Docker centos:centos8.2.2004

Vulnerabilities

39 via 39 paths

Dependencies

172

Source

Group 6 Copy Created with Sketch. Docker

Target OS

centos:8
Test your Docker Hub image against our market leading vulnerability database Sign up for free
Severity
  • 11
  • 21
  • 7
Status
  • 39
  • 0
  • 0

high severity

RHSA-2020:2338

  • Vulnerable module: bind-export-libs
  • Introduced through: bind-export-libs@32:9.11.13-3.el8
  • Fixed in: 32:9.11.13-5.el8_2

Detailed paths

  • Introduced through: centos:centos8.2.2004@* bind-export-libs@32:9.11.13-3.el8

Overview

Affected versions of this package are vulnerable to RHSA-2020:2338. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) * bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c (CVE-2020-8617) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade bind-export-libs to version or higher.

References

high severity
new

RHSA-2021:0670

  • Vulnerable module: bind-export-libs
  • Introduced through: bind-export-libs@32:9.11.13-3.el8
  • Fixed in: 32:9.11.20-5.el8_3.1

Detailed paths

  • Introduced through: centos:centos8.2.2004@* bind-export-libs@32:9.11.13-3.el8

Overview

Affected versions of this package are vulnerable to RHSA-2021:0670. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation (CVE-2020-8625) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade bind-export-libs to version or higher.

References

high severity

RHSA-2020:3014

  • Vulnerable module: dbus
  • Introduced through: dbus@1:1.12.8-9.el8
  • Fixed in: 1:1.12.8-10.el8_2

Detailed paths

  • Introduced through: centos:centos8.2.2004@* dbus@1:1.12.8-9.el8

Overview

Affected versions of this package are vulnerable to RHSA-2020:3014. D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fix(es): * dbus: denial of service via file descriptor leak (CVE-2020-12049) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade dbus to version or higher.

References

high severity

RHSA-2020:3014

  • Vulnerable module: dbus-common
  • Introduced through: dbus-common@1:1.12.8-9.el8
  • Fixed in: 1:1.12.8-10.el8_2

Detailed paths

  • Introduced through: centos:centos8.2.2004@* dbus-common@1:1.12.8-9.el8

Overview

Affected versions of this package are vulnerable to RHSA-2020:3014. D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fix(es): * dbus: denial of service via file descriptor leak (CVE-2020-12049) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade dbus-common to version or higher.

References

high severity

RHSA-2020:3014

  • Vulnerable module: dbus-daemon
  • Introduced through: dbus-daemon@1:1.12.8-9.el8
  • Fixed in: 1:1.12.8-10.el8_2

Detailed paths

  • Introduced through: centos:centos8.2.2004@* dbus-daemon@1:1.12.8-9.el8

Overview

Affected versions of this package are vulnerable to RHSA-2020:3014. D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fix(es): * dbus: denial of service via file descriptor leak (CVE-2020-12049) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade dbus-daemon to version or higher.

References

high severity

RHSA-2020:3014

  • Vulnerable module: dbus-libs
  • Introduced through: dbus-libs@1:1.12.8-9.el8
  • Fixed in: 1:1.12.8-10.el8_2

Detailed paths

  • Introduced through: centos:centos8.2.2004@* dbus-libs@1:1.12.8-9.el8

Overview

Affected versions of this package are vulnerable to RHSA-2020:3014. D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fix(es): * dbus: denial of service via file descriptor leak (CVE-2020-12049) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade dbus-libs to version or higher.

References

high severity

RHSA-2020:3014

  • Vulnerable module: dbus-tools
  • Introduced through: dbus-tools@1:1.12.8-9.el8
  • Fixed in: 1:1.12.8-10.el8_2

Detailed paths

  • Introduced through: centos:centos8.2.2004@* dbus-tools@1:1.12.8-9.el8

Overview

Affected versions of this package are vulnerable to RHSA-2020:3014. D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fix(es): * dbus: denial of service via file descriptor leak (CVE-2020-12049) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade dbus-tools to version or higher.

