Sign-up

ID

VAR-202004-1137


CVE

CVE-2020-2830


TITLE

Ubuntu Security Notice USN-4337-1

Trust: 0.1

sources: PACKETSTORM: 157363

DESCRIPTION

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2754, CVE-2020-2755). ========================================================================== Ubuntu Security Notice USN-4337-1 April 22, 2020 openjdk-8, openjdk-lts vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in OpenJDK. Software Description: - openjdk-8: Open Source Java implementation - openjdk-lts: Open Source Java implementation Details: It was discovered that OpenJDK incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service while processing a specially crafted regular expression. (CVE-2020-2754, CVE-2020-2755) It was discovered that OpenJDK incorrectly handled class descriptors and catching exceptions during object stream deserialization. An attacker could possibly use this issue to cause a denial of service while processing a specially crafted serialized input. (CVE-2020-2756, CVE-2020-2757) Bengt Jonsson, Juraj Somorovsky, Kostis Sagonas, Paul Fiterau Brostean and Robert Merget discovered that OpenJDK incorrectly handled certificate messages during TLS handshake. An attacker could possibly use this issue to bypass certificate verification and insert, edit or obtain sensitive information. This issue only affected OpenJDK 11. (CVE-2020-2767) It was discovered that OpenJDK incorrectly handled exceptions thrown by unmarshalKeyInfo() and unmarshalXMLSignature(). An attacker could possibly use this issue to cause a denial of service while reading key info or XML signature data from XML input. (CVE-2020-2773) Peter Dettman discovered that OpenJDK incorrectly handled SSLParameters in setAlgorithmConstraints(). An attacker could possibly use this issue to override the defined systems security policy and lead to the use of weak crypto algorithms that should be disabled. This issue only affected OpenJDK 11. (CVE-2020-2778) Simone Bordet discovered that OpenJDK incorrectly re-used single null TLS sessions for new TLS connections. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2020-2781) Dan Amodio discovered that OpenJDK did not restrict the use of CR and LF characters in values for HTTP headers. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2020-2800) Nils Emmerich discovered that OpenJDK incorrectly checked boundaries or argument types. An attacker could possibly use this issue to bypass sandbox restrictions causing unspecified impact. (CVE-2020-2803, CVE-2020-2805) It was discovered that OpenJDK incorrectly handled application data packets during TLS handshake. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11. (CVE-2020-2816) It was discovered that OpenJDK incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-2830) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10: openjdk-11-jdk 11.0.7+10-2ubuntu2~19.10 openjdk-11-jre 11.0.7+10-2ubuntu2~19.10 openjdk-11-jre-headless 11.0.7+10-2ubuntu2~19.10 openjdk-11-jre-zero 11.0.7+10-2ubuntu2~19.10 openjdk-8-jdk 8u252-b09-1~19.10 openjdk-8-jre 8u252-b09-1~19.10 openjdk-8-jre-headless 8u252-b09-1~19.10 openjdk-8-jre-zero 8u252-b09-1~19.10 Ubuntu 18.04 LTS: openjdk-11-jdk 11.0.7+10-2ubuntu2~18.04 openjdk-11-jre 11.0.7+10-2ubuntu2~18.04 openjdk-11-jre-headless 11.0.7+10-2ubuntu2~18.04 openjdk-11-jre-zero 11.0.7+10-2ubuntu2~18.04 openjdk-8-jdk 8u252-b09-1~18.04 openjdk-8-jre 8u252-b09-1~18.04 openjdk-8-jre-headless 8u252-b09-1~18.04 openjdk-8-jre-zero 8u252-b09-1~18.04 Ubuntu 16.04 LTS: openjdk-8-jdk 8u252-b09-1~16.04 openjdk-8-jre 8u252-b09-1~16.04 openjdk-8-jre-headless 8u252-b09-1~16.04 openjdk-8-jre-jamvm 8u252-b09-1~16.04 openjdk-8-jre-zero 8u252-b09-1~16.04 This update uses a new upstream release, which includes additional bug fixes. 8.0) - aarch64, noarch, ppc64le, s390x, x86_64 3. 8.0) - aarch64, ppc64le, s390x, x86_64 3. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * operator-framework/presto: /etc/passwd was given incorrect privileges (CVE-2019-19352) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: For OpenShift Container Platform 4.4 see the following documentation, which will be updated shortly for release 4.4.3, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.4/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/): 1793281 - CVE-2019-19352 operator-framework/presto: /etc/passwd is given incorrect privileges 5. 7) - x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.8.0-openjdk security update Advisory ID: RHSA-2020:1512-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1512 Issue date: 2020-04-21 CVE Names: CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 ===================================================================== 1. Summary: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) * OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) * OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) * OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) * OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) * OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) * OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) * OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) * OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) * OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1823199 - CVE-2020-2754 OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) 1823200 - CVE-2020-2755 OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) 1823215 - CVE-2020-2756 OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) 1823216 - CVE-2020-2757 OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) 1823224 - CVE-2020-2773 OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) 1823527 - CVE-2020-2800 OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) 1823542 - CVE-2020-2830 OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) 1823694 - CVE-2020-2803 OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) 1823844 - CVE-2020-2805 OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) 1823960 - CVE-2020-2781 OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.252.b09-2.el7_8.