Page tree
Skip to end of metadata
Go to start of metadata

This page shows the package changes from 4.1 to 4.2. Some updates were made for security reasons or to resolve CVEs.

CVEs and the new package and RPM that resolves each

CVE

New RPM

PKG

DESCRIPTION

CVE-2019-19126

glibc-2.17-323.el7_9.x86_64

glibc

On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.

CVE-2019-19126

glibc-common-2.17-323.el7_9.x86_64

glibc-common

On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.

CVE-2019-25013

glibc-2.17-323.el7_9.x86_64

glibc

The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.

CVE-2019-25013

glibc-common-2.17-323.el7_9.x86_64

glibc-common

The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.

CVE-2020-29573

glibc-2.17-323.el7_9.x86_64

glibc

sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference.

CVE-2020-29573

glibc-common-2.17-323.el7_9.x86_64

glibc-common

sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference.

CVE-2020-10029

glibc-2.17-323.el7_9.x86_64

glibc

The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.

CVE-2020-10029

glibc-common-2.17-323.el7_9.x86_64

glibc-common

The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.

CVE-2020-25643

kernel-3.10.0-1160.21.1.el7.x86_64

kernel

A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2020-25643

kernel-devel-3.10.0-1160.21.1.el7.x86_64

kernel-devel

A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2020-25643

kernel-tools-3.10.0-1160.21.1.el7.x86_64

kernel-tools

A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2020-25643

kernel-tools-libs-3.10.0-1160.21.1.el7.x86_64

kernel-tools-libs

A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2020-25643

perf-3.10.0-1160.21.1.el7.x86_64

perf

A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2020-25705

kernel-3.10.0-1160.21.1.el7.x86_64

kernel

A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Kernel versions before 5.10 may be vulnerable to this issue.

CVE-2020-25705

kernel-devel-3.10.0-1160.21.1.el7.x86_64

kernel-devel

A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Kernel versions before 5.10 may be vulnerable to this issue.

CVE-2020-25705

kernel-tools-3.10.0-1160.21.1.el7.x86_64

kernel-tools

A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Kernel versions before 5.10 may be vulnerable to this issue.

CVE-2020-25705

kernel-tools-libs-3.10.0-1160.21.1.el7.x86_64

kernel-tools-libs

A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Kernel versions before 5.10 may be vulnerable to this issue.

CVE-2020-25705

perf-3.10.0-1160.21.1.el7.x86_64

perf

A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Kernel versions before 5.10 may be vulnerable to this issue.

CVE-2020-28374

kernel-3.10.0-1160.21.1.el7.x86_64

kernel

In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.

CVE-2020-28374

kernel-devel-3.10.0-1160.21.1.el7.x86_64

kernel-devel

In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.

CVE-2020-28374

kernel-tools-3.10.0-1160.21.1.el7.x86_64

kernel-tools

In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.

CVE-2020-28374

kernel-tools-libs-3.10.0-1160.21.1.el7.x86_64

kernel-tools-libs

In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.

CVE-2020-28374

perf-3.10.0-1160.21.1.el7.x86_64

perf

In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.

CVE-2020-29661

kernel-3.10.0-1160.21.1.el7.x86_64

kernel

A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.

CVE-2020-29661

kernel-devel-3.10.0-1160.21.1.el7.x86_64

kernel-devel

A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.

CVE-2020-29661

kernel-tools-3.10.0-1160.21.1.el7.x86_64

kernel-tools

A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.

CVE-2020-29661

kernel-tools-libs-3.10.0-1160.21.1.el7.x86_64

kernel-tools-libs

A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.

CVE-2020-29661

perf-3.10.0-1160.21.1.el7.x86_64

perf

A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.

CVE-2020-14314

kernel-3.10.0-1160.21.1.el7.x86_64

kernel

A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.

CVE-2020-14314

kernel-devel-3.10.0-1160.21.1.el7.x86_64

kernel-devel

A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.

CVE-2020-14314

kernel-tools-3.10.0-1160.21.1.el7.x86_64

kernel-tools

A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.

