Docker centos:centos7.8.2003

Vulnerabilities

43 via 43 paths

Dependencies

147

Source

Group 6 Copy Created with Sketch. Docker

Target OS

centos:7
Test your Docker Hub image against our market leading vulnerability database Sign up for free
Severity
  • 7
  • 32
  • 4
Status
  • 43
  • 0
  • 0

high severity

RHSA-2020:2344

  • Vulnerable module: bind-license
  • Introduced through: bind-license@32:9.11.4-16.P2.el7
  • Fixed in: 32:9.11.4-16.P2.el7_8.6

Detailed paths

  • Introduced through: centos:centos7.8.2003@* bind-license@32:9.11.4-16.P2.el7

NVD Description

Note: Versions mentioned in the description apply to the upstream bind-license package. See Remediation section below for Centos:7 relevant versions.

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) * bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c (CVE-2020-8617) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:7 bind-license to version 32:9.11.4-16.P2.el7_8.6 or higher.

References

high severity

RHSA-2021:0671

  • Vulnerable module: bind-license
  • Introduced through: bind-license@32:9.11.4-16.P2.el7
  • Fixed in: 32:9.11.4-26.P2.el7_9.4

Detailed paths

  • Introduced through: centos:centos7.8.2003@* bind-license@32:9.11.4-16.P2.el7

NVD Description

Note: Versions mentioned in the description apply to the upstream bind-license package. See Remediation section below for Centos:7 relevant versions.

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation (CVE-2020-8625) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:7 bind-license to version 32:9.11.4-26.P2.el7_9.4 or higher.

References

high severity

RHSA-2021:1469

  • Vulnerable module: bind-license
  • Introduced through: bind-license@32:9.11.4-16.P2.el7
  • Fixed in: 32:9.11.4-26.P2.el7_9.5

Detailed paths

  • Introduced through: centos:centos7.8.2003@* bind-license@32:9.11.4-16.P2.el7

NVD Description

Note: Versions mentioned in the description apply to the upstream bind-license package. See Remediation section below for Centos:7 relevant versions.

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself (CVE-2021-25215) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:7 bind-license to version 32:9.11.4-26.P2.el7_9.5 or higher.

References

high severity

RHSA-2020:2894

  • Vulnerable module: dbus
  • Introduced through: dbus@1:1.10.24-13.el7_6
  • Fixed in: 1:1.10.24-14.el7_8

Detailed paths

  • Introduced through: centos:centos7.8.2003@* dbus@1:1.10.24-13.el7_6

NVD Description

Note: Versions mentioned in the description apply to the upstream dbus package. See Remediation section below for Centos:7 relevant versions.

D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fix(es): * dbus: denial of service via file descriptor leak (CVE-2020-12049) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:7 dbus to version 1:1.10.24-14.el7_8 or higher.

References

high severity

RHSA-2020:2894

  • Vulnerable module: dbus-libs
  • Introduced through: dbus-libs@1:1.10.24-13.el7_6
  • Fixed in: 1:1.10.24-14.el7_8

Detailed paths

  • Introduced through: centos:centos7.8.2003@* dbus-libs@1:1.10.24-13.el7_6

NVD Description

Note: Versions mentioned in the description apply to the upstream dbus-libs package. See Remediation section below for Centos:7 relevant versions.

D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fix(es): * dbus: denial of service via file descriptor leak (CVE-2020-12049) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:7 dbus-libs to version 1:1.10.24-14.el7_8 or higher.

References

high severity

RHSA-2021:2147

  • Vulnerable module: glib2
  • Introduced through: glib2@2.56.1-5.el7
  • Fixed in: 0:2.56.1-9.el7_9

Detailed paths

  • Introduced through: centos:centos7.8.2003@* glib2@2.56.1-5.el7

NVD Description

Note: Versions mentioned in the description apply to the upstream glib2 package. See Remediation section below for Centos:7 relevant versions.

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fix(es): * glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits (CVE-2021-27219) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:7 glib2 to version 0:2.56.1-9.el7_9 or higher.

References

high severity

RHSA-2020:5566

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.0.2k-19.el7
  • Fixed in: 1:1.0.2k-21.el7_9

Detailed paths

  • Introduced through: centos:centos7.8.2003@* openssl-libs@1:1.0.2k-19.el7

NVD Description

Note: Versions mentioned in the description apply to the upstream openssl-libs package. See Remediation section below for Centos:7 relevant versions.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:7 openssl-libs to version 1:1.0.2k-21.el7_9 or higher.

References

medium severity

RHSA-2020:5011

  • Vulnerable module: bind-license
  • Introduced through: bind-license@32:9.11.4-16.P2.el7
  • Fixed in: 32:9.11.4-26.P2.el7_9.2

Detailed paths

  • Introduced through: centos:centos7.8.2003@* bind-license@32:9.11.4-16.P2.el7

NVD Description

Note: Versions mentioned in the description apply to the upstream bind-license package. See Remediation section below for Centos:7 relevant versions.