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.252.b09-2.el7_8.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.252.b09-2.el7_8.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.252.b09-2.el7_8.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.src.rpm ppc64: java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.ppc64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.ppc64.rpm java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.ppc64.rpm java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.ppc64.rpm ppc64le: java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.ppc64le.rpm java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.ppc64le.rpm java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.ppc64le.rpm s390x: java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.s390x.rpm java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.s390x.rpm java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.s390x.rpm x86_64: java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.252.b09-2.el7_8.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.252.b09-2.el7_8.noarch.rpm ppc64: java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.ppc64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.ppc64.rpm java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.ppc64.rpm java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.ppc64.rpm ppc64le: java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.ppc64le.rpm java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.ppc64le.rpm java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.ppc64le.rpm s390x: java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.s390x.rpm java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.s390x.rpm java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.s390x.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.252.b09-2.el7_8.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.252.b09-2.el7_8.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-2754 https://access.redhat.com/security/cve/CVE-2020-2755 https://access.redhat.com/security/cve/CVE-2020-2756 https://access.redhat.com/security/cve/CVE-2020-2757 https://access.redhat.com/security/cve/CVE-2020-2773 https://access.redhat.com/security/cve/CVE-2020-2781 https://access.redhat.com/security/cve/CVE-2020-2800 https://access.redhat.com/security/cve/CVE-2020-2803 https://access.redhat.com/security/cve/CVE-2020-2805 https://access.redhat.com/security/cve/CVE-2020-2830 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXp7Zs9zjgjWX9erEAQijNg//Wv9fjFvkxHC42Hd5YcN8qnGcf6gdOYDW pAv6Tv6q9pstko1bcUZYa0V01XejJYe/5uAADu3QGe1aMihI0VMjXrlFULW1laNS QTRtsnzTac5Gm3cJZKDXIv1ITI+fgGBWOvwN9lketAQtO5su+JbPTPQ4S0rBy55D gAVa8RVPi6qQt85HmXDrrpaAI2N8EFVkJBpC9ZRRFtI5wTv//bVx29Qw/sthlN3N qXwO8KZI44Xbe+vb6QpGcNkly+Dh7CdeVFV1OVkqx8eOVA8Cj45NAeBgP1W8n2VQ zt0GiKCbrV49e2AsBgmK49/J3N2L9xalsHSn54+6N02rcjf4dseV5flz5/unSIDc gPqFCTRbGZcIdjFbilvsklGBVfBzXjw5SjUemMKYggXa+6L74O+kuH4TRZRXhmEX 70Kvn1w0ta8P1bxK0A6BM6ZnDo5f7jVIQipk2M/hw6SDzu7ZA5zbDRCg419AZ8qc syuuHWmdfpRRj0XlUw5eBfBUq8UL+huEfRvu85zBhvhTw/Pyu+T0nQ7iofSyqvob 2LlLyPV14RBOzGIWLqrt2tGBUYanKULxIdT+VtSu4gyuloGc84onSLTqU0Ucbc85 nxpY6nc9GxOYWCMDITnr4xiRXQuUuE5V4UVwsFlr+xsEYcsAXdPLzyXzw8S8sL+Z yPjQbJvoqgE= =5P5C -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4662-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 24, 2020 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openjdk-11 CVE ID : CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2767 CVE-2020-2773 CVE-2020-2778 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2816 CVE-2020-2830 Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, insecure TLS handshakes, bypass of sandbox restrictions or HTTP response splitting attacks. For the stable distribution (buster), these problems have been fixed in version 11.0.7+10-3~deb10u1. We recommend that you upgrade your openjdk-11 packages. For the detailed security status of openjdk-11 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openjdk-11 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIyBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6i4QkACgkQEMKTtsN8 TjYOlg/3ZpduOWklosp1sS0za11zUYZHlql01d75lk2HS/u5sEVUNPyVcZ2iC8Bk zVBfqdJmfoODThzMVws1f9BhTvdaigPd+6stG3eVcU7kHS3IEpSAglKRK9220jDQ Euz2CXHV2trngO9C6oEg6OOB2wguKyeFT7VlMazyznmesIUr+BnmTpm/t97QOAhj +OyeXm3YdI7B8idZUNnUS42SKei+vaj1b/Dwi7Bv5YZUgIDAy8J6lRxUYi3EA/MT Lux7auJiMw9cIx5xqiIIW+3JmLrxXZQdvxWRsZtl5ATNwMf/PDjroWGj1eIRIa66 70dJ4FoY/yHdc4wnadBJKhWUgZbGDpVyclzRx8DBlqYxmJx0BVu10he1j8fMJnp1 72A/gHVtcHDuCLpskgYiJeUqkPq/nMEt85Q2NpnW61sGFJedGIQeAMGKLPsLCmz4 U8L2CaTvtnBFNN82P50rDCuFwKChOJ5OqKuZCBwX6hhJQqgPsSGE7wdUep0UFbm0 9qyEZ+Ph7v42+JcnP3O/Ow9i2Q+rkHcCu//jp+TaeyjZEaIurAAlMz9YN8Tp665n lXe0nmWPkY+oCDoEglH5GaLkft0lEOT8idGp3ccBhHsQGhyJAq2z0b9OBTUgidjY 99udJWsH8naHMBZL5aHmByQ/73mL/MB+oMRv15ypVrnL2B3KVQ== =/qDT -----END PGP SIGNATURE-----

