mickmick.net

RedHat Linux 核心多個漏洞

發佈日期: 2024年04月05日

風險: 中度風險

類型: 操作系統 - LINUX

於 RedHat Linux核心發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發阻斷服務狀況、權限提升、遠端執行任意程式碼、洩露敏感資料、資料篡改及繞過保安限制。

---

影響

• 阻斷服務
• 遠端執行程式碼
• 資料洩露
• 篡改
• 權限提升
• 繞過保安限制

---

受影響之系統或技術

• Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.6 aarch64
• Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.8 aarch64
• Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.2 aarch64
• Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
• Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.2 s390x
• Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.6 ppc64le
• Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.8 ppc64le
• Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.2 ppc64le
• Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
• Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6 x86_64
• Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.8 x86_64
• Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.2 x86_64
• Red Hat CodeReady Linux Builder for x86_64 8 x86_64
• Red Hat Enterprise Linux Server - AUS 8.6 x86_64
• Red Hat Enterprise Linux Server - AUS 9.2 x86_64
• Red Hat Enterprise Linux Server - TUS 8.6 x86_64
• Red Hat Enterprise Linux Server - TUS 8.8 x86_64
• Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.2 aarch64
• Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.2 s390x
• Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
• Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
• Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
• Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
• Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
• Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
• Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2 aarch64
• Red Hat Enterprise Linux for ARM 64 8 aarch64
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2 s390x
• Red Hat Enterprise Linux for IBM z Systems 8 s390x
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64le
• Red Hat Enterprise Linux for Power, little endian 8 ppc64le
• Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4 x86_64
• Red Hat Enterprise Linux for Real Time 8 x86_64
• Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4 x86_64
• Red Hat Enterprise Linux for Real Time for NFV 8 x86_64
• Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.2 x86_64
• Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.2 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64
• Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64
• Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
• Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64
• Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
• Red Hat Enterprise Linux for x86_64 8 x86_64
• Red Hat Virtualization Host 4 for RHEL 8 x86_64

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

• https://access.redhat.com/errata/RHSA-2024:1377
• https://access.redhat.com/errata/RHSA-2024:1382
• https://access.redhat.com/errata/RHSA-2024:1404
• https://access.redhat.com/errata/RHSA-2024:1532
• https://access.redhat.com/errata/RHSA-2024:1533
• https://access.redhat.com/errata/RHSA-2024:1607
• https://access.redhat.com/errata/RHSA-2024:1612
• https://access.redhat.com/errata/RHSA-2024:1614
• https://access.redhat.com/errata/RHSA-2024:1653

---

漏洞識別碼

• CVE-2021-33631
• CVE-2021-43975
• CVE-2022-3545
• CVE-2022-3594
• CVE-2022-4744
• CVE-2022-28388
• CVE-2022-36402
• CVE-2022-38096
• CVE-2022-38457
• CVE-2022-40133
• CVE-2022-41858
• CVE-2022-45869
• CVE-2022-45887
• CVE-2023-1118
• CVE-2023-1382
• CVE-2023-2166
• CVE-2023-2176
• CVE-2023-3611
• CVE-2023-4459
• CVE-2023-4921
• CVE-2023-5633
• CVE-2023-6546
• CVE-2023-6606
• CVE-2023-6610
• CVE-2023-6817
• CVE-2023-6931
• CVE-2023-6932
• CVE-2023-7192
• CVE-2023-28772
• CVE-2023-30456
• CVE-2023-31084
• CVE-2023-31436
• CVE-2023-33951
• CVE-2023-33952
• CVE-2023-40283
• CVE-2023-45862
• CVE-2023-51042
• CVE-2023-51043
• CVE-2024-0565
• CVE-2024-0646
• CVE-2024-1086
• CVE-2024-26602

---

資料來源

• Redhat

---

相關連結

• https://access.redhat.com/errata/RHSA-2024:1377
• https://access.redhat.com/errata/RHSA-2024:1382
• https://access.redhat.com/errata/RHSA-2024:1404
• https://access.redhat.com/errata/RHSA-2024:1532
• https://access.redhat.com/errata/RHSA-2024:1533
• https://access.redhat.com/errata/RHSA-2024:1607
• https://access.redhat.com/errata/RHSA-2024:1612
• https://access.redhat.com/errata/RHSA-2024:1614
• https://access.redhat.com/errata/RHSA-2024:1653