CVE-2020-14314

kernel-tools-libs-3.10.0-1160.21.1.el7.x86_64

kernel-tools-libs

A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.

CVE-2020-14314

perf-3.10.0-1160.21.1.el7.x86_64

perf

A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.

CVE-2020-25211

kernel-3.10.0-1160.21.1.el7.x86_64

kernel

In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.

CVE-2020-25211

kernel-devel-3.10.0-1160.21.1.el7.x86_64

kernel-devel

In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.

CVE-2020-25211

kernel-tools-3.10.0-1160.21.1.el7.x86_64

kernel-tools

In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.

CVE-2020-25211

kernel-tools-libs-3.10.0-1160.21.1.el7.x86_64

kernel-tools-libs

In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.

CVE-2020-25211

perf-3.10.0-1160.21.1.el7.x86_64

perf

In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.

CVE-2020-15436

kernel-3.10.0-1160.21.1.el7.x86_64

kernel

Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.

CVE-2020-15436

kernel-devel-3.10.0-1160.21.1.el7.x86_64

kernel-devel

Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.

CVE-2020-15436

kernel-tools-3.10.0-1160.21.1.el7.x86_64

kernel-tools

Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.

CVE-2020-15436

kernel-tools-libs-3.10.0-1160.21.1.el7.x86_64

kernel-tools-libs

Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.

CVE-2020-15436

perf-3.10.0-1160.21.1.el7.x86_64

perf

Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.

CVE-2020-25645

kernel-3.10.0-1160.21.1.el7.x86_64

kernel

A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.

CVE-2020-25645

kernel-devel-3.10.0-1160.21.1.el7.x86_64

kernel-devel

A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.

CVE-2020-25645

kernel-tools-3.10.0-1160.21.1.el7.x86_64

kernel-tools

A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.

CVE-2020-25645

kernel-tools-libs-3.10.0-1160.21.1.el7.x86_64

kernel-tools-libs

A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.

CVE-2020-25645

perf-3.10.0-1160.21.1.el7.x86_64

perf

A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.

CVE-2020-14351

kernel-3.10.0-1160.21.1.el7.x86_64

kernel

A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2020-14351

kernel-devel-3.10.0-1160.21.1.el7.x86_64

kernel-devel

A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2020-14351

kernel-tools-3.10.0-1160.21.1.el7.x86_64

kernel-tools

A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2020-14351

kernel-tools-libs-3.10.0-1160.21.1.el7.x86_64

kernel-tools-libs

A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2020-14351

perf-3.10.0-1160.21.1.el7.x86_64

perf

A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2020-7053

kernel-3.10.0-1160.21.1.el7.x86_64

kernel

In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c.

CVE-2020-7053

kernel-devel-3.10.0-1160.21.1.el7.x86_64

kernel-devel

In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c.

CVE-2020-7053

kernel-tools-3.10.0-1160.21.1.el7.x86_64

kernel-tools

In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c.

CVE-2020-7053

kernel-tools-libs-3.10.0-1160.21.1.el7.x86_64

kernel-tools-libs

In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c.

CVE-2020-7053

perf-3.10.0-1160.21.1.el7.x86_64

perf

In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c.

CVE-2020-10769

kernel-3.10.0-1160.21.1.el7.x86_64

kernel

A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service.

CVE-2020-10769

kernel-devel-3.10.0-1160.21.1.el7.x86_64

kernel-devel

A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service.

CVE-2020-10769

kernel-tools-3.10.0-1160.21.1.el7.x86_64

kernel-tools

A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service.

CVE-2020-10769

kernel-tools-libs-3.10.0-1160.21.1.el7.x86_64

kernel-tools-libs

A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service.

CVE-2020-10769

perf-3.10.0-1160.21.1.el7.x86_64

perf

A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service.

CVE-2019-18282

kernel-3.10.0-1160.21.1.el7.x86_64

kernel

The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code.

CVE-2019-18282

kernel-devel-3.10.0-1160.21.1.el7.x86_64

kernel-devel

The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code.

CVE-2019-18282

kernel-tools-3.10.0-1160.21.1.el7.x86_64

kernel-tools

The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code.

