تحديثات Red Hat
1795تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
14 يونيو, 2020
● عالي
2020-1352
الكل
الوصف:
أصدرت Red Hat عدّة تحديثات لمعالجة عددًا من الثغرات في المنتجات التالية:
- net-snmp
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7 x86_64
- Red Hat Enterprise Linux Server - TUS 7.7 x86_64
- Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64
- tomcat6
- Red Hat Enterprise Linux Server 6 x86_64
- Red Hat Enterprise Linux Server 6 i386
- Red Hat Enterprise Linux Workstation 6 x86_64
- Red Hat Enterprise Linux Workstation 6 i386
- Red Hat Enterprise Linux Desktop 6 x86_64
- Red Hat Enterprise Linux Desktop 6 i386
- Red Hat Enterprise Linux for IBM z Systems 6 s390x
- Red Hat Enterprise Linux for Power, big endian 6 ppc64
- Red Hat Enterprise Linux for Scientific Computing 6 x86_64
- Red Hat Enterprise Linux Server 7 x86_64
- Red Hat Enterprise Linux Workstation 7 x86_64
- Red Hat Enterprise Linux Desktop 7 x86_64
- Red Hat Enterprise Linux for IBM z Systems 7 s390x
- Red Hat Enterprise Linux for Power, big endian 7 ppc64
- Red Hat Enterprise Linux for Scientific Computing 7 x86_64
- Red Hat Enterprise Linux for Power, little endian 7 ppc64le
- Red Hat OpenShift Service Mesh 1.0 servicemesh-proxy
- Red Hat OpenShift Service Mesh 1.0 for RHEL 8 x86_64
- Red Hat OpenShift Service Mesh 1.1.2 servicemesh-proxy
- Kernel
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7 x86_64
- Red Hat Enterprise Linux Server - AUS 7.7 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.7 s390x
- Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.7 ppc64
- Red Hat Enterprise Linux EUS Compute Node 7.7 x86_64
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7 ppc64le
- Red Hat Enterprise Linux Server - TUS 7.7 x86_64
- Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le
- Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64
- file
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.7 s390x
- Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.7 ppc64
- Red Hat Enterprise Linux EUS Compute Node 7.7 x86_64
- Red Hat Enterprise Linux Server - AUS 7.7 x86_64
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7 ppc64le
- Red Hat Enterprise Linux Server - TUS 7.7 x86_64
- Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le
- Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64
- python
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.7 s390x
- Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.7 ppc64
- Red Hat Enterprise Linux EUS Compute Node 7.7 x86_64
- Red Hat Enterprise Linux Server - AUS 7.7 x86_64
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7 ppc64le
- Red Hat Enterprise Linux Server - TUS 7.7 x86_64
- Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le
- Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64
- kpatch-patch
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7 x86_64
- Red Hat Enterprise Linux Server - AUS 7.7 x86_64
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7 ppc64le
- Red Hat Enterprise Linux Server - TUS 7.7 x86_64
- Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le
- Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64
- libexif
- Red Hat Enterprise Linux Server 6 x86_64
- Red Hat Enterprise Linux Server 6 i386
- Red Hat Enterprise Linux Workstation 6 x86_64
- Red Hat Enterprise Linux Workstation 6 i386
- Red Hat Enterprise Linux Desktop 6 x86_64
- Red Hat Enterprise Linux Desktop 6 i386
- Red Hat Enterprise Linux for IBM z Systems 6 s390x
- Red Hat Enterprise Linux for Power, big endian 6 ppc64
- Red Hat Enterprise Linux for Scientific Computing 6 x86_64
- Red Hat JBoss Enterprise Application Platform 7.3.1
- JBoss Enterprise Application Platform Text-Only Advisories x86_64
- Red Hat JBoss Enterprise Application Platform 7.3.1
- JBoss Enterprise Application Platform 7.3 for RHEL 8 x86_64
- Red Hat JBoss Web Server 5.3.1
- JBoss Enterprise Web Server Text-Only Advisories x86_64
- expat
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.7 s390x
- Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.7 ppc64
- Red Hat Enterprise Linux EUS Compute Node 7.7 x86_64
- Red Hat Enterprise Linux Server - AUS 7.7 x86_64
