The official site for Saudi CERT
Red Hat Updates
2392
Warning Date
Severity Level
Warning Number
Target Sector
22 June, 2020
● High
2020-1375
All
Description:
Red Hat has released security updates to address vulnerabilities in the following products:
- Red Hat build of Quarkus 1.3.4
- Red Hat Build of Quarkus
- Red Hat build of Eclipse Vert.x 3.9.1
- Red Hat Openshift Application Runtimes
- AMQ Clients 2.7.0
- Red Hat JBoss AMQ Clients
- OpenShift Container Platform 4.3.25, openshift-enterprise-apb-tools-container security update, openshift-enterprise-hyperkube-container security update
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Container Platform for Power
- OpenShift Container Platform 4.4.8, containernetworking-plugins, openshift-enterprise-hyperkube-container
- Red Hat OpenShift Container Platform
- OpenShift Container Platform 3.11 jenkins-2-plugins, atomic-openshift
- Red Hat OpenShift Container Platform for Power
- Red Hat OpenShift Container Platform
- thunderbird security
- Red Hat Enterprise Linux for x86_64 - Extended Update Support
- Red Hat Enterprise Linux Workstation
- Red Hat Enterprise Linux Server – TUS
- Red Hat Enterprise Linux Workstation
- Red Hat Enterprise Linux for Power, little endian
- Red Hat Enterprise Linux Desktop
- Red Hat Enterprise Linux Server
- Red Hat Enterprise Linux Server - Update Services for SAP Solutions
- Red Hat Ansible Tower 3.7.1-1 - RHEL7 Container
- Red Hat Ansible Tower
- Red Hat AMQ Streams 1.5.0
- Red Hat JBoss Middleware
- Red Hat Fuse 7.6.0 on EAP
- Red Hat JBoss Middleware
- rh-nodejs8-nodejs
- Red Hat Software Collections (for RHEL Workstation)
- gnutls
- Red Hat Enterprise Linux Server – TUS
- Red Hat Enterprise Linux for x86_64 - Extended Update Support
- Red Hat Enterprise Linux Server - Update Services for SAP Solutions
- unbound
- Red Hat Enterprise Linux Workstation
- grafana
- Red Hat Enterprise Linux Server - TUS
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Bypass of a protection mechanism
- Server-side request forgery (SSRF)
- Man in the middle attack
- Denial of service attack (DoS)
Best practice and Recommendations:
The CERT team encourages users to review Red Hat security advisory and apply the necessary updates:
- https://access.redhat.com/errata/RHSA-2020:2603
- https://access.redhat.com/errata/RHSA-2020:2391
- https://access.redhat.com/errata/RHSA-2020:2605
- https://access.redhat.com/errata/RHSA-2020:2440
- https://access.redhat.com/errata/RHSA-2020:2443
- https://access.redhat.com/errata/RHSA-2020:2448
- https://access.redhat.com/errata/RHSA-2020:2439
- https://access.redhat.com/errata/RHSA-2020:2442
- https://access.redhat.com/errata/RHSA-2020:2441
- https://access.redhat.com/errata/RHSA-2020:2403
- https://access.redhat.com/errata/RHSA-2020:2449
- https://access.redhat.com/errata/RHSA-2020:2478
- https://access.redhat.com/errata/RHSA-2020:2479
- https://access.redhat.com/errata/RHSA-2020:2611
- https://access.redhat.com/errata/RHSA-2020:2613
- https://access.redhat.com/errata/RHSA-2020:2614
- https://access.redhat.com/errata/RHSA-2020:2615
- https://access.redhat.com/errata/RHSA-2020:2616
- https://access.redhat.com/errata/RHSA-2020:2617
- https://access.redhat.com/errata/RHSA-2020:2618
- https://access.redhat.com/errata/RHSA-2020:2619
- https://access.redhat.com/errata/RHSA-2020:2625
- https://access.redhat.com/errata/RHSA-2020:2637
Rate the content
Share the page
