ID

VAR-202006-1838


CVE

CVE-2020-10543


TITLE

Red Hat Security Advisory 2021-2136-01

Trust: 0.1

sources: PACKETSTORM: 162837

DESCRIPTION

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. An attacker could exploit this vulnerability to cause a denial of service. Bugs fixed (https://bugzilla.redhat.com/): 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 5. JIRA issues fixed (https://issues.jboss.org/): LOG-1328 - Port fix to 5.0.z for BZ-1945168 6. Description: Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/ Security fixes: * redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309) * console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092) * console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918) Bug fixes: * RHACM 2.2.4 images (BZ# 1957254) * Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832) * ACM Operator should support using the default route TLS (BZ# 1955270) * The scrolling bar for search filter does not work properly (BZ# 1956852) * Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426) * The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181) * Unable to make SSH connection to a Bitbucket server (BZ# 1966513) * Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory 1954506 - [DDF] Table does not contain data about 20 clusters. Now it's difficult to estimate CPU usage with larger clusters 1954535 - Reinstall Submariner - No endpoints found on one cluster 1955270 - ACM Operator should support using the default route TLS 1956852 - The scrolling bar for search filter does not work properly 1957254 - RHACM 2.2.4 images 1959426 - Limits on Length of MultiClusterObservability Resource Name 1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. 1963128 - [DDF] Please rename this to "Amazon Elastic Kubernetes Service" 1966513 - Unable to make SSH connection to a Bitbucket server 1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. 1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message 5. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.13. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2021:2122 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html This update fixes the following bug among others: * Previously, resources for the ClusterOperator were being created early in the update process, which led to update failures when the ClusterOperator had no status condition while Operators were updating. This bug fix changes the timing of when these resources are created. As a result, updates can take place without errors. (BZ#1959238) Security Fix(es): * gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121) You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-x86_64 The image digest is sha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4 (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-s390x The image digest is sha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le The image digest is sha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36 All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor 3. Solution: For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923268 - [Assisted-4.7] [Staging] Using two both spelling "canceled" "cancelled" 1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go 1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list 1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits 1959238 - CVO creating cloud-controller-manager too early causing upgrade failures 1960103 - SR-IOV obliviously reboot the node 1961941 - Local Storage Operator using LocalVolume CR fails to create PV's when backend storage failure is simulated 1962302 - packageserver clusteroperator does not set reason or message for Available condition 1962312 - Deployment considered unhealthy despite being available and at latest generation 1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone 1963115 - Test verify /run filesystem contents failing 5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202006-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Perl: Multiple vulnerabilities Date: June 12, 2020 Bugs: #723792 ID: 202006-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Perl, the worst of which could result in a Denial of Service condition. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/perl < 5.30.3 >= 5.30.3 Description =========== Multiple vulnerabilities have been discovered in Perl. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Perl users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.30.3" References ========== [ 1 ] CVE-2020-10543 https://nvd.nist.gov/vuln/detail/CVE-2020-10543 [ 2 ] CVE-2020-10878 https://nvd.nist.gov/vuln/detail/CVE-2020-10878 [ 3 ] CVE-2020-12723 https://nvd.nist.gov/vuln/detail/CVE-2020-12723 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202006-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Description: Security Fix(es): * Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253 * Upgraded to a more recent version of Django to address CVE-2021-3281. * Upgraded to a more recent version of autobahn to address CVE-2020-35678. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Upgraded to the latest oVirt inventory plugin to resolve a number of inventory syncing issues that can occur on RHEL7. * Upgraded to the latest theforeman.foreman inventory plugin to resolve a few bugs and performance regressions. * Fixed several issues related to how Tower rotates its log files. * Fixed a bug which can prevent Tower from installing on RHEL8 with certain non-en_US.UTF-8 locales. * Fixed a bug which can cause unanticipated delays in certain playbook output. * Fixed a bug which can cause job runs to fail for playbooks that print certain types of raw binary data. * Fixed a bug which can cause unnecessary records in the Activity Stream when Automation Analytics data is collected. * Fixed a bug which can cause Tower PostgreSQL backups to fail when a non-default PostgreSQL username is specified. * Fixed a bug which can intermittently cause access to encrypted Tower settings to fail, resulting in failed job launches. * Fixed a bug which can cause certain long-running jobs running on isolated nodes to unexpectedly fail. Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1919969 - CVE-2021-3281 django: Potential directory-traversal via archive.extract() 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: perl security update Advisory ID: RHSA-2021:0343-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0343 Issue date: 2021-02-02 CVE Names: CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 ==================================================================== 1. Summary: An update for perl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix(es): * perl: heap-based buffer overflow in regular expression compiler leads to DoS (CVE-2020-10543) * perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS (CVE-2020-10878) * perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS (CVE-2020-12723) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: perl-5.16.3-299.el7_9.src.rpm noarch: perl-CPAN-1.9800-299.el7_9.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-IO-Zlib-1.10-299.el7_9.noarch.rpm perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm perl-Module-Loaded-0.08-299.el7_9.noarch.rpm perl-Object-Accessor-0.42-299.el7_9.noarch.rpm perl-Package-Constants-0.02-299.el7_9.noarch.rpm perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm x86_64: perl-5.16.3-299.el7_9.x86_64.rpm perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm perl-core-5.16.3-299.el7_9.x86_64.rpm perl-debuginfo-5.16.3-299.el7_9.i686.rpm perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-devel-5.16.3-299.el7_9.i686.rpm perl-devel-5.16.3-299.el7_9.x86_64.rpm perl-libs-5.16.3-299.el7_9.i686.rpm perl-libs-5.16.3-299.el7_9.x86_64.rpm perl-macros-5.16.3-299.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-tests-5.16.3-299.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: perl-5.16.3-299.el7_9.src.rpm noarch: perl-CPAN-1.9800-299.el7_9.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-IO-Zlib-1.10-299.el7_9.noarch.rpm perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm perl-Module-Loaded-0.08-299.el7_9.noarch.rpm perl-Object-Accessor-0.42-299.el7_9.noarch.rpm perl-Package-Constants-0.02-299.el7_9.noarch.rpm perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm x86_64: perl-5.16.3-299.el7_9.x86_64.rpm perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm perl-core-5.16.3-299.el7_9.x86_64.rpm perl-debuginfo-5.16.3-299.el7_9.i686.rpm perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-devel-5.16.3-299.el7_9.i686.rpm perl-devel-5.16.3-299.el7_9.x86_64.rpm perl-libs-5.16.3-299.el7_9.i686.rpm perl-libs-5.16.3-299.el7_9.x86_64.rpm perl-macros-5.16.3-299.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-tests-5.16.3-299.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: perl-5.16.3-299.el7_9.src.rpm noarch: perl-CPAN-1.9800-299.el7_9.