CVE-2019-18282

kernel-tools-libs-3.10.0-1160.21.1.el7.x86_64

kernel-tools-libs

The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code.

CVE-2019-18282

perf-3.10.0-1160.21.1.el7.x86_64

perf

The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code.

CVE-2020-25656

kernel-3.10.0-1160.21.1.el7.x86_64

kernel

A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.

CVE-2020-25656

kernel-devel-3.10.0-1160.21.1.el7.x86_64

kernel-devel

A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.

CVE-2020-25656

kernel-tools-3.10.0-1160.21.1.el7.x86_64

kernel-tools

A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.

CVE-2020-25656

kernel-tools-libs-3.10.0-1160.21.1.el7.x86_64

kernel-tools-libs

A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.

CVE-2020-25656

perf-3.10.0-1160.21.1.el7.x86_64

perf

A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.

CVE-2019-19532

kernel-3.10.0-1160.21.1.el7.x86_64

kernel

In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c.

CVE-2019-19532

kernel-devel-3.10.0-1160.21.1.el7.x86_64

kernel-devel

In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c.

CVE-2019-19532

kernel-tools-3.10.0-1160.21.1.el7.x86_64

kernel-tools

In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c.

CVE-2019-19532

kernel-tools-libs-3.10.0-1160.21.1.el7.x86_64

kernel-tools-libs

In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c.

CVE-2019-19532

perf-3.10.0-1160.21.1.el7.x86_64

perf

In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c.

CVE-2020-14385

kernel-3.10.0-1160.21.1.el7.x86_64

kernel

A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.

CVE-2020-14385

kernel-devel-3.10.0-1160.21.1.el7.x86_64

kernel-devel

A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.

CVE-2020-14385

kernel-tools-3.10.0-1160.21.1.el7.x86_64

kernel-tools

A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.

CVE-2020-14385

kernel-tools-libs-3.10.0-1160.21.1.el7.x86_64

kernel-tools-libs

A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.

CVE-2020-14385

perf-3.10.0-1160.21.1.el7.x86_64

perf

A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.

CVE-2020-25212

kernel-3.10.0-1160.21.1.el7.x86_64

kernel

A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.

CVE-2020-25212

kernel-devel-3.10.0-1160.21.1.el7.x86_64

kernel-devel

A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.

CVE-2020-25212

kernel-tools-3.10.0-1160.21.1.el7.x86_64

kernel-tools

A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.

CVE-2020-25212

kernel-tools-libs-3.10.0-1160.21.1.el7.x86_64

kernel-tools-libs

A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.

CVE-2020-25212

perf-3.10.0-1160.21.1.el7.x86_64

perf

A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.

CVE-2020-0427

kernel-3.10.0-1160.21.1.el7.x86_64

kernel

In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171

CVE-2020-0427

kernel-devel-3.10.0-1160.21.1.el7.x86_64

kernel-devel

In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171

CVE-2020-0427

kernel-tools-3.10.0-1160.21.1.el7.x86_64

kernel-tools

In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171

CVE-2020-0427

kernel-tools-libs-3.10.0-1160.21.1.el7.x86_64

kernel-tools-libs

In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171

CVE-2020-0427

perf-3.10.0-1160.21.1.el7.x86_64

perf

In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171

CVE-2020-24394

kernel-3.10.0-1160.21.1.el7.x86_64

kernel

In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.

CVE-2020-24394

kernel-devel-3.10.0-1160.21.1.el7.x86_64

kernel-devel

In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.

CVE-2020-24394

kernel-tools-3.10.0-1160.21.1.el7.x86_64

kernel-tools

In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.

CVE-2020-24394

kernel-tools-libs-3.10.0-1160.21.1.el7.x86_64

kernel-tools-libs

In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.

CVE-2020-24394

perf-3.10.0-1160.21.1.el7.x86_64

perf

In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.

CVE-2020-14318

libwbclient-4.10.16-9.el7_9.x86_64

libwbclient

A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.

CVE-2020-14318

samba-4.10.16-9.el7_9.x86_64

samba

A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.

CVE-2020-14318

samba-client-libs-4.10.16-9.el7_9.x86_64

samba-client-libs

A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.