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: truncated TSIG response can lead to an assertion failure (CVE-2020-8622) * bind: remotely triggerable assertion failure in pk11.c (CVE-2020-8623) * bind: incorrect enforcement of update-policy rules of type "subdomain" (CVE-2020-8624) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * BIND stops DNSKEY lookup in get_dst_key() when a key with unsupported algorithm is found first [RHEL7] (BZ#1884530)

Remediation

Upgrade Centos:7 bind-license to version 32:9.11.4-26.P2.el7_9.2 or higher.

References

medium severity

RHSA-2020:3908

  • Vulnerable module: cpio
  • Introduced through: cpio@2.11-27.el7
  • Fixed in: 0:2.11-28.el7

Detailed paths

  • Introduced through: centos:centos7.8.2003@* cpio@2.11-27.el7

NVD Description

Note: Versions mentioned in the description apply to the upstream cpio package. See Remediation section below for Centos:7 relevant versions.

The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. Security Fix(es): * cpio: improper input validation when writing tar header fields leads to unexpect tar generation (CVE-2019-14866) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Remediation

Upgrade Centos:7 cpio to version 0:2.11-28.el7 or higher.

References

medium severity

RHSA-2020:3916

  • Vulnerable module: curl
  • Introduced through: curl@7.29.0-57.el7
  • Fixed in: 0:7.29.0-59.el7

Detailed paths

  • Introduced through: centos:centos7.8.2003@* curl@7.29.0-57.el7

NVD Description

Note: Versions mentioned in the description apply to the upstream curl package. See Remediation section below for Centos:7 relevant versions.

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Remediation

Upgrade Centos:7 curl to version 0:7.29.0-59.el7 or higher.

References

medium severity

RHSA-2020:5002

  • Vulnerable module: curl
  • Introduced through: curl@7.29.0-57.el7
  • Fixed in: 0:7.29.0-59.el7_9.1

Detailed paths

  • Introduced through: centos:centos7.8.2003@* curl@7.29.0-57.el7

NVD Description

Note: Versions mentioned in the description apply to the upstream curl package. See Remediation section below for Centos:7 relevant versions.

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: Incorrect argument check can allow remote servers to overwrite local files (CVE-2020-8177) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:7 curl to version 0:7.29.0-59.el7_9.1 or higher.

References

medium severity

RHSA-2020:4032

  • Vulnerable module: dbus
  • Introduced through: dbus@1:1.10.24-13.el7_6
  • Fixed in: 1:1.10.24-15.el7

Detailed paths

  • Introduced through: centos:centos7.8.2003@* dbus@1:1.10.24-13.el7_6

NVD Description

Note: Versions mentioned in the description apply to the upstream dbus package. See Remediation section below for Centos:7 relevant versions.

D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fix(es): * dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass (CVE-2019-12749) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Remediation

Upgrade Centos:7 dbus to version 1:1.10.24-15.el7 or higher.

References

medium severity

RHSA-2020:4032

  • Vulnerable module: dbus-libs
  • Introduced through: dbus-libs@1:1.10.24-13.el7_6
  • Fixed in: 1:1.10.24-15.el7

Detailed paths

  • Introduced through: centos:centos7.8.2003@* dbus-libs@1:1.10.24-13.el7_6

NVD Description

Note: Versions mentioned in the description apply to the upstream dbus-libs package. See Remediation section below for Centos:7 relevant versions.

D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fix(es): * dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass (CVE-2019-12749) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Remediation

Upgrade Centos:7 dbus-libs to version 1:1.10.24-15.el7 or higher.

References

medium severity

RHSA-2020:3952

  • Vulnerable module: expat
  • Introduced through: expat@2.1.0-11.el7
  • Fixed in: 0:2.1.0-12.el7

Detailed paths

  • Introduced through: centos:centos7.8.2003@* expat@2.1.0-11.el7

NVD Description

Note: Versions mentioned in the description apply to the upstream expat package. See Remediation section below for Centos:7 relevant versions.

Expat is a C library for parsing XML documents. Security Fix(es): * expat: large number of colons in input makes parser consume high amount of resources, leading to DoS (CVE-2018-20843) * expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Remediation

Upgrade Centos:7 expat to version 0:2.1.0-12.el7 or higher.

References

medium severity

RHSA-2020:3978

  • Vulnerable module: glib2
  • Introduced through: glib2@2.56.1-5.el7
  • Fixed in: 0:2.56.1-7.el7

Detailed paths

  • Introduced through: centos:centos7.8.2003@* glib2@2.56.1-5.el7

NVD Description

Note: Versions mentioned in the description apply to the upstream glib2 package. See Remediation section below for Centos:7 relevant versions.

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. The Intelligent Input Bus (IBus) is an input method framework for multilingual input in Unix-like operating systems. Security Fix(es): * glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress (CVE-2019-12450) * ibus: missing authorization allows local attacker to access the input bus of another user (CVE-2019-14822) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Remediation

Upgrade Centos:7 glib2 to version 0:2.56.1-7.el7 or higher.

References

medium severity

RHSA-2021:0348

  • Vulnerable module: glibc
  • Introduced through: glibc@2.17-307.el7.1
  • Fixed in: 0:2.17-322.el7_9

Detailed paths

  • Introduced through: centos:centos7.8.2003@* glibc@2.17-307.el7.1

NVD Description

Note: Versions mentioned in the description apply to the upstream glibc package. See Remediation section below for Centos:7 relevant versions.

