الموقع الرسمي للمركز الوطني الإرشادي للأمن السيبراني
تحديثات Red Hat
1834
تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
22 يونيو, 2020
● عالي
2020-1375
الكل
الوصف:
أصدرت Red Hat عدة تحديثات لمعالجة عدد من الثغرات في المنتجات التالية:
- Red Hat build of Quarkus 1.3.4
- Red Hat Build of Quarkus
- Red Hat build of Eclipse Vert.x 3.9.1
- Red Hat Openshift Application Runtimes
- AMQ Clients 2.7.0
- Red Hat JBoss AMQ Clients
- OpenShift Container Platform 4.3.25, openshift-enterprise-apb-tools-container security update, openshift-enterprise-hyperkube-container security update
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Container Platform for Power
- OpenShift Container Platform 4.4.8, containernetworking-plugins, openshift-enterprise-hyperkube-container
- Red Hat OpenShift Container Platform
- OpenShift Container Platform 3.11 jenkins-2-plugins, atomic-openshift
- Red Hat OpenShift Container Platform for Power
- Red Hat OpenShift Container Platform
- thunderbird security
- Red Hat Enterprise Linux for x86_64 - Extended Update Support
- Red Hat Enterprise Linux Workstation
- Red Hat Enterprise Linux Server – TUS
- Red Hat Enterprise Linux Workstation
- Red Hat Enterprise Linux for Power, little endian
- Red Hat Enterprise Linux Desktop
- Red Hat Enterprise Linux Server
- Red Hat Enterprise Linux Server - Update Services for SAP Solutions
- Red Hat Ansible Tower 3.7.1-1 - RHEL7 Container
- Red Hat Ansible Tower
- Red Hat AMQ Streams 1.5.0
- Red Hat JBoss Middleware
- Red Hat Fuse 7.6.0 on EAP
- Red Hat JBoss Middleware
- rh-nodejs8-nodejs
- Red Hat Software Collections (for RHEL Workstation)
- gnutls
- Red Hat Enterprise Linux Server – TUS
- Red Hat Enterprise Linux for x86_64 - Extended Update Support
- Red Hat Enterprise Linux Server - Update Services for SAP Solutions
- unbound
- Red Hat Enterprise Linux Workstation
- grafana
- Red Hat Enterprise Linux Server - TUS
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- تجاوز آلية الحماية
- تزوير الطلب عن طريق الخادم ((Server-side request forgery (SSRF)
- هجوم الوسيط (Man in the middle attack)
- هجمة حجب الخدمة (DoS attack)
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة حيث أصدرتRed Hat توضيحًا لهذه التحديثات:
- https://access.redhat.com/errata/RHSA-2020:2603
- https://access.redhat.com/errata/RHSA-2020:2391
- https://access.redhat.com/errata/RHSA-2020:2605
- https://access.redhat.com/errata/RHSA-2020:2440
- https://access.redhat.com/errata/RHSA-2020:2443
- https://access.redhat.com/errata/RHSA-2020:2448
- https://access.redhat.com/errata/RHSA-2020:2439
- https://access.redhat.com/errata/RHSA-2020:2442
- https://access.redhat.com/errata/RHSA-2020:2441
- https://access.redhat.com/errata/RHSA-2020:2403
- https://access.redhat.com/errata/RHSA-2020:2449
- https://access.redhat.com/errata/RHSA-2020:2478
- https://access.redhat.com/errata/RHSA-2020:2479
- https://access.redhat.com/errata/RHSA-2020:2611
- https://access.redhat.com/errata/RHSA-2020:2613
- https://access.redhat.com/errata/RHSA-2020:2614
- https://access.redhat.com/errata/RHSA-2020:2615
- https://access.redhat.com/errata/RHSA-2020:2616
- https://access.redhat.com/errata/RHSA-2020:2617
- https://access.redhat.com/errata/RHSA-2020:2618
- https://access.redhat.com/errata/RHSA-2020:2619
- https://access.redhat.com/errata/RHSA-2020:2625
- https://access.redhat.com/errata/RHSA-2020:2637
قيم المحتوى
شارك الصفحة
