Source
Red Hat Security Data
An update for .NET Core 2.1 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section..NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 2.1.522 and .NET Core Runtime 2.1.26. Security Fix(es): * dotnet: System.Text.Encodings.Web Remote Code Execution (CVE-2021-26701) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs: * CVE-2021-26701: dotnet: System.Text.Encodin...
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section..NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.113 and .NET Core Runtime 3.1.13. Security Fix(es): * dotnet: System.Text.Encodings.Web Remote Code Execution (CVE-2021-26701) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs: * CVE-2021-26701: dotnet: System.Text.Encodin...
An update is now available for Red Hat Ansible Automation Platform 1.2.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Red Hat Ansible Automation Platform integrates Red Hat's automation suite consisting of Red Hat Ansible Tower, Red Hat Ansible Engine, Automation Hub and use-case specific capabilities for Microsoft Windows, network, security, and more, along with Software-as-a-Service (SaaS)-based capabilities and features for organization-wide effectiveness. This update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section. Security Fix(es): * node-notifier: nodejs-node-notifier: command injection due to the options params not being sanitised when being passed an ar...
Red Hat Ansible Tower 3.8.2-1 - Container Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Security Fix(es): * Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253 * Upgraded to a more recent version of Django to address CVE-2021-3281. * Upgraded to a more recent version of autobahn to address CVE-2020-35678. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Upgraded to the latest oVirt inventory plugin to resolve a number of inventory syncing issues that can occur on RHEL7. * Upgraded to the latest theforeman.foreman inv...
Red Hat Ansible Tower 3.6.7-1 - RHEL7 Container Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Security Fix(es): * Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253 * Upgraded to a more recent version of nginx to address CVE-2019-20372 * Upgraded to a more recent version of autobahn to address CVE-2020-35678 * Upgraded to a more recent version of jquery to address CVE-2020-11022 and CVE-2020-11023 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs: * CVE-2019-20372: nginx: HTTP request smuggling in configurations with U...
Red Hat Ansible Tower 3.7.5-1 - RHEL7 Container Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Security Fix(es): * Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253 * Upgraded to a more recent version of autobahn to address CVE-2020-35678. * Upgraded to a more recent version of nginx to address CVE-2019-20372. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Fixed a bug which can intermittently cause access to encrypted Tower settings to fail, resulting in failed job launches. * Improved analytics collection to coll...
An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Security Fix(es): * QEMU: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c (CVE-2020-25723) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the Referenc...
An update for kernel is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: bad kfree in auditfilter.c may lead to escalation of privilege (CVE-2020-0444) * kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211) * kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661) * kernel: performance counters race condition use-after-free (CVE-2020-14351) * kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705) For more details about the security issue(s), including the ...
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: bad kfree in auditfilter.c may lead to escalation of privilege (CVE-2020-0444) * kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211) * kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661) * kernel: performance counters race condition use-after-free (CVE-2020-14351) * kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705) ...
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * kernel: bad kfree in auditfilter.c may lead to escalation of privilege (CVE-2020-0444) * kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211) * kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in ...