2024-05-28 (28.05.2024)
For additional information, see:

Red Hat Security Advisory RHSA-2024:3411 dated 2024-05-28 (28.05.2024)
For additional information, see:

Red Hat Security Advisory RHSA-2024:3339 dated 2024-05-23 (23.05.2024)
For additional information, see:

Red Hat Security Advisory RHSA-2024:3344 dated 2024-05-24 (23.05.2024)
For additional information, see:

Red Hat Security Advisory RHSA-2024:3312 dated 2024-05-23 (22.05.2024)
For additional information, see:

Red Hat Security Advisory RHSA-2024:3309 dated 2024-05-23 (22.05.2024)
For additional information, see:

IBM Security Bulletin 7154630 dated 22-05-2024 (21.05.2024)
For additional information, see:

SUSE security update SUSE-SU-2024:1675-1 dated 2024-05-17 (16.05.2024)
For additional information, see:

Red Hat Security Advisory RHSA-2024:2799 dated 2024-05-09 (09.05.2024)
For additional information, see:

Gentoo Linux Security Advisory GLSA-202405-17 dated 2024-05-06 (06.05.2024)
For additional information, see:

Debian Security Advisory DSA-5678 dated 03-05-2024 (05.05.2024)
For additional information, see:

Red Hat bug tracker as of 2024-04-25 (25.04.2024)
For additional information, see:

Red Hat bug tracker as of 2024-04-25 (25.04.2024)
For additional information, see:

Red Hat bug tracker as of 2024-04-25 (25.04.2024)
For additional information, see:

Red Hat bug tracker as of 2024-04-25 (25.04.2024)
For additional information, see:

Historical past version of this security alert

This is model 12 of this GNU libc IT security discovery. This document will likely be updated as additional updates are introduced. You can view adjustments or additions to this model’s historical past.

April 25, 2024 – First model
05/05/2024 – New Debian updates added
May 6, 2024 – New updates from Gentoo added
May 9, 2024 – New updates from Red Hat have been added
May 16, 2024 – New updates from SUSE added
May 21, 2024 – New updates from IBM added
2024-05-22 – New updates from Red Hat have been added
2024-05-23 – New updates from Red Hat have been added
May 28, 2024 – New updates from Red Hat have been added
May 30, 2024 – New Oracle Linux updates added
June 2, 2024 – New updates added for Oracle Linux and Ubuntu
June 4, 2024 – New updates from Red Hat have been added

+++ Editorial: This document is based on current BSI knowledge and is likely to be kept up to date via a data-driven method depending on the status of the alert. Suggestions and feedback are welcome at (email protected). +++

comply with News.de Maybe you are here Facebook, Tweet, Pinterest again YouTube? Here you will see scorching information, presentation videos and a direct line to the editorial group.

kns/roj/information.de