References

high severity

RHSA-2020:2637

  • Vulnerable module: gnutls
  • Introduced through: gnutls@3.6.8-10.el8_2
  • Fixed in: 0:3.6.8-11.el8_2

Detailed paths

  • Introduced through: centos:centos8.2.2004@* gnutls@3.6.8-10.el8_2

Overview

Affected versions of this package are vulnerable to RHSA-2020:2637. The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fix(es): * gnutls: session resumption works without master key allowing MITM (CVE-2020-13777) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade gnutls to version or higher.

References

high severity

RHSA-2020:2755

  • Vulnerable module: libnghttp2
  • Introduced through: libnghttp2@1.33.0-1.el8_0.1
  • Fixed in: 0:1.33.0-3.el8_2.1

Detailed paths

  • Introduced through: centos:centos8.2.2004@* libnghttp2@1.33.0-1.el8_0.1

Overview

Affected versions of this package are vulnerable to RHSA-2020:2755 libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. Security Fix(es): * nghttp2: overly large SETTINGS frames can lead to DoS (CVE-2020-11080) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade libnghttp2 to version or higher.

References

high severity

RHSA-2020:3658

  • Vulnerable module: librepo
  • Introduced through: librepo@1.11.0-2.el8
  • Fixed in: 0:1.11.0-3.el8_2

Detailed paths

  • Introduced through: centos:centos8.2.2004@* librepo@1.11.0-2.el8

Overview

Affected versions of this package are vulnerable to RHSA-2020:3658. The librepo library provides a C and Python API to download repository metadata. Security Fix(es): * librepo: missing path validation in repomd.xml may lead to directory traversal (CVE-2020-14352) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade librepo to version or higher.

References

high severity

RHSA-2020:5476

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.1.1c-15.el8
  • Fixed in: 1:1.1.1g-12.el8_3

Detailed paths

  • Introduced through: centos:centos8.2.2004@* openssl-libs@1:1.1.1c-15.el8

Overview

Affected versions of this package are vulnerable to RHSA-2020:5476. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Reject certificates with explicit EC parameters in strict mode (BZ#1891541) * Add FIPS selftest for HKDF, SSKDF, SSHKDF, and TLS12PRF; add DH_compute_key KAT to DH selftest (BZ#1891542)

Remediation

Upgrade openssl-libs to version or higher.

References

medium severity

RHSA-2020:4500

  • Vulnerable module: bind-export-libs
  • Introduced through: bind-export-libs@32:9.11.13-3.el8
  • Fixed in: 32:9.11.20-5.el8

Detailed paths

  • Introduced through: centos:centos8.2.2004@* bind-export-libs@32:9.11.13-3.el8

Overview

Affected versions of this package are vulnerable to RHSA-2020:4500. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. The following packages have been upgraded to a later upstream version: bind (9.11.20). (BZ#1818785) Security Fix(es): * bind: asterisk character in an empty non-terminal can cause an assertion failure in rbtdb.c (CVE-2020-8619) * bind: truncated TSIG response can lead to an assertion failure (CVE-2020-8622) * bind: remotely triggerable assertion failure in pk11.c (CVE-2020-8623) * bind: incorrect enforcement of update-policy rules of type "subdomain" (CVE-2020-8624) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

Remediation

Upgrade bind-export-libs to version or higher.

References

medium severity

RHSA-2020:4542

  • Vulnerable module: cryptsetup-libs
  • Introduced through: cryptsetup-libs@2.2.2-1.el8
  • Fixed in: 0:2.3.3-2.el8

Detailed paths

  • Introduced through: centos:centos8.2.2004@* cryptsetup-libs@2.2.2-1.el8

Overview

Affected versions of this package are vulnerable to RHSA-2020:4542. The cryptsetup packages provide a utility for setting up disk encryption using the dm-crypt kernel module. The following packages have been upgraded to a later upstream version: cryptsetup (2.3.3). (BZ#1796826) Security Fix(es): * cryptsetup: Out-of-bounds write when validating segments (CVE-2020-14382) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

Remediation

Upgrade cryptsetup-libs to version or higher.