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding (CVE-2019-25013) * glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions (CVE-2020-10029) * glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern (CVE-2020-29573) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * glibc: 64bit_strstr_via_64bit_strstr_sse2_unaligned detection fails with large device and inode numbers (BZ#1883162) * glibc: Performance regression in ebizzy benchmark (BZ#1889977)

Remediation

Upgrade Centos:7 glibc to version 0:2.17-322.el7_9 or higher.

References

medium severity

RHSA-2021:0348

  • Vulnerable module: glibc-common
  • Introduced through: glibc-common@2.17-307.el7.1
  • Fixed in: 0:2.17-322.el7_9

Detailed paths

  • Introduced through: centos:centos7.8.2003@* glibc-common@2.17-307.el7.1

NVD Description

Note: Versions mentioned in the description apply to the upstream glibc-common package. See Remediation section below for Centos:7 relevant versions.

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding (CVE-2019-25013) * glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions (CVE-2020-10029) * glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern (CVE-2020-29573) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * glibc: 64bit_strstr_via_64bit_strstr_sse2_unaligned detection fails with large device and inode numbers (BZ#1883162) * glibc: Performance regression in ebizzy benchmark (BZ#1889977)

Remediation

Upgrade Centos:7 glibc-common to version 0:2.17-322.el7_9 or higher.

References

medium severity

RHSA-2020:4011

  • Vulnerable module: libcom_err
  • Introduced through: libcom_err@1.42.9-17.el7
  • Fixed in: 0:1.42.9-19.el7

Detailed paths

  • Introduced through: centos:centos7.8.2003@* libcom_err@1.42.9-17.el7

NVD Description

Note: Versions mentioned in the description apply to the upstream libcom_err package. See Remediation section below for Centos:7 relevant versions.

The e2fsprogs packages provide a number of utilities for creating, checking, modifying, and correcting the ext2, ext3, and ext4 file systems. Security Fix(es): * e2fsprogs: Crafted ext4 partition leads to out-of-bounds write (CVE-2019-5094) * e2fsprogs: Out-of-bounds write in e2fsck/rehash.c (CVE-2019-5188) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Remediation

Upgrade Centos:7 libcom_err to version 0:1.42.9-19.el7 or higher.

References

medium severity

RHSA-2020:3916

  • Vulnerable module: libcurl
  • Introduced through: libcurl@7.29.0-57.el7
  • Fixed in: 0:7.29.0-59.el7

Detailed paths

  • Introduced through: centos:centos7.8.2003@* libcurl@7.29.0-57.el7

NVD Description

Note: Versions mentioned in the description apply to the upstream libcurl package. See Remediation section below for Centos:7 relevant versions.

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Remediation

Upgrade Centos:7 libcurl to version 0:7.29.0-59.el7 or higher.

References

medium severity

RHSA-2020:5002

  • Vulnerable module: libcurl
  • Introduced through: libcurl@7.29.0-57.el7
  • Fixed in: 0:7.29.0-59.el7_9.1

Detailed paths

  • Introduced through: centos:centos7.8.2003@* libcurl@7.29.0-57.el7

NVD Description

Note: Versions mentioned in the description apply to the upstream libcurl package. See Remediation section below for Centos:7 relevant versions.

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: Incorrect argument check can allow remote servers to overwrite local files (CVE-2020-8177) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:7 libcurl to version 0:7.29.0-59.el7_9.1 or higher.

References

medium severity

RHSA-2020:3915

  • Vulnerable module: libssh2
  • Introduced through: libssh2@1.8.0-3.el7
  • Fixed in: 0:1.8.0-4.el7

Detailed paths

  • Introduced through: centos:centos7.8.2003@* libssh2@1.8.0-3.el7

NVD Description

Note: Versions mentioned in the description apply to the upstream libssh2 package. See Remediation section below for Centos:7 relevant versions.

The libssh2 packages provide a library that implements the SSH2 protocol. Security Fix(es): * libssh2: integer overflow in SSH_MSG_DISCONNECT logic in packet.c (CVE-2019-17498) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Remediation

Upgrade Centos:7 libssh2 to version 0:1.8.0-4.el7 or higher.

References

medium severity

RHSA-2020:3996

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.1-6.el7.4
  • Fixed in: 0:2.9.1-6.el7.5

Detailed paths

  • Introduced through: centos:centos7.8.2003@* libxml2@2.9.1-6.el7.4

NVD Description

Note: Versions mentioned in the description apply to the upstream libxml2 package. See Remediation section below for Centos:7 relevant versions.

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c (CVE-2019-19956) * libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388) * libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Remediation

Upgrade Centos:7 libxml2 to version 0:2.9.1-6.el7.5 or higher.

References

medium severity

RHSA-2020:3996

  • Vulnerable module: libxml2-python
  • Introduced through: libxml2-python@2.9.1-6.el7.4
  • Fixed in: 0:2.9.1-6.el7.5

Detailed paths

  • Introduced through: centos:centos7.8.2003@* libxml2-python@2.9.1-6.el7.4

NVD Description

Note: Versions mentioned in the description apply to the upstream libxml2-python package. See Remediation section below for Centos:7 relevant versions.