Trust: 1.89

sources: NVD: CVE-2020-2830 // VULMON: CVE-2020-2830 // PACKETSTORM: 157363 // PACKETSTORM: 157350 // PACKETSTORM: 157351 // PACKETSTORM: 157349 // PACKETSTORM: 157550 // PACKETSTORM: 157549 // PACKETSTORM: 157777 // PACKETSTORM: 157319 // PACKETSTORM: 157778 // PACKETSTORM: 168805

AFFECTED PRODUCTS

vendor:oraclemodel:openjdkscope:eqversion:8

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:netappmodel:e-series santricity web servicesscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:openjdkscope:lteversion:11.0.6

Trust: 1.0

vendor:oraclemodel:openjdkscope:gteversion:11

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:11.0.6

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:1.7.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:32

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.2

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:gteversion:7.3

Trust: 1.0

vendor:oraclemodel:openjdkscope:gteversion:13

Trust: 1.0

vendor:netappmodel:storagegridscope:gteversion:9.0.0

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:11.0.6

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:gteversion:11.0.0

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:1.7.0

Trust: 1.0

vendor:mcafeemodel:threat intelligence exchange serverscope:ltversion:2.3.1

Trust: 1.0

vendor:netappmodel:e-series performance analyzerscope:eqversion: -

Trust: 1.0

vendor:netappmodel:steelstore cloud integrated storagescope:eqversion: -

Trust: 1.0

vendor:oraclemodel:openjdkscope:lteversion:13.0.2

Trust: 1.0

vendor:netappmodel:plug-in for symantec netbackupscope:eqversion: -

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:lteversion:11.60.1

Trust: 1.0

vendor:mcafeemodel:threat intelligence exchange serverscope:eqversion:3.0.0

Trust: 1.0

vendor:oraclemodel:openjdkscope:eqversion:14

Trust: 1.0

vendor:netappmodel:snapmanagerscope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:19.10

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:30

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:14.0.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:gteversion:9.5

Trust: 1.0

vendor:netappmodel:santricity unified managerscope:eqversion: -

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:31

Trust: 1.0

vendor:netappmodel:storagegridscope:lteversion:9.0.4

Trust: 1.0

vendor:netappmodel:oncommand workflow automationscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:mcafeemodel:threat intelligence exchange serverscope:gteversion:2.0.0