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-IO-Zlib-1.10-299.el7_9.noarch.rpm perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm perl-Module-Loaded-0.08-299.el7_9.noarch.rpm perl-Object-Accessor-0.42-299.el7_9.noarch.rpm perl-Package-Constants-0.02-299.el7_9.noarch.rpm perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm ppc64: perl-5.16.3-299.el7_9.ppc64.rpm perl-Time-Piece-1.20.1-299.el7_9.ppc64.rpm perl-core-5.16.3-299.el7_9.ppc64.rpm perl-debuginfo-5.16.3-299.el7_9.ppc.rpm perl-debuginfo-5.16.3-299.el7_9.ppc64.rpm perl-devel-5.16.3-299.el7_9.ppc.rpm perl-devel-5.16.3-299.el7_9.ppc64.rpm perl-libs-5.16.3-299.el7_9.ppc.rpm perl-libs-5.16.3-299.el7_9.ppc64.rpm perl-macros-5.16.3-299.el7_9.ppc64.rpm ppc64le: perl-5.16.3-299.el7_9.ppc64le.rpm perl-Time-Piece-1.20.1-299.el7_9.ppc64le.rpm perl-core-5.16.3-299.el7_9.ppc64le.rpm perl-debuginfo-5.16.3-299.el7_9.ppc64le.rpm perl-devel-5.16.3-299.el7_9.ppc64le.rpm perl-libs-5.16.3-299.el7_9.ppc64le.rpm perl-macros-5.16.3-299.el7_9.ppc64le.rpm s390x: perl-5.16.3-299.el7_9.s390x.rpm perl-Time-Piece-1.20.1-299.el7_9.s390x.rpm perl-core-5.16.3-299.el7_9.s390x.rpm perl-debuginfo-5.16.3-299.el7_9.s390.rpm perl-debuginfo-5.16.3-299.el7_9.s390x.rpm perl-devel-5.16.3-299.el7_9.s390.rpm perl-devel-5.16.3-299.el7_9.s390x.rpm perl-libs-5.16.3-299.el7_9.s390.rpm perl-libs-5.16.3-299.el7_9.s390x.rpm perl-macros-5.16.3-299.el7_9.s390x.rpm x86_64: perl-5.16.3-299.el7_9.x86_64.rpm perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm perl-core-5.16.3-299.el7_9.x86_64.rpm perl-debuginfo-5.16.3-299.el7_9.i686.rpm perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-devel-5.16.3-299.el7_9.i686.rpm perl-devel-5.16.3-299.el7_9.x86_64.rpm perl-libs-5.16.3-299.el7_9.i686.rpm perl-libs-5.16.3-299.el7_9.x86_64.rpm perl-macros-5.16.3-299.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: perl-debuginfo-5.16.3-299.el7_9.ppc64.rpm perl-tests-5.16.3-299.el7_9.ppc64.rpm ppc64le: perl-debuginfo-5.16.3-299.el7_9.ppc64le.rpm perl-tests-5.16.3-299.el7_9.ppc64le.rpm s390x: perl-debuginfo-5.16.3-299.el7_9.s390x.rpm perl-tests-5.16.3-299.el7_9.s390x.rpm x86_64: perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-tests-5.16.3-299.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: perl-5.16.3-299.el7_9.src.rpm noarch: perl-CPAN-1.9800-299.el7_9.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-IO-Zlib-1.10-299.el7_9.noarch.rpm perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm perl-Module-Loaded-0.08-299.el7_9.noarch.rpm perl-Object-Accessor-0.42-299.el7_9.noarch.rpm perl-Package-Constants-0.02-299.el7_9.noarch.rpm perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm x86_64: perl-5.16.3-299.el7_9.x86_64.rpm perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm perl-core-5.16.3-299.el7_9.x86_64.rpm perl-debuginfo-5.16.3-299.el7_9.i686.rpm perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-devel-5.16.3-299.el7_9.i686.rpm perl-devel-5.16.3-299.el7_9.x86_64.rpm perl-libs-5.16.3-299.el7_9.i686.rpm perl-libs-5.16.3-299.el7_9.x86_64.rpm perl-macros-5.16.3-299.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-tests-5.16.3-299.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-10543 https://access.redhat.com/security/cve/CVE-2020-10878 https://access.redhat.com/security/cve/CVE-2020-12723 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYBlBRdzjgjWX9erEAQgfWQ/+Pzq//upZZVPBq5+myRLRJCef7277Y+9k 54oh8wOTwtwEMs9ye5Y1FDmAxVd4fWX3JgAss1KE86Hhm5OoCX/FJ0/RGguMR1l2 qwmWtfGuZjrn1SmjdHlf8B/bC0f20IadUUbY/8clpFiMxe5V1g8s9ZgbHv/MBWnm Awac/6LPc7Eb24OnIuTKLYEcQRxuBG1KdikM1NN1uJU5WHkbhZfKWFMnjKihsPGp 42vnomd0P7RdXNc4FbuNlkm2iw04woJyz1AYPdScswWJqawQSbre6+3wpnHlWs4K RerhKZiJLJsC0XmSpma62I4kYbVlniYPcbrF4Zfo1j1vIIvjmOL26B/3JsUVtwfm AKVuAu8DbNIkdSo2CS2gauLWsykukprPx16X8n8Xlb9Kr9iL/r2/sI/jUGce+50S aoe2Hb40VIX6sHPLiEmWP0ufuoDxJZ2mY9mhqAMGt/xCPrZ/Pst0y4hewJVo2AIf /LG758/KJWYBx2ILfBwA07O829irVDnbw5blT47fS3qiqAzXRTp56xkCCnLQ0BGQ Ip3DFIwNVxznKYOgubXJBGl3xYHI+P/bu8tcCAYMaN4hAHdFrqJbPMNLLGf37L73 N83csDc07k/WsKua5atl3suUuYRWxSq6CnV9KNU4aUaKEmu+de+D2k34vn2+le0S HB63T1smQXA=Oj1P -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-4602-1 October 26, 2020 perl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Perl. Software Description: - perl: Practical Extraction and Report Language Details: ManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10543) Hugo van der Sanden and Slaven Rezic discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10878) Sergey Aleynikov discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-12723) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: perl 5.30.0-9ubuntu0.2 Ubuntu 18.04 LTS: perl 5.26.1-6ubuntu0.5 Ubuntu 16.04 LTS: perl 5.22.1-9ubuntu0.9 In general, a standard system update will make all the necessary changes