CVE-2020-14318

samba-common-4.10.16-9.el7_9.noarch

samba-common

A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.

CVE-2020-14318

samba-common-libs-4.10.16-9.el7_9.x86_64

samba-common-libs

A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.

CVE-2020-14318

samba-common-tools-4.10.16-9.el7_9.x86_64

samba-common-tools

A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.

CVE-2020-14318

samba-libs-4.10.16-9.el7_9.x86_64

samba-libs

A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.

CVE-2020-14318

samba-winbind-4.10.16-9.el7_9.x86_64

samba-winbind

A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.

CVE-2020-14318

samba-winbind-clients-4.10.16-9.el7_9.x86_64

samba-winbind-clients

A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.

CVE-2020-14318

samba-winbind-modules-4.10.16-9.el7_9.x86_64

samba-winbind-modules

A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.

CVE-2019-10197

libwbclient-4.10.16-9.el7_9.x86_64

libwbclient

A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.

CVE-2019-10197

samba-4.10.16-9.el7_9.x86_64

samba

A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.

CVE-2019-10197

samba-client-libs-4.10.16-9.el7_9.x86_64

samba-client-libs

A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.

CVE-2019-10197

samba-common-4.10.16-9.el7_9.noarch

samba-common

A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.

CVE-2019-10197

samba-common-libs-4.10.16-9.el7_9.x86_64

samba-common-libs

A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.

CVE-2019-10197

samba-common-tools-4.10.16-9.el7_9.x86_64

samba-common-tools

A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.

CVE-2019-10197

samba-libs-4.10.16-9.el7_9.x86_64

samba-libs

A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.

CVE-2019-10197

samba-winbind-4.10.16-9.el7_9.x86_64

samba-winbind

A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.

CVE-2019-10197

samba-winbind-clients-4.10.16-9.el7_9.x86_64

samba-winbind-clients

A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.

CVE-2019-10197

samba-winbind-modules-4.10.16-9.el7_9.x86_64

samba-winbind-modules

A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.

CVE-2019-10218

libwbclient-4.10.16-9.el7_9.x86_64

libwbclient

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.

CVE-2019-10218

samba-4.10.16-9.el7_9.x86_64

samba

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.

CVE-2019-10218

samba-client-libs-4.10.16-9.el7_9.x86_64

samba-client-libs

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.

CVE-2019-10218

samba-common-4.10.16-9.el7_9.noarch

samba-common

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.

CVE-2019-10218

samba-common-libs-4.10.16-9.el7_9.x86_64

samba-common-libs

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.

CVE-2019-10218

samba-common-tools-4.10.16-9.el7_9.x86_64

samba-common-tools

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.

CVE-2019-10218

samba-libs-4.10.16-9.el7_9.x86_64

samba-libs

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.

CVE-2019-10218

samba-winbind-4.10.16-9.el7_9.x86_64

samba-winbind

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.

CVE-2019-10218

samba-winbind-clients-4.10.16-9.el7_9.x86_64

samba-winbind-clients

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.

CVE-2019-10218

samba-winbind-modules-4.10.16-9.el7_9.x86_64

samba-winbind-modules

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.

CVE-2020-1472

libwbclient-4.10.16-9.el7_9.x86_64

libwbclient

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.

CVE-2020-1472

samba-4.10.16-9.el7_9.x86_64

samba

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.

CVE-2020-1472

samba-client-libs-4.10.16-9.el7_9.x86_64

samba-client-libs

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.

CVE-2020-1472

samba-common-4.10.16-9.el7_9.noarch

samba-common

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.

CVE-2020-1472

samba-common-libs-4.10.16-9.el7_9.x86_64

samba-common-libs

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.

CVE-2020-1472

samba-common-tools-4.10.16-9.el7_9.x86_64

samba-common-tools

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.

CVE-2020-1472

samba-libs-4.10.16-9.el7_9.x86_64

samba-libs

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.

CVE-2020-1472

samba-winbind-4.10.16-9.el7_9.x86_64

samba-winbind

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.

CVE-2020-1472

samba-winbind-clients-4.10.16-9.el7_9.x86_64

samba-winbind-clients

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.