Trust: 1.0

vendor:mcafeemodel:threat intelligence exchange serverscope:eqversion:2.3.1

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:14.0.0

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:1.8.0

Trust: 1.0

vendor:netappmodel:7-mode transition toolscope:eqversion: -

Trust: 1.0

vendor:netappmodel:cloud backupscope:eqversion: -

Trust: 1.0

vendor:netappmodel:oncommand insightscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:openjdkscope:eqversion:7

Trust: 1.0

vendor:netappmodel:storagegridscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:1.8.0

Trust: 1.0

sources: NVD: CVE-2020-2830

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-2830
value: MEDIUM

Trust: 1.0

VULMON: CVE-2020-2830
value: MEDIUM

Trust: 0.1

NVD: CVE-2020-2830
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.1

NVD: CVE-2020-2830
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: VULMON: CVE-2020-2830 // NVD: CVE-2020-2830

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2020-2830

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2020-2830

PATCH
title:Red Hat: Important: java-1.7.0-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20201508 - security advisory
Trust: 0.1
title:Red Hat: Important: java-1.7.1-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20202238 - security advisory
Trust: 0.1
title:Red Hat: Important: java-1.8.0-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20201515 - security advisory
Trust: 0.1
title:Red Hat: Important: java-1.7.1-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20202236 - security advisory
Trust: 0.1
title:Red Hat: Important: java-1.7.0-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20201507 - security advisory
Trust: 0.1
title:Red Hat: Important: java-1.8.0-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20202239 - security advisory
Trust: 0.1
title:Red Hat: Important: java-1.8.0-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20201512 - security advisory
Trust: 0.1
title:Red Hat: Important: java-1.8.0-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20201516 - security advisory
Trust: 0.1
title:Red Hat: Important: java-1.8.0-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20201506 - security advisory
Trust: 0.1
title:Red Hat: Important: java-1.8.0-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20202241 - security advisory
Trust: 0.1
title:Red Hat: Important: java-1.8.0-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20202237 - security advisory
Trust: 0.1
title:Red Hat: Important: java-11-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20201514 - security advisory
Trust: 0.1
title:Red Hat: Important: java-11-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20201517 - security advisory
Trust: 0.1
title:Red Hat: Important: java-11-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20201509 - security advisory
Trust: 0.1
title:Red Hat: Moderate: OpenShift Container Platform 4.4.3 hadoop-container security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20201938 - security advisory
Trust: 0.1
title:Red Hat: Moderate: OpenShift Container Platform 4.4.3 presto-container security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20201942 - security advisory
Trust: 0.1
title:Ubuntu Security Notice: openjdk-8, openjdk-lts vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=usn-4337-1
Trust: 0.1
title:Amazon Linux AMI: ALAS-2020-1365url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=alas-2020-1365
Trust: 0.1
title:Amazon Linux AMI: ALAS-2023-1809url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=alas-2023-1809
Trust: 0.1
title:Amazon Linux 2: ALAS2-2020-1424url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=alas2-2020-1424
Trust: 0.1
title:Amazon Linux 2: ALAS2-2020-1421url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=alas2-2020-1421
Trust: 0.1
title:Debian Security Advisories: DSA-4662-1 openjdk-11 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=fcc7953c1496c4d2bf29bdda0aeb34d3
Trust: 0.1
title:Amazon Linux 2: ALAS2-2020-1410url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=alas2-2020-1410
Trust: 0.1
title:Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Centerurl:https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2020-111
Trust: 0.1
title:Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexusurl:https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2020-108
Trust: 0.1
title:IBM: Security Bulletin: Multiple vulnerabilities in OpenJDK version 11 affect IBM InfoSphere Information Serverurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=04093f22959e96a7bb3ed8715aa18c0e
Trust: 0.1
title:IBM: Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=2ec7385c474071281be069b54d841de6
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-2830

EXTERNAL IDS
db:NVDid:CVE-2020-2830
Trust: 2.1
db:MCAFEEid:SB10318
Trust: 1.1
db:VULMONid:CVE-2020-2830
Trust: 0.1
db:PACKETSTORMid:157363
Trust: 0.1
db:PACKETSTORMid:157350
Trust: 0.1
db:PACKETSTORMid:157351
Trust: 0.1
db:PACKETSTORMid:157349
Trust: 0.1
db:PACKETSTORMid:157550
Trust: 0.1
db:PACKETSTORMid:157549
Trust: 0.1
db:PACKETSTORMid:157777
Trust: 0.1
db:PACKETSTORMid:157319
Trust: 0.1
db:PACKETSTORMid:157778
Trust: 0.1
db:PACKETSTORMid:168805
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-2830 // 
            