Trust: 1.8

sources: NVD: CVE-2020-10543 // VULHUB: VHN-163032 // VULMON: CVE-2020-10543 // PACKETSTORM: 162837 // PACKETSTORM: 163188 // PACKETSTORM: 162877 // PACKETSTORM: 158058 // PACKETSTORM: 161727 // PACKETSTORM: 161728 // PACKETSTORM: 161255 // PACKETSTORM: 159707

AFFECTED PRODUCTS

vendor:oraclemodel:communications eagle lnp application processorscope:eqversion:46.7

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:oraclemodel:communications eagle lnp application processorscope:eqversion:46.9

Trust: 1.0

vendor:oraclemodel:tekelec platform distributionscope:lteversion:7.7.1

Trust: 1.0

vendor:oraclemodel:communications performance intelligence centerscope:lteversion:10.4.0.3.1

Trust: 1.0

vendor:oraclemodel:communications billing and revenue managementscope:eqversion:12.0.0.2.0

Trust: 1.0

vendor:oraclemodel:communications offline mediation controllerscope:eqversion:12.0.0.3.0

Trust: 1.0

vendor:oraclemodel:communications eagle lnp application processorscope:eqversion:46.8

Trust: 1.0

vendor:oraclemodel:communications eagle application processorscope:gteversion:16.1.0

Trust: 1.0

vendor:perlmodel:perlscope:ltversion:5.30.3

Trust: 1.0

vendor:oraclemodel:communications eagle lnp application processorscope:eqversion:10.1

Trust: 1.0

vendor:oraclemodel:communications eagle application processorscope:lteversion:16.4.0

Trust: 1.0

vendor:oraclemodel:communications lsmsscope:lteversion:13.4

Trust: 1.0

vendor:oraclemodel:communications pricing design centerscope:eqversion:12.0.0.3.0

Trust: 1.0

vendor:oraclemodel:communications performance intelligence centerscope:gteversion:10.3.0.0.0

Trust: 1.0

vendor:oraclemodel:sd-wan edgescope:eqversion:8.2

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:lteversion:8.5.0

Trust: 1.0

vendor:oraclemodel:sd-wan edgescope:eqversion:9.0

Trust: 1.0

vendor:oraclemodel:tekelec platform distributionscope:gteversion:7.4.0

Trust: 1.0

vendor:oraclemodel:communications eagle lnp application processorscope:eqversion:10.2