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c (CVE-2019-19956) * libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388) * libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Remediation

Upgrade Centos:7 libxml2-python to version 0:2.9.1-6.el7.5 or higher.

References

medium severity

RHSA-2020:4076

  • Vulnerable module: nspr
  • Introduced through: nspr@4.21.0-1.el7
  • Fixed in: 0:4.25.0-2.el7_9

Detailed paths

  • Introduced through: centos:centos7.8.2003@* nspr@4.21.0-1.el7

NVD Description

Note: Versions mentioned in the description apply to the upstream nspr package. See Remediation section below for Centos:7 relevant versions.

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a later upstream version: nss (3.53.1), nss-softokn (3.53.1), nss-util (3.53.1), nspr (4.25.0). (BZ#1804262, BZ#1804264, BZ#1804271, BZ#1804273) Security Fix(es): * nss: Out-of-bounds read when importing curve25519 private key (CVE-2019-11719) * nss: Use-after-free in sftk_FreeSession due to improper refcounting (CVE-2019-11756) * nss: Check length of inputs for cryptographic primitives (CVE-2019-17006) * nss: Side channel attack on ECDSA signature generation (CVE-2020-6829) * nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function (CVE-2020-12400) * nss: ECDSA timing attack mitigation bypass (CVE-2020-12401) * nss: Side channel vulnerabilities during RSA key generation (CVE-2020-12402) * nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read (CVE-2020-12403) * nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 (CVE-2019-11727) * nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state (CVE-2019-17023) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Memory leak: libcurl leaks 120 bytes on each connection (BZ#1688958) * NSS does not set downgrade sentinel in ServerHello.random for TLS 1.0 and TLS 1.1 (BZ#1712924) * Make TLS 1.3 work in FIPS mode (BZ#1724251) * Name Constraints validation: CN treated as DNS name even when syntactically invalid as DNS name (BZ#1737910) * x25519 allowed in FIPS mode (BZ#1754518) * When NSS_SDB_USE_CACHE not set, after curl access https, dentry increase but never released - consider alternative algorithm for benchmarking ACCESS call in sdb_measureAccess (BZ#1779325) * Running ipa-backup continuously causes httpd to crash and makes it irrecoverable (BZ#1804015) * nss needs to comply to the new SP800-56A rev 3 requirements (BZ#1857308) * KDF-self-tests-induced changes for nss in RHEL 7.9 (BZ#1870885)

Remediation

Upgrade Centos:7 nspr to version 0:4.25.0-2.el7_9 or higher.

References

medium severity

RHSA-2020:4076

  • Vulnerable module: nss
  • Introduced through: nss@3.44.0-7.el7_7
  • Fixed in: 0:3.53.1-3.el7_9

Detailed paths

  • Introduced through: centos:centos7.8.2003@* nss@3.44.0-7.el7_7

NVD Description

Note: Versions mentioned in the description apply to the upstream nss package. See Remediation section below for Centos:7 relevant versions.

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a later upstream version: nss (3.53.1), nss-softokn (3.53.1), nss-util (3.53.1), nspr (4.25.0). (BZ#1804262, BZ#1804264, BZ#1804271, BZ#1804273) Security Fix(es): * nss: Out-of-bounds read when importing curve25519 private key (CVE-2019-11719) * nss: Use-after-free in sftk_FreeSession due to improper refcounting (CVE-2019-11756) * nss: Check length of inputs for cryptographic primitives (CVE-2019-17006) * nss: Side channel attack on ECDSA signature generation (CVE-2020-6829) * nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function (CVE-2020-12400) * nss: ECDSA timing attack mitigation bypass (CVE-2020-12401) * nss: Side channel vulnerabilities during RSA key generation (CVE-2020-12402) * nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read (CVE-2020-12403) * nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 (CVE-2019-11727) * nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state (CVE-2019-17023) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Memory leak: libcurl leaks 120 bytes on each connection (BZ#1688958) * NSS does not set downgrade sentinel in ServerHello.random for TLS 1.0 and TLS 1.1 (BZ#1712924) * Make TLS 1.3 work in FIPS mode (BZ#1724251) * Name Constraints validation: CN treated as DNS name even when syntactically invalid as DNS name (BZ#1737910) * x25519 allowed in FIPS mode (BZ#1754518) * When NSS_SDB_USE_CACHE not set, after curl access https, dentry increase but never released - consider alternative algorithm for benchmarking ACCESS call in sdb_measureAccess (BZ#1779325) * Running ipa-backup continuously causes httpd to crash and makes it irrecoverable (BZ#1804015) * nss needs to comply to the new SP800-56A rev 3 requirements (BZ#1857308) * KDF-self-tests-induced changes for nss in RHEL 7.9 (BZ#1870885)

Remediation

Upgrade Centos:7 nss to version 0:3.53.1-3.el7_9 or higher.

References

medium severity

RHSA-2021:1384

  • Vulnerable module: nss
  • Introduced through: nss@3.44.0-7.el7_7
  • Fixed in: 0:3.53.1-7.el7_9

Detailed paths

  • Introduced through: centos:centos7.8.2003@* nss@3.44.0-7.el7_7

NVD Description

Note: Versions mentioned in the description apply to the upstream nss package. See Remediation section below for Centos:7 relevant versions.

