Description:

Red Hat has released security updates to address multiple vulnerabilities in the following products:

• Red Hat CloudForms 5.0 x86_64
  • CloudForms 5.0.3
• Red Hat CloudForms 4.7 x86_64
  • CloudForms 4.7.15
• Red Hat OpenShift Container Platform 4.3 for RHEL 7 x86_64
  • jenkins-slave-base-rhel7-container
• Red Hat Enterprise Linux for x86_64 8 x86_64
  • nodejs:10, nodejs:12
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64
  • nodejs:10, nodejs:12
• Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • nodejs:10, nodejs:12
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.1 s390x
  • nodejs:10, nodejs:12
• Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • nodejs:10, nodejs:12
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le
  • nodejs:10, nodejs:12
• Red Hat Enterprise Linux for ARM 64 8 aarch64
  • nodejs:10, nodejs:12
• Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.1 aarch64
  • nodejs:10, nodejs:12
• Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le
  • nodejs:10, nodejs:12
• Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64
  • nodejs:10, nodejs:12
• Red Hat Enterprise Linux Server - AUS 7.4 x86_64
  • Ruby
  • Kernel
  • systemd
  • curl
  • procps-ng
• Red Hat Enterprise Linux Server - TUS 7.4 x86_64
  • Ruby
  • Kernel
  • systemd
  • curl
  • procps-ng
• Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.4 ppc64le
  • Ruby
  • Kernel
  • systemd
  • curl
  • procps-ng
• Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.4 x86_64
  • Ruby
  • Kernel
  • systemd
  • curl
  • procps-ng
• Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.7 x86_64
  • rh-nodejs10-nodejs, rh-nodejs12-nodejs
• Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.7 s390x
  • rh-nodejs10-nodejs, rh-nodejs12-nodejs
• Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.7 ppc64le
  • rh-nodejs10-nodejs, rh-nodejs12-nodejs
• Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.6 x86_64
  • rh-nodejs10-nodejs, rh-nodejs12-nodejs
• Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.6 s390x
  • rh-nodejs10-nodejs, rh-nodejs12-nodejs
• Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.6 ppc64le
  • rh-nodejs10-nodejs, rh-nodejs12-nodejs
• Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.5 x86_64
  • rh-nodejs10-nodejs, rh-nodejs12-nodejs
• Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.5 s390x
  • rh-nodejs10-nodejs, rh-nodejs12-nodejs
• Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.5 ppc64le
  • rh-nodejs10-nodejs, rh-nodejs12-nodejs
• Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
  • rh-nodejs10-nodejs, rh-nodejs12-nodejs
• Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
  • rh-nodejs10-nodejs, rh-nodejs12-nodejs
• Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
  • rh-nodejs10-nodejs, rh-nodejs12-nodejs
• Red Hat Software Collections (for RHEL Server for ARM) 1 aarch64
  • rh-nodejs10-nodejs, rh-nodejs12-nodejs
• Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64
  • rh-nodejs10-nodejs, rh-nodejs12-nodejs
• Red Hat JBoss AMQ Clients 2 for RHEL 8 x86_64
  • AMQ Clients 2.6.0
• Red Hat JBoss AMQ Clients 2 for RHEL 7 x86_64
  • AMQ Clients 2.6.0
• Red Hat JBoss AMQ Clients 2 for RHEL 6 x86_64
  • AMQ Clients 2.6.0
• Red Hat JBoss AMQ Clients 2 for RHEL 6 i386
  • AMQ Clients 2.6.0
• JBoss Enterprise Application Platform 7.2 for RHEL 8 x86_64
• JBoss Enterprise Application Platform 7.2 for RHEL 7 x86_64
• JBoss Enterprise Application Platform 7.2 for RHEL 6 x86_64
• JBoss Enterprise Application Platform Text-Only Advisories x86_64

Threats:

Attacker could exploit these vulnerabilities by doing the following:

• Privilege escalation.
• Execute arbitrary code.

Best practice and Recommendations:

The CERT team encourages users to review Red Hat security advisory and apply the necessary updates:

• https://access.redhat.com/errata/RHSA-2020:0592
• https://access.redhat.com/errata/RHSA-2020:0593
• https://access.redhat.com/errata/RHSA-2020:0594
• https://access.redhat.com/errata/RHSA-2020:0595
• https://access.redhat.com/errata/RHSA-2020:0597
• https://access.redhat.com/errata/RHSA-2020:0598
• https://access.redhat.com/errata/RHSA-2020:0601
• https://access.redhat.com/errata/RHSA-2020:0602
• https://access.redhat.com/errata/RHSA-2020:0605
• https://access.redhat.com/errata/RHSA-2020:0606
• https://access.redhat.com/errata/RHSA-2020:0588
• https://access.redhat.com/errata/RHSA-2020:0589
• https://access.redhat.com/errata/RHSA-2020:0562
• https://access.redhat.com/errata/RHSA-2020:0579
• https://access.redhat.com/errata/RHSA-2020:0591