RedHat Linux 核心多個漏洞
最後更新
2024年05月31日
發佈日期:
2024年02月08日
519
觀看次數
風險: 中度風險
類型: 操作系統 - LINUX
於 RedHat Linux核心發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升、遠端執行任意程式碼、洩露敏感資料、資料篡改及繞過保安限制。
注意:
CVE-2024-1086 正在被廣泛利用。它與 netfilter: nf_tables 元件中的釋放後使用漏洞有關。本地攻擊者可利用此漏洞將一般使用者的權限提升至Root權限。風險等級仍為中度風險。
[更新於 2024-02-19]
更新受影響之系統或技術、解決方案及相關連結。
[更新於 2024-02-23]
更新解決方案、漏洞識別碼及相關連結。
[更新於 2024-05-31]
更新描述。
影響
- 阻斷服務
- 遠端執行程式碼
- 權限提升
- 資料洩露
- 繞過保安限制
- 篡改
受影響之系統或技術
- Kernel Module Management 2 for RHEL 9 x86_64
- Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.6 aarch64
- Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.8 aarch64
- Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.6 ppc64le
- Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.8 ppc64le
- Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6 x86_64
- Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.8 x86_64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64le
- Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.2 x86_64
- Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.2 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
- Red Hat Enterprise Linux Server - AUS 8.6 x86_64
- Red Hat Enterprise Linux Server - AUS 9.2 x86_64
- Red Hat Enterprise Linux Server - TUS 8.6 x86_64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
- Red Hat Virtualization Host 4 for RHEL 8 x86_64
解決方案
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
- https://access.redhat.com/errata/RHSA-2024:0575
- https://access.redhat.com/errata/RHBA-2024:0638
- https://access.redhat.com/errata/RHSA-2024:0724
- https://access.redhat.com/errata/RHSA-2024:0725
- https://access.redhat.com/errata/RHSA-2024:0850
- https://access.redhat.com/errata/RHSA-2024:0851
- https://access.redhat.com/errata/RHSA-2024:0930
- https://access.redhat.com/errata/RHSA-2024:0937
漏洞識別碼
- CVE-2021-3640
- CVE-2021-4204
- CVE-2021-30002
- CVE-2021-33655
- CVE-2021-34866
- CVE-2022-0168
- CVE-2022-0500
- CVE-2022-0617
- CVE-2022-1462
- CVE-2022-2078
- CVE-2022-2196
- CVE-2022-2586
- CVE-2022-2663
- CVE-2022-3239
- CVE-2022-3524
- CVE-2022-3545
- CVE-2022-3566
- CVE-2022-3594
- CVE-2022-3619
- CVE-2022-3623
- CVE-2022-3625
- CVE-2022-3707
- CVE-2022-20368
- CVE-2022-21499
- CVE-2022-23222
- CVE-2022-23960
- CVE-2022-24448
- CVE-2022-25265
- CVE-2022-28388
- CVE-2022-28390
- CVE-2022-28893
- CVE-2022-29581
- CVE-2022-36402
- CVE-2022-36946
- CVE-2022-38096
- CVE-2022-38457
- CVE-2022-39189
- CVE-2022-40133
- CVE-2022-45887
- CVE-2023-0458
- CVE-2023-1073
- CVE-2023-1074
- CVE-2023-1075
- CVE-2023-1079
- CVE-2023-1252
- CVE-2023-1838
- CVE-2023-1855
- CVE-2023-1989
- CVE-2023-2162
- CVE-2023-2163
- CVE-2023-2166
- CVE-2023-2176
- CVE-2023-3141
- CVE-2023-3567
- CVE-2023-3611
- CVE-2023-3772
- CVE-2023-3812
- CVE-2023-4132
- CVE-2023-4622
- CVE-2023-4623
- CVE-2023-4921
- CVE-2023-5178
- CVE-2023-5363
- CVE-2023-5717
- CVE-2023-6356
- CVE-2023-6535
- CVE-2023-6536
- CVE-2023-6546
- CVE-2023-6606
- CVE-2023-6610
- CVE-2023-6817
- CVE-2023-6931
- CVE-2023-6932
- CVE-2023-7192
- CVE-2023-20569
- CVE-2023-23455
- CVE-2023-26545
- CVE-2023-28328
- CVE-2023-28772
- CVE-2023-30456
- CVE-2023-31084
- CVE-2023-31436
- CVE-2023-33203
- CVE-2023-35823
- CVE-2023-35824
- CVE-2023-35825
- CVE-2023-39615
- CVE-2023-40283
- CVE-2023-45862
- CVE-2023-45871
- CVE-2023-46813
- CVE-2023-51042
- CVE-2024-0646
- CVE-2024-1086
資料來源
相關連結
- https://access.redhat.com/errata/RHSA-2024:0575
- https://access.redhat.com/errata/RHBA-2024:0638
- https://access.redhat.com/errata/RHSA-2024:0724
- https://access.redhat.com/errata/RHSA-2024:0725
- https://access.redhat.com/errata/RHSA-2024:0850
- https://access.redhat.com/errata/RHSA-2024:0851
- https://access.redhat.com/errata/RHSA-2024:0930
- https://access.redhat.com/errata/RHSA-2024:0937
分享至