References

medium severity

RHSA-2020:4599

  • Vulnerable module: curl
  • Introduced through: curl@7.61.1-12.el8
  • Fixed in: 0:7.61.1-14.el8

Detailed paths

  • Introduced through: centos:centos8.2.2004@* curl@7.61.1-12.el8

Overview

Affected versions of this package are vulnerable to RHSA-2020:4599. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: Incorrect argument check can allow remote servers to overwrite local files (CVE-2020-8177) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

Remediation

Upgrade curl to version or higher.

References

medium severity

RHSA-2020:4497

  • Vulnerable module: cyrus-sasl-lib
  • Introduced through: cyrus-sasl-lib@2.1.27-1.el8
  • Fixed in: 0:2.1.27-5.el8

Detailed paths

  • Introduced through: centos:centos8.2.2004@* cyrus-sasl-lib@2.1.27-1.el8

Overview

Affected versions of this package are vulnerable to RHSA-2020:4497. The cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer (SASL). SASL is a method for adding authentication support to connection-based protocols. Security Fix(es): * cyrus-sasl: denial of service in _sasl_add_string function (CVE-2019-19906) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

Remediation

Upgrade cyrus-sasl-lib to version or higher.

References

medium severity

RHSA-2020:4484

  • Vulnerable module: expat
  • Introduced through: expat@2.2.5-3.el8
  • Fixed in: 0:2.2.5-4.el8

Detailed paths

  • Introduced through: centos:centos8.2.2004@* expat@2.2.5-3.el8

Overview

Affected versions of this package are vulnerable to RHSA-2020:4484. Expat is a C library for parsing XML documents. Security Fix(es): * expat: large number of colons in input makes parser consume high amount of resources, leading to DoS (CVE-2018-20843) * expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

Remediation

Upgrade expat to version or higher.

References

medium severity

RHSA-2020:4444

  • Vulnerable module: glibc
  • Introduced through: glibc@2.28-101.el8
  • Fixed in: 0:2.28-127.el8

Detailed paths

  • Introduced through: centos:centos8.2.2004@* glibc@2.28-101.el8

Overview

Affected versions of this package are vulnerable to RHSA-2020:4444. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: array overflow in backtrace functions for powerpc (CVE-2020-1751) * glibc: use-after-free in glob() function when expanding ~user (CVE-2020-1752) * glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions (CVE-2020-10029) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

Remediation

Upgrade glibc to version or higher.

References

medium severity

RHSA-2020:4444

  • Vulnerable module: glibc-common
  • Introduced through: glibc-common@2.28-101.el8
  • Fixed in: 0:2.28-127.el8

Detailed paths

  • Introduced through: centos:centos8.2.2004@* glibc-common@2.28-101.el8

Overview

Affected versions of this package are vulnerable to RHSA-2020:4444. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: array overflow in backtrace functions for powerpc (CVE-2020-1751) * glibc: use-after-free in glob() function when expanding ~user (CVE-2020-1752) * glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions (CVE-2020-10029) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

Remediation

Upgrade glibc-common to version or higher.

References

medium severity

RHSA-2020:4444

  • Vulnerable module: glibc-minimal-langpack
  • Introduced through: glibc-minimal-langpack@2.28-101.el8
  • Fixed in: 0:2.28-127.el8

Detailed paths

  • Introduced through: centos:centos8.2.2004@* glibc-minimal-langpack@2.28-101.el8

Overview

Affected versions of this package are vulnerable to RHSA-2020:4444. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: array overflow in backtrace functions for powerpc (CVE-2020-1751) * glibc: use-after-free in glob() function when expanding ~user (CVE-2020-1752) * glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions (CVE-2020-10029) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

Remediation

Upgrade glibc-minimal-langpack to version or higher.

References

medium severity

RHSA-2020:4490

  • Vulnerable module: gnupg2
  • Introduced through: gnupg2@2.2.9-1.el8
  • Fixed in: 0:2.2.20-2.el8

Detailed paths

  • Introduced through: centos:centos8.2.2004@* gnupg2@2.2.9-1.el8

Overview

Affected versions of this package are vulnerable to RHSA-2020:4490. The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. The following packages have been upgraded to a later upstream version: gnupg2 (2.2.20). (BZ#1663944) Security Fix(es): * GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS (CVE-2019-13050) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

Remediation

Upgrade gnupg2 to version or higher.