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es): * nss: TLS 1.3 CCS flood remote DoS Attack (CVE-2020-25648) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * FTBFS: Paypal Cert expired (BZ#1883973) * FTBFS: IKE CLASS_1563 fails gtest (BZ#1884793) * Cannot compile code with nss headers and -Werror=strict-prototypes (BZ#1885321) * CA HSM ncipher token disabled after RHEL-7.9 update (BZ#1932193)

Remediation

Upgrade Centos:7 nss to version 0:3.53.1-7.el7_9 or higher.

References

medium severity

RHSA-2020:4076

  • Vulnerable module: nss-softokn
  • Introduced through: nss-softokn@3.44.0-8.el7_7
  • Fixed in: 0:3.53.1-6.el7_9

Detailed paths

  • Introduced through: centos:centos7.8.2003@* nss-softokn@3.44.0-8.el7_7

NVD Description

Note: Versions mentioned in the description apply to the upstream nss-softokn package. See Remediation section below for Centos:7 relevant versions.

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a later upstream version: nss (3.53.1), nss-softokn (3.53.1), nss-util (3.53.1), nspr (4.25.0). (BZ#1804262, BZ#1804264, BZ#1804271, BZ#1804273) Security Fix(es): * nss: Out-of-bounds read when importing curve25519 private key (CVE-2019-11719) * nss: Use-after-free in sftk_FreeSession due to improper refcounting (CVE-2019-11756) * nss: Check length of inputs for cryptographic primitives (CVE-2019-17006) * nss: Side channel attack on ECDSA signature generation (CVE-2020-6829) * nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function (CVE-2020-12400) * nss: ECDSA timing attack mitigation bypass (CVE-2020-12401) * nss: Side channel vulnerabilities during RSA key generation (CVE-2020-12402) * nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read (CVE-2020-12403) * nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 (CVE-2019-11727) * nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state (CVE-2019-17023) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Memory leak: libcurl leaks 120 bytes on each connection (BZ#1688958) * NSS does not set downgrade sentinel in ServerHello.random for TLS 1.0 and TLS 1.1 (BZ#1712924) * Make TLS 1.3 work in FIPS mode (BZ#1724251) * Name Constraints validation: CN treated as DNS name even when syntactically invalid as DNS name (BZ#1737910) * x25519 allowed in FIPS mode (BZ#1754518) * When NSS_SDB_USE_CACHE not set, after curl access https, dentry increase but never released - consider alternative algorithm for benchmarking ACCESS call in sdb_measureAccess (BZ#1779325) * Running ipa-backup continuously causes httpd to crash and makes it irrecoverable (BZ#1804015) * nss needs to comply to the new SP800-56A rev 3 requirements (BZ#1857308) * KDF-self-tests-induced changes for nss in RHEL 7.9 (BZ#1870885)

Remediation

Upgrade Centos:7 nss-softokn to version 0:3.53.1-6.el7_9 or higher.

References

medium severity

RHSA-2020:4076

  • Vulnerable module: nss-softokn-freebl
  • Introduced through: nss-softokn-freebl@3.44.0-8.el7_7
  • Fixed in: 0:3.53.1-6.el7_9

Detailed paths

  • Introduced through: centos:centos7.8.2003@* nss-softokn-freebl@3.44.0-8.el7_7

NVD Description

Note: Versions mentioned in the description apply to the upstream nss-softokn-freebl package. See Remediation section below for Centos:7 relevant versions.

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a later upstream version: nss (3.53.1), nss-softokn (3.53.1), nss-util (3.53.1), nspr (4.25.0). (BZ#1804262, BZ#1804264, BZ#1804271, BZ#1804273) Security Fix(es): * nss: Out-of-bounds read when importing curve25519 private key (CVE-2019-11719) * nss: Use-after-free in sftk_FreeSession due to improper refcounting (CVE-2019-11756) * nss: Check length of inputs for cryptographic primitives (CVE-2019-17006) * nss: Side channel attack on ECDSA signature generation (CVE-2020-6829) * nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function (CVE-2020-12400) * nss: ECDSA timing attack mitigation bypass (CVE-2020-12401) * nss: Side channel vulnerabilities during RSA key generation (CVE-2020-12402) * nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read (CVE-2020-12403) * nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 (CVE-2019-11727) * nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state (CVE-2019-17023) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Memory leak: libcurl leaks 120 bytes on each connection (BZ#1688958) * NSS does not set downgrade sentinel in ServerHello.random for TLS 1.0 and TLS 1.1 (BZ#1712924) * Make TLS 1.3 work in FIPS mode (BZ#1724251) * Name Constraints validation: CN treated as DNS name even when syntactically invalid as DNS name (BZ#1737910) * x25519 allowed in FIPS mode (BZ#1754518) * When NSS_SDB_USE_CACHE not set, after curl access https, dentry increase but never released - consider alternative algorithm for benchmarking ACCESS call in sdb_measureAccess (BZ#1779325) * Running ipa-backup continuously causes httpd to crash and makes it irrecoverable (BZ#1804015) * nss needs to comply to the new SP800-56A rev 3 requirements (BZ#1857308) * KDF-self-tests-induced changes for nss in RHEL 7.9 (BZ#1870885)

Remediation

Upgrade Centos:7 nss-softokn-freebl to version 0:3.53.1-6.el7_9 or higher.