            
            
            PACKETSTORM: 157363 // 
            
            
            
            PACKETSTORM: 157350 // 
            
            
            
            PACKETSTORM: 157351 // 
            
            
            
            PACKETSTORM: 157349 // 
            
            
            
            PACKETSTORM: 157550 // 
            
            
            
            PACKETSTORM: 157549 // 
            
            
            
            PACKETSTORM: 157777 // 
            
            
            
            PACKETSTORM: 157319 // 
            
            
            
            PACKETSTORM: 157778 // 
            
            
            
            PACKETSTORM: 168805 // 
            
            
            
            NVD: CVE-2020-2830

REFERENCES
url:https://usn.ubuntu.com/4337-1/
Trust: 1.2
url:https://www.oracle.com/security-alerts/cpuapr2020.html
Trust: 1.1
url:https://security.netapp.com/advisory/ntap-20200416-0004/
Trust: 1.1
url:https://www.debian.org/security/2020/dsa-4662
Trust: 1.1
url:https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html
Trust: 1.1
url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/l7vhc4ew36kzeidq56rpcwbzcqelffkn/
Trust: 1.1
url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ckav6kffaeanxan73aftgu7z6ynrwcxq/
Trust: 1.1
url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nyhhhzrhxcbgrhge5up7ueb4iz2qx536/
Trust: 1.1
url:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html
Trust: 1.1
url:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html
Trust: 1.1
url:https://security.gentoo.org/glsa/202006-22
Trust: 1.1
url:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html
Trust: 1.1
url:https://kc.mcafee.com/corporate/index?page=content&id=sb10318
Trust: 1.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-2830
Trust: 1.0
url:https://nvd.nist.gov/vuln/detail/cve-2020-2781
Trust: 1.0
url:https://nvd.nist.gov/vuln/detail/cve-2020-2800
Trust: 1.0
url:https://nvd.nist.gov/vuln/detail/cve-2020-2754
Trust: 0.9
url:https://nvd.nist.gov/vuln/detail/cve-2020-2757
Trust: 0.9
url:https://nvd.nist.gov/vuln/detail/cve-2020-2805
Trust: 0.9
url:https://nvd.nist.gov/vuln/detail/cve-2020-2756
Trust: 0.9
url:https://nvd.nist.gov/vuln/detail/cve-2020-2803
Trust: 0.9
url:https://nvd.nist.gov/vuln/detail/cve-2020-2773
Trust: 0.8
url:https://access.redhat.com/security/cve/cve-2020-2757
Trust: 0.8
url:https://access.redhat.com/security/cve/cve-2020-2805
Trust: 0.8
url:https://access.redhat.com/security/team/contact/
Trust: 0.8
url:https://www.redhat.com/mailman/listinfo/rhsa-announce
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-2755
Trust: 0.8
url:https://access.redhat.com/security/cve/cve-2020-2830
Trust: 0.8
url:https://access.redhat.com/security/cve/cve-2020-2800
Trust: 0.8
url:https://bugzilla.redhat.com/):
Trust: 0.8
url:https://access.redhat.com/security/cve/cve-2020-2756
Trust: 0.8
url:https://access.redhat.com/security/cve/cve-2020-2781
Trust: 0.8
url:https://access.redhat.com/security/cve/cve-2020-2803
Trust: 0.8
url:https://access.redhat.com/security/cve/cve-2020-2754
Trust: 0.7
url:https://access.redhat.com/security/cve/cve-2020-2755
Trust: 0.7
url:https://access.redhat.com/security/updates/classification/#important
Trust: 0.6
url:https://access.redhat.com/security/cve/cve-2020-2773
Trust: 0.6
url:https://access.redhat.com/articles/11258
Trust: 0.6
url:https://access.redhat.com/security/team/key/
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-2778
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2020-2767
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2020-2816
Trust: 0.3
url:https://access.redhat.com/security/updates/classification/#moderate
Trust: 0.2
url:https://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-rel
Trust: 0.2
url:https://docs.openshift.com/container-platform/4.4/updating/updating-cluster
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2020-2654
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2020-2654
Trust: 0.2
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://access.redhat.com/errata/rhsa-2020:1508
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.7+10-2ubuntu2~18.04
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/openjdk-8/8u252-b09-1~19.10
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/openjdk-8/8u252-b09-1~16.04
Trust: 0.1
url:https://usn.ubuntu.com/4337-1
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.7+10-2ubuntu2~19.10
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/openjdk-8/8u252-b09-1~18.04
Trust: 0.1
url:https://access.redhat.com/errata/rhsa-2020:1516
Trust: 0.1
url:https://access.redhat.com/errata/rhsa-2020:1515
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2020-2767
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2020-2816
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2020-2778
Trust: 0.1
url:https://access.redhat.com/errata/rhsa-2020:1517
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-19354
Trust: 0.1
url:https://access.redhat.com/errata/rhsa-2020:1938
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2019-19354
Trust: 0.1
url:https://access.redhat.com/errata/rhsa-2020:1942
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2019-19352
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-19352
Trust: 0.1
url:https://access.redhat.com/errata/rhsa-2020:2238
Trust: 0.1
url:https://access.redhat.com/errata/rhsa-2020:1512
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2019-2949
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-2949
Trust: 0.1
url:https://access.redhat.com/errata/rhsa-2020:2237
Trust: 0.1
url:https://www.debian.org/security/faq
Trust: 0.1
url:https://security-tracker.debian.org/tracker/openjdk-11
Trust: 0.1
url:https://www.debian.org/security/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-2830 // 
            
