Description:

Red Hat has released security updates to address vulnerabilities in the following products:

• zsh
  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64
• Red Hat Process Automation Manager 7.7.0
  • Red Hat JBoss Middleware Text-Only Advisories for MIDDLEWARE 1 x86_64
• icu
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux EUS Compute Node 7.7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.7 s390x
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.7 ppc64
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7 ppc64le
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7 x86_64
  • Red Hat Enterprise Linux Server - AUS 7.7 x86_64
  • Red Hat Enterprise Linux Server - TUS 7.7 x86_64
  • Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64
  • Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
• python-imaging
  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64
• Red Hat Decision Manager 7.7.0
  • Red Hat JBoss Middleware Text-Only Advisories for MIDDLEWARE 1 x86_64

Threats:

Attacker could exploit these vulnerabilities by doing the following:

• Buffer overflow
• Escalation of privilege
• Denial of service attack (DoS)

Best practice and Recommendations:

The CERT team encourages users to review Red Hat security advisory and apply the necessary updates:

• https://access.redhat.com/errata/RHSA-2020:0892
• https://access.redhat.com/errata/RHSA-2020:0895
• https://access.redhat.com/errata/RHSA-2020:0896
• https://access.redhat.com/errata/RHSA-2020:0897
• https://access.redhat.com/errata/RHSA-2020:0898
• https://access.redhat.com/errata/RHSA-2020:0899