CVE-2020-1472

samba-winbind-modules-4.10.16-9.el7_9.x86_64

samba-winbind-modules

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.

CVE-2020-14323

libwbclient-4.10.16-9.el7_9.x86_64

libwbclient

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.

CVE-2020-14323

samba-4.10.16-9.el7_9.x86_64

samba

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.

CVE-2020-14323

samba-client-libs-4.10.16-9.el7_9.x86_64

samba-client-libs

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.

CVE-2020-14323

samba-common-4.10.16-9.el7_9.noarch

samba-common

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.

CVE-2020-14323

samba-common-libs-4.10.16-9.el7_9.x86_64

samba-common-libs

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.

CVE-2020-14323

samba-common-tools-4.10.16-9.el7_9.x86_64

samba-common-tools

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.

CVE-2020-14323

samba-libs-4.10.16-9.el7_9.x86_64

samba-libs

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.

CVE-2020-14323

samba-winbind-4.10.16-9.el7_9.x86_64

samba-winbind

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.

CVE-2020-14323

samba-winbind-clients-4.10.16-9.el7_9.x86_64

samba-winbind-clients

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.

CVE-2020-14323

samba-winbind-modules-4.10.16-9.el7_9.x86_64

samba-winbind-modules

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.

CVE-2019-14907

libwbclient-4.10.16-9.el7_9.x86_64

libwbclient

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

CVE-2019-14907

samba-4.10.16-9.el7_9.x86_64

samba

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

CVE-2019-14907

samba-client-libs-4.10.16-9.el7_9.x86_64

samba-client-libs

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

CVE-2019-14907

samba-common-4.10.16-9.el7_9.noarch

samba-common

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

CVE-2019-14907

samba-common-libs-4.10.16-9.el7_9.x86_64

samba-common-libs

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

CVE-2019-14907

samba-common-tools-4.10.16-9.el7_9.x86_64

samba-common-tools

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

CVE-2019-14907

samba-libs-4.10.16-9.el7_9.x86_64

samba-libs

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

CVE-2019-14907

samba-winbind-4.10.16-9.el7_9.x86_64

samba-winbind

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

CVE-2019-14907

samba-winbind-clients-4.10.16-9.el7_9.x86_64

samba-winbind-clients

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

CVE-2019-14907

samba-winbind-modules-4.10.16-9.el7_9.x86_64

samba-winbind-modules

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

CVE-2020-15862

net-snmp-5.7.2-49.el7_9.1.x86_64

net-snmp

Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.

CVE-2020-15862

net-snmp-agent-libs-5.7.2-49.el7_9.1.x86_64

net-snmp-agent-libs

Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.

CVE-2020-15862

net-snmp-libs-5.7.2-49.el7_9.1.x86_64

net-snmp-libs

Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.

CVE-2020-15862

net-snmp-perl-5.7.2-49.el7_9.1.x86_64

net-snmp-perl

Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.

CVE-2020-15862

net-snmp-utils-5.7.2-49.el7_9.1.x86_64

net-snmp-utils

Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.

CVE-2018-18066

net-snmp-5.7.2-49.el7_9.1.x86_64

net-snmp

snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

CVE-2018-18066

net-snmp-agent-libs-5.7.2-49.el7_9.1.x86_64

net-snmp-agent-libs

snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

CVE-2018-18066

net-snmp-libs-5.7.2-49.el7_9.1.x86_64

net-snmp-libs

snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

CVE-2018-18066

net-snmp-perl-5.7.2-49.el7_9.1.x86_64

net-snmp-perl

snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

CVE-2018-18066

net-snmp-utils-5.7.2-49.el7_9.1.x86_64

net-snmp-utils

snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

cve-2020-1971

openssl-1.0.2k-21.el7_9.x86_64

openssl

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).

cve-2020-1971

openssl-libs-1.0.2k-21.el7_9.x86_64

openssl-libs

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).

CVE-2020-1971

openssl-1.0.2k-21.el7_9.x86_64

openssl

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).

CVE-2020-1971

openssl-libs-1.0.2k-21.el7_9.x86_64

openssl-libs

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).