References

medium severity

RHSA-2020:4076

  • Vulnerable module: nss-sysinit
  • Introduced through: nss-sysinit@3.44.0-7.el7_7
  • Fixed in: 0:3.53.1-3.el7_9

Detailed paths

  • Introduced through: centos:centos7.8.2003@* nss-sysinit@3.44.0-7.el7_7

NVD Description

Note: Versions mentioned in the description apply to the upstream nss-sysinit package. See Remediation section below for Centos:7 relevant versions.

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a later upstream version: nss (3.53.1), nss-softokn (3.53.1), nss-util (3.53.1), nspr (4.25.0). (BZ#1804262, BZ#1804264, BZ#1804271, BZ#1804273) Security Fix(es): * nss: Out-of-bounds read when importing curve25519 private key (CVE-2019-11719) * nss: Use-after-free in sftk_FreeSession due to improper refcounting (CVE-2019-11756) * nss: Check length of inputs for cryptographic primitives (CVE-2019-17006) * nss: Side channel attack on ECDSA signature generation (CVE-2020-6829) * nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function (CVE-2020-12400) * nss: ECDSA timing attack mitigation bypass (CVE-2020-12401) * nss: Side channel vulnerabilities during RSA key generation (CVE-2020-12402) * nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read (CVE-2020-12403) * nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 (CVE-2019-11727) * nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state (CVE-2019-17023) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Memory leak: libcurl leaks 120 bytes on each connection (BZ#1688958) * NSS does not set downgrade sentinel in ServerHello.random for TLS 1.0 and TLS 1.1 (BZ#1712924) * Make TLS 1.3 work in FIPS mode (BZ#1724251) * Name Constraints validation: CN treated as DNS name even when syntactically invalid as DNS name (BZ#1737910) * x25519 allowed in FIPS mode (BZ#1754518) * When NSS_SDB_USE_CACHE not set, after curl access https, dentry increase but never released - consider alternative algorithm for benchmarking ACCESS call in sdb_measureAccess (BZ#1779325) * Running ipa-backup continuously causes httpd to crash and makes it irrecoverable (BZ#1804015) * nss needs to comply to the new SP800-56A rev 3 requirements (BZ#1857308) * KDF-self-tests-induced changes for nss in RHEL 7.9 (BZ#1870885)

Remediation

Upgrade Centos:7 nss-sysinit to version 0:3.53.1-3.el7_9 or higher.

References

medium severity

RHSA-2021:1384

  • Vulnerable module: nss-sysinit
  • Introduced through: nss-sysinit@3.44.0-7.el7_7
  • Fixed in: 0:3.53.1-7.el7_9

Detailed paths

  • Introduced through: centos:centos7.8.2003@* nss-sysinit@3.44.0-7.el7_7

NVD Description

Note: Versions mentioned in the description apply to the upstream nss-sysinit package. See Remediation section below for Centos:7 relevant versions.

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es): * nss: TLS 1.3 CCS flood remote DoS Attack (CVE-2020-25648) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * FTBFS: Paypal Cert expired (BZ#1883973) * FTBFS: IKE CLASS_1563 fails gtest (BZ#1884793) * Cannot compile code with nss headers and -Werror=strict-prototypes (BZ#1885321) * CA HSM ncipher token disabled after RHEL-7.9 update (BZ#1932193)

Remediation

Upgrade Centos:7 nss-sysinit to version 0:3.53.1-7.el7_9 or higher.

References

medium severity

RHSA-2020:4076

  • Vulnerable module: nss-tools
  • Introduced through: nss-tools@3.44.0-7.el7_7
  • Fixed in: 0:3.53.1-3.el7_9

Detailed paths

  • Introduced through: centos:centos7.8.2003@* nss-tools@3.44.0-7.el7_7

NVD Description

Note: Versions mentioned in the description apply to the upstream nss-tools package. See Remediation section below for Centos:7 relevant versions.

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a later upstream version: nss (3.53.1), nss-softokn (3.53.1), nss-util (3.53.1), nspr (4.25.0). (BZ#1804262, BZ#1804264, BZ#1804271, BZ#1804273) Security Fix(es): * nss: Out-of-bounds read when importing curve25519 private key (CVE-2019-11719) * nss: Use-after-free in sftk_FreeSession due to improper refcounting (CVE-2019-11756) * nss: Check length of inputs for cryptographic primitives (CVE-2019-17006) * nss: Side channel attack on ECDSA signature generation (CVE-2020-6829) * nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function (CVE-2020-12400) * nss: ECDSA timing attack mitigation bypass (CVE-2020-12401) * nss: Side channel vulnerabilities during RSA key generation (CVE-2020-12402) * nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read (CVE-2020-12403) * nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 (CVE-2019-11727) * nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state (CVE-2019-17023) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Memory leak: libcurl leaks 120 bytes on each connection (BZ#1688958) * NSS does not set downgrade sentinel in ServerHello.random for TLS 1.0 and TLS 1.1 (BZ#1712924) * Make TLS 1.3 work in FIPS mode (BZ#1724251) * Name Constraints validation: CN treated as DNS name even when syntactically invalid as DNS name (BZ#1737910) * x25519 allowed in FIPS mode (BZ#1754518) * When NSS_SDB_USE_CACHE not set, after curl access https, dentry increase but never released - consider alternative algorithm for benchmarking ACCESS call in sdb_measureAccess (BZ#1779325) * Running ipa-backup continuously causes httpd to crash and makes it irrecoverable (BZ#1804015) * nss needs to comply to the new SP800-56A rev 3 requirements (BZ#1857308) * KDF-self-tests-induced changes for nss in RHEL 7.9 (BZ#1870885)

Remediation

Upgrade Centos:7 nss-tools to version 0:3.53.1-3.el7_9 or higher.