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:31

Trust: 1.0

vendor:oraclemodel:communications performance intelligence centerscope:lteversion:10.3.0.2.1

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:gteversion:8.0.0

Trust: 1.0

vendor:oraclemodel:configuration managerscope:eqversion:12.1.2.0.8

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.4.0.0

Trust: 1.0

vendor:oraclemodel:communications performance intelligence centerscope:gteversion:10.4.0.1.0

Trust: 1.0

vendor:oraclemodel:communications billing and revenue managementscope:eqversion:12.0.0.3.0

Trust: 1.0

vendor:oraclemodel:sd-wan edgescope:eqversion:9.1

Trust: 1.0

vendor:oraclemodel:communications lsmsscope:gteversion:13.1

Trust: 1.0

sources: NVD: CVE-2020-10543

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-10543
value: HIGH

Trust: 1.0

VULHUB: VHN-163032
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-10543
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-10543
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-163032
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-10543
baseSeverity: HIGH
baseScore: 8.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.2
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-163032 // VULMON: CVE-2020-10543 // NVD: CVE-2020-10543

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.1

problemtype:CWE-787

Trust: 1.1

sources: VULHUB: VHN-163032 // NVD: CVE-2020-10543

THREAT TYPE

remote

Trust: 0.1

sources: PACKETSTORM: 159707

TYPE

overflow

Trust: 0.2

sources: PACKETSTORM: 163188 // PACKETSTORM: 161255

PATCH

title:Red Hat: Moderate: perl security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210343 - Security Advisory

Trust: 0.1

title:Debian CVElist Bug Report Logs: perl: regexp security issues: CVE-2020-10543, CVE-2020-10878, CVE-2020-12723url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=babe2a0596ddd17a5ad75cd3c30c45ff

Trust: 0.1

title:Amazon Linux 2: ALAS2-2021-1610url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1610

Trust: 0.1

title:Red Hat: Moderate: Red Hat Advanced Cluster Management 2.1.3 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210607 - Security Advisory

Trust: 0.1

title:IBM: Security Bulletin: Cloud Pak for Security contains security vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=08f19f0be4d5dcf7486e5abcdb671477