CVE-2020-12723

perl-5.16.3-299.el7_9.x86_64

perl

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

CVE-2020-12723

perl-Pod-Escapes-1.04-299.el7_9.noarch

perl-Pod-Escapes

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

CVE-2020-12723

perl-libs-5.16.3-299.el7_9.x86_64

perl-libs

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

CVE-2020-12723

perl-macros-5.16.3-299.el7_9.x86_64

perl-macros

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

CVE-2020-10878

perl-5.16.3-299.el7_9.x86_64

perl

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkindOP(n) == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

CVE-2020-10878

perl-Pod-Escapes-1.04-299.el7_9.noarch

perl-Pod-Escapes

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkindOP(n) == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

CVE-2020-10878

perl-libs-5.16.3-299.el7_9.x86_64

perl-libs

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkindOP(n) == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

CVE-2020-10878

perl-macros-5.16.3-299.el7_9.x86_64

perl-macros

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkindOP(n) == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

CVE-2020-10543

perl-5.16.3-299.el7_9.x86_64

perl

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

CVE-2020-10543

perl-Pod-Escapes-1.04-299.el7_9.noarch

perl-Pod-Escapes

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

CVE-2020-10543

perl-libs-5.16.3-299.el7_9.x86_64

perl-libs

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

CVE-2020-10543

perl-macros-5.16.3-299.el7_9.x86_64

perl-macros

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

CVE-2021-3156

sudo-1.8.23-10.el7_9.1.x86_64

sudo

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

Packages Updated for Security Reasons

Old Package

NewPackage for CVE

glibc-2.17-292.el7.x86_64

glibc-2.17-323.el7_9.x86_64

glibc-common-2.17-292.el7.x86_64

glibc-common-2.17-323.el7_9.x86_64

kernel-3.10.0-1160.6.1.el7.x86_64

kernel-3.10.0-1160.21.1.el7.x86_64

kernel-devel-3.10.0-1160.6.1.el7.x86_64

kernel-devel-3.10.0-1160.21.1.el7.x86_64

kernel-tools-3.10.0-1160.6.1.el7.x86_64

kernel-headers-3.10.0-1160.21.1.el7.x86_64

kernel-tools-libs-3.10.0-1160.6.1.el7.x86_64

kernel-tools-3.10.0-1160.21.1.el7.x86_64

libldb-1.4.2-1.el7.x86_64

libldb-1.5.4-1.el7.x86_64

libtalloc-2.1.14-1.el7.x86_64

libtalloc-2.1.16-1.el7.x86_64

libtdb-1.3.16-1.el7.x86_64

libtdb-1.3.18-1.el7.x86_64

libtevent-0.9.37-1.el7.x86_64

libtevent-0.9.39-1.el7.x86_64

libwbclient-4.9.1-6.el7.x86_64

libwbclient-4.10.16-9.el7_9.x86_64

net-snmp-5.7.2-43.el7.x86_64

net-snmp-5.7.2-49.el7_9.1.x86_64

net-snmp-agent-libs-5.7.2-43.el7.x86_64

net-snmp-agent-libs-5.7.2-49.el7_9.1.x86_64

net-snmp-libs-5.7.2-43.el7.x86_64

net-snmp-libs-5.7.2-49.el7_9.1.x86_64

net-snmp-perl-5.7.2-43.el7.x86_64