References

medium severity

RHSA-2020:5483

  • Vulnerable module: gnutls
  • Introduced through: gnutls@3.6.8-10.el8_2
  • Fixed in: 0:3.6.14-7.el8_3

Detailed paths

  • Introduced through: centos:centos8.2.2004@* gnutls@3.6.8-10.el8_2

Overview

Affected versions of this package are vulnerable to RHSA-2020:5483. The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fix(es): * gnutls: Heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * gnutls: Add self-tests for implemented KDF algorithms and CMAC (BZ#1903037)

Remediation

Upgrade gnutls to version or higher.

References

medium severity

RHSA-2020:4443

  • Vulnerable module: libarchive
  • Introduced through: libarchive@3.3.2-8.el8_1
  • Fixed in: 0:3.3.2-9.el8

Detailed paths

  • Introduced through: centos:centos8.2.2004@* libarchive@3.3.2-8.el8_1

Overview

Affected versions of this package are vulnerable to RHSA-2020:4443. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es): * libarchive: out-of-bounds read in archive_wstring_append_from_mbs in archive_string.c (CVE-2019-19221) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

Remediation

Upgrade libarchive to version or higher.

References

medium severity

RHSA-2020:4599

  • Vulnerable module: libcurl-minimal
  • Introduced through: libcurl-minimal@7.61.1-12.el8
  • Fixed in: 0:7.61.1-14.el8

Detailed paths

  • Introduced through: centos:centos8.2.2004@* libcurl-minimal@7.61.1-12.el8

Overview

Affected versions of this package are vulnerable to RHSA-2020:4599. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: Incorrect argument check can allow remote servers to overwrite local files (CVE-2020-8177) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

Remediation

Upgrade libcurl-minimal to version or higher.

References

medium severity

RHSA-2020:4482

  • Vulnerable module: libgcrypt
  • Introduced through: libgcrypt@1.8.3-4.el8
  • Fixed in: 0:1.8.5-4.el8

Detailed paths

  • Introduced through: centos:centos8.2.2004@* libgcrypt@1.8.3-4.el8

Overview

Affected versions of this package are vulnerable to RHSA-2020:4482. The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. The following packages have been upgraded to a later upstream version: libgcrypt (1.8.5). (BZ#1764918) Security Fix(es): * libgcrypt: ECDSA timing attack allowing private key leak (CVE-2019-13627) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

Remediation

Upgrade libgcrypt to version or higher.

References

medium severity

RHSA-2020:4508

  • Vulnerable module: libsolv
  • Introduced through: libsolv@0.7.7-1.el8
  • Fixed in: 0:0.7.11-1.el8

Detailed paths

  • Introduced through: centos:centos8.2.2004@* libsolv@0.7.7-1.el8

Overview

Affected versions of this package are vulnerable to RHSA-2020:4508. The libsolv packages provide a library for resolving package dependencies using a satisfiability algorithm. The following packages have been upgraded to a later upstream version: libsolv (0.7.11). (BZ#1809106) Security Fix(es): * libsolv: out-of-bounds read in repodata_schema2id in repodata.c (CVE-2019-20387) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

Remediation

Upgrade libsolv to version or higher.

References

medium severity

RHSA-2020:4479

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.7-7.el8
  • Fixed in: 0:2.9.7-8.el8

Detailed paths

  • Introduced through: centos:centos8.2.2004@* libxml2@2.9.7-7.el8

Overview

Affected versions of this package are vulnerable to RHSA-2020:4479. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c (CVE-2019-19956) * libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388) * libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

Remediation

Upgrade libxml2 to version or higher.

References

medium severity

RHSA-2020:4539

  • Vulnerable module: pcre2
  • Introduced through: pcre2@10.32-1.el8
  • Fixed in: 0:10.32-2.el8

Detailed paths

  • Introduced through: centos:centos8.2.2004@* pcre2@10.32-1.el8

Overview

Affected versions of this package are vulnerable to RHSA-2020:4539. The pcre2 package contains a new generation of the Perl Compatible Regular Expression libraries for implementing regular expression pattern matching using the same syntax and semantics as Perl. Security Fix(es): * pcre: Out of bounds read in JIT mode when \X is used in non-UTF mode (CVE-2019-20454) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

Remediation

Upgrade pcre2 to version or higher.