            
            
            PACKETSTORM: 157363 // 
            
            
            
            PACKETSTORM: 157350 // 
            
            
            
            PACKETSTORM: 157351 // 
            
            
            
            PACKETSTORM: 157349 // 
            
            
            
            PACKETSTORM: 157550 // 
            
            
            
            PACKETSTORM: 157549 // 
            
            
            
            PACKETSTORM: 157777 // 
            
            
            
            PACKETSTORM: 157319 // 
            
            
            
            PACKETSTORM: 157778 // 
            
            
            
            PACKETSTORM: 168805 // 
            
            
            
            NVD: CVE-2020-2830

CREDITS
Red Hat
Trust: 0.8
sources:
            
            
            PACKETSTORM: 157350 // 
            
            
            
            PACKETSTORM: 157351 // 
            
            
            
            PACKETSTORM: 157349 // 
            
            
            
            PACKETSTORM: 157550 // 
            
            
            
            PACKETSTORM: 157549 // 
            
            
            
            PACKETSTORM: 157777 // 
            
            
            
            PACKETSTORM: 157319 // 
            
            
            
            PACKETSTORM: 157778

SOURCES
db:VULMONid:CVE-2020-2830
db:PACKETSTORMid:157363
db:PACKETSTORMid:157350
db:PACKETSTORMid:157351
db:PACKETSTORMid:157349
db:PACKETSTORMid:157550
db:PACKETSTORMid:157549
db:PACKETSTORMid:157777
db:PACKETSTORMid:157319
db:PACKETSTORMid:157778
db:PACKETSTORMid:168805
db:NVDid:CVE-2020-2830

LAST UPDATE DATE
2023-11-07T21:49:03.694000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2020-2830date:2022-06-30T00:00:00
db:NVDid:CVE-2020-2830date:2022-06-30T20:07:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2020-2830date:2020-04-15T00:00:00
db:PACKETSTORMid:157363date:2020-04-23T19:25:55
db:PACKETSTORMid:157350date:2020-04-22T15:11:05
db:PACKETSTORMid:157351date:2020-04-22T15:11:12
db:PACKETSTORMid:157349date:2020-04-22T15:10:56
db:PACKETSTORMid:157550date:2020-05-04T17:29:03
db:PACKETSTORMid:157549date:2020-05-04T17:28:54
db:PACKETSTORMid:157777date:2020-05-20T15:59:55
db:PACKETSTORMid:157319date:2020-04-21T14:17:02
db:PACKETSTORMid:157778date:2020-05-20T16:01:07
db:PACKETSTORMid:168805date:2020-04-28T19:12:00
db:NVDid:CVE-2020-2830date:2020-04-15T14:15:00