References

medium severity

RHSA-2021:1384

  • Vulnerable module: nss-tools
  • Introduced through: nss-tools@3.44.0-7.el7_7
  • Fixed in: 0:3.53.1-7.el7_9

Detailed paths

  • Introduced through: centos:centos7.8.2003@* nss-tools@3.44.0-7.el7_7

NVD Description

Note: Versions mentioned in the description apply to the upstream nss-tools package. See Remediation section below for Centos:7 relevant versions.

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es): * nss: TLS 1.3 CCS flood remote DoS Attack (CVE-2020-25648) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * FTBFS: Paypal Cert expired (BZ#1883973) * FTBFS: IKE CLASS_1563 fails gtest (BZ#1884793) * Cannot compile code with nss headers and -Werror=strict-prototypes (BZ#1885321) * CA HSM ncipher token disabled after RHEL-7.9 update (BZ#1932193)

Remediation

Upgrade Centos:7 nss-tools to version 0:3.53.1-7.el7_9 or higher.

References

medium severity

RHSA-2020:4076

  • Vulnerable module: nss-util
  • Introduced through: nss-util@3.44.0-4.el7_7
  • Fixed in: 0:3.53.1-1.el7_9

Detailed paths

  • Introduced through: centos:centos7.8.2003@* nss-util@3.44.0-4.el7_7

NVD Description

Note: Versions mentioned in the description apply to the upstream nss-util package. See Remediation section below for Centos:7 relevant versions.

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a later upstream version: nss (3.53.1), nss-softokn (3.53.1), nss-util (3.53.1), nspr (4.25.0). (BZ#1804262, BZ#1804264, BZ#1804271, BZ#1804273) Security Fix(es): * nss: Out-of-bounds read when importing curve25519 private key (CVE-2019-11719) * nss: Use-after-free in sftk_FreeSession due to improper refcounting (CVE-2019-11756) * nss: Check length of inputs for cryptographic primitives (CVE-2019-17006) * nss: Side channel attack on ECDSA signature generation (CVE-2020-6829) * nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function (CVE-2020-12400) * nss: ECDSA timing attack mitigation bypass (CVE-2020-12401) * nss: Side channel vulnerabilities during RSA key generation (CVE-2020-12402) * nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read (CVE-2020-12403) * nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 (CVE-2019-11727) * nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state (CVE-2019-17023) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Memory leak: libcurl leaks 120 bytes on each connection (BZ#1688958) * NSS does not set downgrade sentinel in ServerHello.random for TLS 1.0 and TLS 1.1 (BZ#1712924) * Make TLS 1.3 work in FIPS mode (BZ#1724251) * Name Constraints validation: CN treated as DNS name even when syntactically invalid as DNS name (BZ#1737910) * x25519 allowed in FIPS mode (BZ#1754518) * When NSS_SDB_USE_CACHE not set, after curl access https, dentry increase but never released - consider alternative algorithm for benchmarking ACCESS call in sdb_measureAccess (BZ#1779325) * Running ipa-backup continuously causes httpd to crash and makes it irrecoverable (BZ#1804015) * nss needs to comply to the new SP800-56A rev 3 requirements (BZ#1857308) * KDF-self-tests-induced changes for nss in RHEL 7.9 (BZ#1870885)

Remediation

Upgrade Centos:7 nss-util to version 0:3.53.1-1.el7_9 or higher.

References

medium severity

RHSA-2020:4041

  • Vulnerable module: openldap
  • Introduced through: openldap@2.4.44-21.el7_6
  • Fixed in: 0:2.4.44-22.el7

Detailed paths

  • Introduced through: centos:centos7.8.2003@* openldap@2.4.44-21.el7_6

NVD Description

Note: Versions mentioned in the description apply to the upstream openldap package. See Remediation section below for Centos:7 relevant versions.

OpenLDAP is an open-source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap packages contain configuration files, libraries, and documentation for OpenLDAP. Security Fix(es): * openldap: denial of service via nested boolean expressions in LDAP search filters (CVE-2020-12243) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Remediation

Upgrade Centos:7 openldap to version 0:2.4.44-22.el7 or higher.

References

medium severity

RHSA-2021:1389

  • Vulnerable module: openldap
  • Introduced through: openldap@2.4.44-21.el7_6
  • Fixed in: 0:2.4.44-23.el7_9

Detailed paths

  • Introduced through: centos:centos7.8.2003@* openldap@2.4.44-21.el7_6

NVD Description

Note: Versions mentioned in the description apply to the upstream openldap package. See Remediation section below for Centos:7 relevant versions.