References

medium severity

RHSA-2020:4433

  • Vulnerable module: platform-python
  • Introduced through: platform-python@3.6.8-23.el8
  • Fixed in: 0:3.6.8-31.el8

Detailed paths

  • Introduced through: centos:centos8.2.2004@* platform-python@3.6.8-23.el8

Overview

Affected versions of this package are vulnerable to RHSA-2020:4433. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: XSS vulnerability in the documentation XML-RPC server in server_title field (CVE-2019-16935) * python: infinite loop in the tarfile module via crafted TAR archive (CVE-2019-20907) * python: wrong backtracking in urllib.request.AbstractBasicAuthHandler allows for a ReDoS (CVE-2020-8492) * python: DoS via inefficiency in IPv{4,6}Interface classes (CVE-2020-14422) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

Remediation

Upgrade platform-python to version or higher.

References

medium severity

RHSA-2020:4433

  • Vulnerable module: python3-libs
  • Introduced through: python3-libs@3.6.8-23.el8
  • Fixed in: 0:3.6.8-31.el8

Detailed paths

  • Introduced through: centos:centos8.2.2004@* python3-libs@3.6.8-23.el8

Overview

Affected versions of this package are vulnerable to RHSA-2020:4433. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: XSS vulnerability in the documentation XML-RPC server in server_title field (CVE-2019-16935) * python: infinite loop in the tarfile module via crafted TAR archive (CVE-2019-20907) * python: wrong backtracking in urllib.request.AbstractBasicAuthHandler allows for a ReDoS (CVE-2020-8492) * python: DoS via inefficiency in IPv{4,6}Interface classes (CVE-2020-14422) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

Remediation

Upgrade python3-libs to version or higher.

References

medium severity

RHSA-2020:4432

  • Vulnerable module: python3-pip-wheel
  • Introduced through: python3-pip-wheel@9.0.3-16.el8
  • Fixed in: 0:9.0.3-18.el8

Detailed paths

  • Introduced through: centos:centos8.2.2004@* python3-pip-wheel@9.0.3-16.el8

Overview

Affected versions of this package are vulnerable to RHSA-2020:4432 pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index (PyPI). pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Security Fix(es): * python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py (CVE-2019-20916) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

Remediation

Upgrade python3-pip-wheel to version or higher.

References

medium severity

RHSA-2020:4442

  • Vulnerable module: sqlite-libs
  • Introduced through: sqlite-libs@3.26.0-6.el8
  • Fixed in: 0:3.26.0-11.el8

Detailed paths

  • Introduced through: centos:centos8.2.2004@* sqlite-libs@3.26.0-6.el8

Overview

Affected versions of this package are vulnerable to RHSA-2020:4442. SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. Security Fix(es): * sqlite: Use-after-free in window function leading to remote code execution (CVE-2019-5018) * sqlite: Division by zero in whereLoopAddBtreeIndex in sqlite3.c (CVE-2019-16168) * sqlite: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (CVE-2019-20218) * sqlite: Out-of-bounds read in SELECT with ON/USING clause (CVE-2020-6405) * sqlite: NULL pointer dereference and segmentation fault because of generated column optimizations (CVE-2020-9327) * sqlite: Use-after-free in fts3EvalNextRow in ext/fts3/fts3.c (CVE-2020-13630) * sqlite: Virtual table can be renamed into the name of one of its shadow tables (CVE-2020-13631) * sqlite: NULL pointer dereference in ext/fts3/fts3_snippet.c via a crafted matchinfo() query (CVE-2020-13632) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

Remediation

Upgrade sqlite-libs to version or higher.

References

medium severity

RHSA-2020:4453

  • Vulnerable module: vim-minimal
  • Introduced through: vim-minimal@2:8.0.1763-13.el8
  • Fixed in: 2:8.0.1763-15.el8

Detailed paths

  • Introduced through: centos:centos8.2.2004@* vim-minimal@2:8.0.1763-13.el8

Overview

Affected versions of this package are vulnerable to RHSA-2020:4453. Vim (Vi IMproved) is an updated and improved version of the vi editor. Security Fix(es): * vim: users can execute arbitrary OS commands via scripting interfaces in the rvim restricted mode (CVE-2019-20807) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

Remediation

Upgrade vim-minimal to version or higher.