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7 ppc64le
- Red Hat Enterprise Linux Server - TUS 7.7 x86_64
- Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le
- Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64
- curl
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7 x86_64
- Red Hat Enterprise Linux Server - AUS 7.7 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.7 s390x
- Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.7 ppc64
- Red Hat Enterprise Linux EUS Compute Node 7.7 x86_64
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7 ppc64le
- Red Hat Enterprise Linux Server - TUS 7.7 x86_64
- Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le
- Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64
- Red Hat JBoss Web Server 5.3.1
- JBoss Enterprise Web Server 5 for RHEL 8 x86_64
- JBoss Enterprise Web Server 5 for RHEL 7 x86_64
- JBoss Enterprise Web Server 5 for RHEL 6 x86_64
- JBoss Enterprise Web Server 5 for RHEL 6 i386
- Unzip
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7 x86_64
- Red Hat Enterprise Linux Server - AUS 7.7 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.7 s390x
- Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.7 ppc64
- Red Hat Enterprise Linux EUS Compute Node 7.7 x86_64
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7 ppc64le
- Red Hat Enterprise Linux Server - TUS 7.7 x86_64
- Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le
- Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64
- Red Hat JBoss Web Server 3.1 Service Pack 9
- JBoss Enterprise Web Server Text-Only Advisories x86_64
- gettext
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.7 s390x
- Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.7 ppc64
- Red Hat Enterprise Linux EUS Compute Node 7.7 x86_64
- Red Hat Enterprise Linux Server - AUS 7.7 x86_64
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7 ppc64le
- Red Hat Enterprise Linux Server - TUS 7.7 x86_64
- Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le
- Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64
- Red Hat JBoss Web Server 3.1 Service Pack 9
- JBoss Enterprise Web Server 3 for RHEL 7 x86_64
- JBoss Enterprise Web Server 3 for RHEL 6 x86_64
- JBoss Enterprise Web Server 3 for RHEL 6 i386
- CloudForms 5.0.6
- Red Hat CloudForms 5.0 x86_64
- .NET Core on Red Hat Enterprise Linux 7
- dotNET on RHEL (for RHEL Server) 1 x86_64
- dotNET on RHEL (for RHEL Workstation) 1 x86_64
- dotNET on RHEL (for RHEL Compute Node) 1 x86_64
- .NET Core on Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
- Red Hat Enterprise Linux Server - AUS 8.2 x86_64
- Red Hat Enterprise Linux Server - TUS 8.2 x86_64
- Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64
- Pcs
- Red Hat Enterprise Linux High Availability (for IBM Power LE) - Update Services for SAP Solutions 8.0 ppc64le
- Red Hat Enterprise Linux High Availability - Update Services for SAP Solutions 8.0 x86_64
التهديدات:
يمكن للمهاجم استغلال الثغرات بتنفيذ الهجمات التالية:
- هجمة حجب الخدمة (DoS attack)
- تنفيذ برمجيات خبيثة عن بعد
- تجاوز سعة مخزن الذاكرة المؤقت (Buffer overflow)
- تسريب البيانات
- هجمة البرمجة عبر المواقع (Cross-site scripting (XSS))
الإجراءات الوقائية:
يوصي المركز بتحديث المنتجات المتأثرة، حيث أصدرت Red Hat توضيحًا لهذه التحديثات:
- https://access.redhat.com/errata/RHSA-2020:2529
- https://access.redhat.com/errata/RHSA-2020:2530
- https://access.redhat.com/errata/RHSA-2020:2524
- https://access.redhat.com/errata/RHSA-2020:2523
- https://access.redhat.com/errata/RHSA-2020:2521
- https://access.redhat.com/errata/RHSA-2020:2509
- https://access.redhat.com/errata/RHSA-2020:2511
- https://access.redhat.com/errata/RHSA-2020:2512
- https://access.redhat.com/errata/RHSA-2020:2506
- https://access.redhat.com/errata/RHSA-2020:2485
- https://access.redhat.com/errata/RHSA-2020:2486
- https://access.redhat.com/errata/RHSA-2020:2483
- https://access.redhat.com/errata/RHSA-2020:2483
- https://access.redhat.com/errata/RHSA-2020:2480
- https://access.redhat.com/errata/RHSA-2020:2476
- https://access.redhat.com/errata/RHSA-2020:2475
- https://access.redhat.com/errata/RHSA-2020:2473