net-snmp-perl-5.7.2-49.el7_9.1.x86_64

net-snmp-utils-5.7.2-43.el7.x86_64

net-snmp-utils-5.7.2-49.el7_9.1.x86_64

openssl-1.0.2k-19.el7.x86_64

openssl-devel-1.0.2k-21.el7_9.x86_64

openssl-libs-1.0.2k-19.el7.x86_64

openssl-libs-1.0.2k-21.el7_9.x86_64

perf-3.10.0-1160.6.1.el7.x86_64

perf-3.10.0-1160.21.1.el7.x86_64

perl-5.16.3-294.el7_6.x86_64

perl-5.16.3-299.el7_9.x86_64

perl-Pod-Escapes-1.04-294.el7_6.noarch

perl-Pod-Escapes-1.04-299.el7_9.noarch

perl-libs-5.16.3-294.el7_6.x86_64

perl-libs-5.16.3-299.el7_9.x86_64

perl-macros-5.16.3-294.el7_6.x86_64

perl-macros-5.16.3-299.el7_9.x86_64

pytalloc-2.1.14-1.el7.x86_64

pytalloc-2.1.16-1.el7.x86_64

rpm-4.11.3-40.el7.x86_64

rpm-4.11.3-45.el7.x86_64

rpm-build-libs-4.11.3-40.el7.x86_64

rpm-build-libs-4.11.3-45.el7.x86_64

rpm-libs-4.11.3-40.el7.x86_64

rpm-libs-4.11.3-45.el7.x86_64

rpm-python-4.11.3-40.el7.x86_64

rpm-python-4.11.3-45.el7.x86_64

samba-4.9.1-6.el7.x86_64

samba-4.10.16-9.el7_9.x86_64

samba-client-libs-4.9.1-6.el7.x86_64

samba-client-libs-4.10.16-9.el7_9.x86_64

samba-common-4.9.1-6.el7.noarch

samba-common-4.10.16-9.el7_9.noarch

samba-common-libs-4.9.1-6.el7.x86_64

samba-common-libs-4.10.16-9.el7_9.x86_64

samba-common-tools-4.9.1-6.el7.x86_64

samba-common-tools-4.10.16-9.el7_9.x86_64

samba-libs-4.9.1-6.el7.x86_64

samba-libs-4.10.16-9.el7_9.x86_64

samba-winbind-4.9.1-6.el7.x86_64

samba-winbind-4.10.16-9.el7_9.x86_64

samba-winbind-clients-4.9.1-6.el7.x86_64

samba-winbind-clients-4.10.16-9.el7_9.x86_64

samba-winbind-modules-4.9.1-6.el7.x86_64

samba-winbind-modules-4.10.16-9.el7_9.x86_64

sudo-1.8.23-9.el7.x86_64

sudo-1.8.23-10.el7_9.1.x86_64

zlib-1.2.7-18.el7.x86_64

zlib-1.2.7-19.el7_9.x86_64



Packages Updated NOT for Security Reasons

Old Package

New Package NOT for CVE

esi-release-4.1.0.0-33786.5469.x86_64

esi-release-4.2.0.0-34499.5800.x86_64

logbase-ui-4.1.0.0-20201216205957.x86_64

logbase-ui-4.2.0.0-20210402201006.x86_64

lumeta-api-4.1.0.0-33784.x86_64

lumeta-api-4.2.0.0-34492.x86_64

lumeta-api-client-4.1.0.0-31980.x86_64

lumeta-api-client-4.2.0.0-34486.x86_64

lumeta-console-4.1.0.0-33433.x86_64

lumeta-console-4.2.0.0-34482.x86_64

lumeta-diagnostics-4.1.0.0-33556.x86_64

lumeta-diagnostics-4.2.0.0-34468.x86_64

lumeta-discovery-agent-4.1.0.0-33421.x86_64

lumeta-discovery-agent-4.2.0.0-34486.x86_64

lumeta-dxl-4.1.0.0-33714.x86_64

lumeta-dxl-4.2.0.0-33714.x86_64

lumeta-install-4.1.0.0-33668.x86_64

lumeta-install-4.2.0.0-34472.x86_64

lumeta-ireg-4.1.0.0-6550.x86_64

lumeta-ireg-4.2.0.0-6550.x86_64

lumeta-lib-4.1.0.0-32781.x86_64

lumeta-lib-4.2.0.0-34482.x86_64

lumeta-ui-4.1.0.0-33603.x86_64

lumeta-ui-4.2.0.0-34371.x86_64

lumeta-warehouse-4.1.0.0-33769.x86_64

lumeta-warehouse-4.2.0.0-34480.x86_64

lumeta-webapp-4.1.0.0-33552.x86_64

lumeta-webapp-4.2.0.0-34490.x86_64

New Packages

None

Removed Packages

None

  • No labels