close
close

Solondais

Where news breaks first, every time

    • Apache Commons IO: Denial of Service failure
    sinolod

    Apache Commons IO: Denial of Service failure

    Mars Posted on

    A security update for Apache Commons IO is released for BSI. A description of the security service including the latest updates as well as information on improved management systems and products can be read here.

    The Bundesamt for Security on 03.10.2024, the Information Technology Specialist (BSI) implemented a security deadline for Apache Commons IO. Security services include Linux and UNIX systems as well as Fedora Linux, SUSE Linux, SUSE openSUSE, IBM App Connect Enterprise, and Apache Commons products. This merger was carried out on 13.10.2024.

    New Security Solutions provides updates, workarounds, and security patches for these security solutions which you can find here: SUSE Security Update SUSE-SU-2024:3596-1 (Booth: 11.10.2024). We offer you many more detailed links in this article aufgeführt.

    Security for Apache Commons IO – Risk: Medium

    Risk level: 3 (medium)
    CVSS Base Score: 7.5
    CVSS Temporal Score: 6.5
    Ranged Claw: Ja

    Zur Bewertung des Schweregrads von Schwachstellen in Computersystems wird the Common Vulnerability Scoring System (CVSS) angewandt. The CVSS standard has the potential to provide security services based on benchmarks to define the best priorities for use. For the Schweregrade, a Schwachstelle werden die Attribute “keine”, “niedrig”, “mittel”, “hoch” and “kritisch” used. The base score corresponds to preferences for an attribute (authentication, complexity, privileges, user interaction) as well as sequences of sequences. Beim Temporal Score flies on the Zeit veränderbare Rahmenbedingungen in die Bewertung ein. The organization of these Schwachstelle systems managed by the CVSS with a base score of 7.5 as “average” is obtained.

    Apache Commons IO bug: a persistent denial of service problem

    Apache Commons is an Apache project, which leverages all aspects of the most popular Java components.

    An anonymous call can cause an error in Apache Commons IO, a denial of service denial of service.

    The Verwundbarkeit is with individual CVE-Seriennummer (Common Vulnerabilities and Exposures) CVE-2024-47554 gehandelt.

    Access to security is through the system on display

    Payment system
    Linux, UNIX

    Product
    Fedora Linux (cpe:/o:fedoraproject:fedora)
    SUSE Linux (cpe:/o:suse:suse_linux)
    SUSE openSUSE (cpe:/o:suse:opensuse)
    IBM App Connect Enterprise (cpe:/a:ibm:app_connect_enterprise)
    Apache Commons IO Apache Commons IO 2.14.0 (cpe:/a:apache:commons)
    Apache Commons IO >=2.0 (cpe:/a:apache:commons)
    Apache Commons IO >=2.0 (cpe:/a:apache:commons)

    Allgemeine Maßnahmen zumgang mit IT-Sicherheitslücken

    1. Anwender der betroffenen Anwendungen sollten diese auf dem actuellsten Stand halten. Vendors are security solutions that can be used to install a patch or workaround. Sollten new Sicherheitsupdates verfügbar sein, installieren Sie ce zeitnah.
    2. Consult the available information as soon as possible aufgeführten Quellen. You will find this very detailed information on the current version of the optimized software as well as checking for security patches or instructions on workarounds.
    3. Wenden Sie sich bei weiteren Fragen ou Unsicherheiten an Ihren zuständigen Administrator. The IT security department ensures that the IT control system generates a new security update, as well as a new security update.

    What are the updates, fixes and workarounds

    This step allows you to find many links with information about bug reports, security fixes, and workarounds.

    SUSE Security Update SUSE-SU-2024:3596-1 dated 2024-10-11 (13.10.2024)
    You will find more information at: https://lists.suse.com/pipermail/sle-security-updates/2024-October/019590.html

    openSUSE security update OPENSUSE-SU-2024:14387-1 dated 09/10/2024 (09.10.2024)
    You will find more information at: https://lists.opensuse.org/archives/list/[email protected]/message/JRY5QEEISAVBMYG363PQWMMY2EMLEE5E/

    IBM Security Bulletin 7172522 dated 08/10/2024 (07.10.2024)
    You will find more information at: https://www.ibm.com/support/pages/node/7172522

    Fedora security notice FEDORA-2024-5D581B2365 dated 2024-10-04 (03.10.2024)
    You will find more information at: https://bodhi.fedoraproject.org/updates/FEDORA-2024-5d581b2365

    Red Hat Bugtracker #2316271 from 2024-10-03 (03.10.2024)
    You will find more information at: https://bugzilla.redhat.com/show_bug.cgi?id=2316271

    GitHub advisory database from 2024-10-03 (03.10.2024)
    You will find more information at: https://github.com/advisories/GHSA-78wr-2p64-hpwj

    Versionshistorie dieses Sicherheitshinweises

    This is the 4th release of current IT security for Apache Commons IO. Sollten weitere Updates bekanntgegeben werden, wird this text updated. You may find articles or changes in this story in later versions.

    03.10.2024 – Initial Fassung
    07.10.2024 – New updates from IBM aufgenommen
    09.10.2024 – New updates from openSUSE aufgenommen
    13.10.2024 – New updates from SUSE aufgenommen

    +++ Editorial notes: This text has been written based on BSI data generated and will be updated according to warning dates. Nehmen comments and comments will be sent to [email protected]. +++

    Folgen Sie News.de schon bei Facebook, Twitter, Pinterest And YouTube? There you will find brand news, current videos and direct text for editorial.

    kns/roj/news.de

    Mars
    View all posts

    You Might Also Like