References

low severity

RHSA-2020:4465

  • Vulnerable module: binutils
  • Introduced through: binutils@2.30-73.el8
  • Fixed in: 0:2.30-79.el8

Detailed paths

  • Introduced through: centos:centos8.2.2004@* binutils@2.30-73.el8

Overview

Affected versions of this package are vulnerable to RHSA-2020:4465. The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fix(es): * binutils: denial of service via crafted ELF file (CVE-2019-17450) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

Remediation

Upgrade binutils to version or higher.

References

low severity

RHSA-2020:4547

  • Vulnerable module: libpcap
  • Introduced through: libpcap@14:1.9.0-3.el8
  • Fixed in: 14:1.9.1-4.el8

Detailed paths

  • Introduced through: centos:centos8.2.2004@* libpcap@14:1.9.0-3.el8

Overview

Affected versions of this package are vulnerable to RHSA-2020:4547. The libpcap packages provide a portable framework for low-level network monitoring. The libpcap library provides network statistics collection, security monitoring, and network debugging. The following packages have been upgraded to a later upstream version: libpcap (1.9.1). (BZ#1806422) Security Fix(es): * libpcap: Resource exhaustion during PHB header length validation (CVE-2019-15165) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

Remediation

Upgrade libpcap to version or higher.

References

low severity

RHSA-2020:4514

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.1.1c-15.el8
  • Fixed in: 1:1.1.1g-11.el8

Detailed paths

  • Introduced through: centos:centos8.2.2004@* openssl-libs@1:1.1.1c-15.el8

Overview

Affected versions of this package are vulnerable to RHSA-2020:4514. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. The following packages have been upgraded to a later upstream version: openssl (1.1.1g). (BZ#1817593) Security Fix(es): * openssl: Integer overflow in RSAZ modular exponentiation on x86_64 (CVE-2019-1551) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

Remediation

Upgrade openssl-libs to version or higher.

References

low severity

RHSA-2020:4553

  • Vulnerable module: systemd
  • Introduced through: systemd@239-30.el8_2
  • Fixed in: 0:239-40.el8

Detailed paths

  • Introduced through: centos:centos8.2.2004@* systemd@239-30.el8_2

Overview

Affected versions of this package are vulnerable to RHSA-2020:4553. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * systemd: memory leak in button_open() in login/logind-button.c when udev events are received (CVE-2019-20386) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

Remediation

Upgrade systemd to version or higher.

References

low severity

RHSA-2020:4553

  • Vulnerable module: systemd-libs
  • Introduced through: systemd-libs@239-30.el8_2
  • Fixed in: 0:239-40.el8

Detailed paths

  • Introduced through: centos:centos8.2.2004@* systemd-libs@239-30.el8_2

Overview

Affected versions of this package are vulnerable to RHSA-2020:4553. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * systemd: memory leak in button_open() in login/logind-button.c when udev events are received (CVE-2019-20386) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

Remediation

Upgrade systemd-libs to version or higher.

References

low severity

RHSA-2020:4553

  • Vulnerable module: systemd-pam
  • Introduced through: systemd-pam@239-30.el8_2
  • Fixed in: 0:239-40.el8

Detailed paths

  • Introduced through: centos:centos8.2.2004@* systemd-pam@239-30.el8_2

Overview

Affected versions of this package are vulnerable to RHSA-2020:4553. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * systemd: memory leak in button_open() in login/logind-button.c when udev events are received (CVE-2019-20386) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

Remediation

Upgrade systemd-pam to version or higher.

References

low severity

RHSA-2020:4553

  • Vulnerable module: systemd-udev
  • Introduced through: systemd-udev@239-30.el8_2
  • Fixed in: 0:239-40.el8

Detailed paths

  • Introduced through: centos:centos8.2.2004@* systemd-udev@239-30.el8_2

Overview

Affected versions of this package are vulnerable to RHSA-2020:4553. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * systemd: memory leak in button_open() in login/logind-button.c when udev events are received (CVE-2019-20386) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

Remediation

Upgrade systemd-udev to version or higher.

References