OpenLDAP is an open-source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. Security Fix(es): * openldap: NULL pointer dereference for unauthenticated packet in slapd (CVE-2020-25692) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:7 openldap to version 0:2.4.44-23.el7_9 or higher.

References

medium severity

RHSA-2020:3911

  • Vulnerable module: python
  • Introduced through: python@2.7.5-88.el7
  • Fixed in: 0:2.7.5-89.el7

Detailed paths

  • Introduced through: centos:centos7.8.2003@* python@2.7.5-88.el7

NVD Description

Note: Versions mentioned in the description apply to the upstream python package. See Remediation section below for Centos:7 relevant versions.

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: XSS vulnerability in the documentation XML-RPC server in server_title field (CVE-2019-16935) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Remediation

Upgrade Centos:7 python to version 0:2.7.5-89.el7 or higher.

References

medium severity

RHSA-2020:5009

  • Vulnerable module: python
  • Introduced through: python@2.7.5-88.el7
  • Fixed in: 0:2.7.5-90.el7

Detailed paths

  • Introduced through: centos:centos7.8.2003@* python@2.7.5-88.el7

NVD Description

Note: Versions mentioned in the description apply to the upstream python package. See Remediation section below for Centos:7 relevant versions.

Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. Security Fix(es): * python: infinite loop in the tarfile module via crafted TAR archive (CVE-2019-20907) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:7 python to version 0:2.7.5-90.el7 or higher.

References

medium severity

RHSA-2020:3911

  • Vulnerable module: python-libs
  • Introduced through: python-libs@2.7.5-88.el7
  • Fixed in: 0:2.7.5-89.el7

Detailed paths

  • Introduced through: centos:centos7.8.2003@* python-libs@2.7.5-88.el7

NVD Description

Note: Versions mentioned in the description apply to the upstream python-libs package. See Remediation section below for Centos:7 relevant versions.

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: XSS vulnerability in the documentation XML-RPC server in server_title field (CVE-2019-16935) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Remediation

Upgrade Centos:7 python-libs to version 0:2.7.5-89.el7 or higher.

References

medium severity

RHSA-2020:5009

  • Vulnerable module: python-libs
  • Introduced through: python-libs@2.7.5-88.el7
  • Fixed in: 0:2.7.5-90.el7

Detailed paths

  • Introduced through: centos:centos7.8.2003@* python-libs@2.7.5-88.el7

NVD Description

Note: Versions mentioned in the description apply to the upstream python-libs package. See Remediation section below for Centos:7 relevant versions.

Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. Security Fix(es): * python: infinite loop in the tarfile module via crafted TAR archive (CVE-2019-20907) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:7 python-libs to version 0:2.7.5-90.el7 or higher.

References

low severity

RHSA-2020:3861

  • Vulnerable module: glibc
  • Introduced through: glibc@2.17-307.el7.1
  • Fixed in: 0:2.17-317.el7

Detailed paths

  • Introduced through: centos:centos7.8.2003@* glibc@2.17-307.el7.1

NVD Description

Note: Versions mentioned in the description apply to the upstream glibc package. See Remediation section below for Centos:7 relevant versions.

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries (CVE-2019-19126) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Remediation

Upgrade Centos:7 glibc to version 0:2.17-317.el7 or higher.

References

low severity

RHSA-2020:3861

  • Vulnerable module: glibc-common
  • Introduced through: glibc-common@2.17-307.el7.1
  • Fixed in: 0:2.17-317.el7

Detailed paths

  • Introduced through: centos:centos7.8.2003@* glibc-common@2.17-307.el7.1

NVD Description

Note: Versions mentioned in the description apply to the upstream glibc-common package. See Remediation section below for Centos:7 relevant versions.

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries (CVE-2019-19126) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Remediation

Upgrade Centos:7 glibc-common to version 0:2.17-317.el7 or higher.

References

low severity

RHSA-2020:4007

  • Vulnerable module: systemd
  • Introduced through: systemd@219-73.el7.1
  • Fixed in: 0:219-78.el7

Detailed paths

  • Introduced through: centos:centos7.8.2003@* systemd@219-73.el7.1

NVD Description

Note: Versions mentioned in the description apply to the upstream systemd package. See Remediation section below for Centos:7 relevant versions.

The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * systemd: memory leak in button_open() in login/logind-button.c when udev events are received (CVE-2019-20386) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Remediation

Upgrade Centos:7 systemd to version 0:219-78.el7 or higher.

References

low severity

RHSA-2020:4007

  • Vulnerable module: systemd-libs
  • Introduced through: systemd-libs@219-73.el7.1
  • Fixed in: 0:219-78.el7

Detailed paths

  • Introduced through: centos:centos7.8.2003@* systemd-libs@219-73.el7.1

NVD Description

Note: Versions mentioned in the description apply to the upstream systemd-libs package. See Remediation section below for Centos:7 relevant versions.

The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * systemd: memory leak in button_open() in login/logind-button.c when udev events are received (CVE-2019-20386) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Remediation

Upgrade Centos:7 systemd-libs to version 0:219-78.el7 or higher.

References