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d

Trust: 0.1

title:visualGambasDeltaurl:https://github.com/D5n9sMatrix/visualGambasDelta

Trust: 0.1

title:perl5283deltaurl:https://github.com/D5n9sMatrix/perl5283delta

Trust: 0.1

title:editorGambasDeltaurl:https://github.com/D5n9sMatrix/editorGambasDelta

Trust: 0.1

title:EditorGambasDeltaurl:https://github.com/D5n9sMatrix/EditorGambasDelta

Trust: 0.1

title:CICD_CloudBuild_01url:https://github.com/pbavinck/CICD_CloudBuild_01

Trust: 0.1

title:gcr-kritis-signerurl:https://github.com/binxio/gcr-kritis-signer

Trust: 0.1

title:gcp-kritis-signerurl:https://github.com/binxio/gcp-kritis-signer

Trust: 0.1

title:litecoin-automationurl:https://github.com/gzukel/litecoin-automation

Trust: 0.1

title: - url:https://github.com/D5n9sMatrix/perltoc

Trust: 0.1

title: - url:https://github.com/imhunterand/hackerone-publicy-disclosed

Trust: 0.1

title:snykouturl:https://github.com/garethr/snykout

Trust: 0.1

title:myapp-container-jaxrsurl:https://github.com/akiraabe/myapp-container-jaxrs

Trust: 0.1

sources: VULMON: CVE-2020-10543

EXTERNAL IDS

db:NVDid:CVE-2020-10543

Trust: 2.0

db:PACKETSTORMid:162877

Trust: 0.2

db:PACKETSTORMid:158058

Trust: 0.2

db:PACKETSTORMid:159707

Trust: 0.2

db:PACKETSTORMid:161728

Trust: 0.2

db:PACKETSTORMid:161727

Trust: 0.2

db:PACKETSTORMid:161255

Trust: 0.2

db:PACKETSTORMid:162837

Trust: 0.2

db:PACKETSTORMid:163188

Trust: 0.2

db:PACKETSTORMid:159726

Trust: 0.1

db:PACKETSTORMid:162650

Trust: 0.1

db:PACKETSTORMid:162021

Trust: 0.1

db:PACKETSTORMid:161726

Trust: 0.1

db:PACKETSTORMid:161656

Trust: 0.1

db:PACKETSTORMid:162245

Trust: 0.1

db:PACKETSTORMid:161843

Trust: 0.1

db:CNVDid:CNVD-2020-37944

Trust: 0.1

db:CNNVDid:CNNVD-202006-145

Trust: 0.1

db:VULHUBid:VHN-163032

Trust: 0.1

db:VULMONid:CVE-2020-10543

Trust: 0.1

sources: VULHUB: VHN-163032 // VULMON: CVE-2020-10543 // PACKETSTORM: 162837 // PACKETSTORM: 163188 // PACKETSTORM: 162877 // PACKETSTORM: 158058 // PACKETSTORM: 161727 // PACKETSTORM: 161728 // PACKETSTORM: 161255 // PACKETSTORM: 159707 // NVD: CVE-2020-10543

REFERENCES

url:https://security.gentoo.org/glsa/202006-03

Trust: 1.2

url:https://github.com/perl/perl5/blob/blead/pod/perl5303delta.pod

Trust: 1.1

url:https://github.com/perl/perl5/compare/v5.30.2...v5.30.3

Trust: 1.1

url:https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed

Trust: 1.1

url:https://security.netapp.com/advisory/ntap-20200611-0001/

Trust: 1.1

url:https://www.oracle.com//security-alerts/cpujul2021.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpujan2021.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuoct2020.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2020-10543

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-10878

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2020-10878

Trust: 0.6

url:https://bugzilla.redhat.com/):

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-10543

Trust: 0.6

url:https://access.redhat.com/security/team/contact/

Trust: 0.6

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-12723

Trust: 0.5

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-8286

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-28196

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-15358

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-13434

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-3842

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-13776

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-24977

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-8231

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-29362

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-8285

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-10228

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-9169

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-26116

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-26137

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-25013

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-29361

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-12362

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-27619

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3177

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-9169

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3326

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-25013

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-2708

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-23336

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-8927

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-12362

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-29363

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-3842

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-2708

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2016-10228

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-8284

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-27618

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-14866

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-14866

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-12723

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-14347

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36322

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-12114

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-25712

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12114

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-13543

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-27835

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9951

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-25704

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-13776

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3121

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-19528

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9948

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-13012

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-13434

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-0431

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14363

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-13584

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-18811

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14360

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-19528

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-12464

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14314

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14356

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-27786

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-25643

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9983

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24394

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-0431

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-0342

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-18811

Trust: 0.2

url:https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14345

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14344

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-19523

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14362

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14361

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-25285

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35508

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-25212

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-19523

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-28974

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-15437

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-13012

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-25284

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14346

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-11608

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-11608

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12464

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-25039

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-25037

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-25037

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-28935

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-25034

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-25035

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-25038

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-25040

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24330

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-25042

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-25042

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-25038

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-25032

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-25041

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-25036

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-25032

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-25215

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24331

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-25036

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-25035

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24332

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-25039

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-25040

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-25041

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-25034

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20228

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20253

Trust: 0.2

url:https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20191

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20180

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20178

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35678

Trust: 0.2

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14346

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20305

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14345

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13543

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13584

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14347

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14360

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2136

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14314

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14344

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14356

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15358

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21639

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12364

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28165

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-14502

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28092

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12363

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27219

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24330

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28163

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-14502

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21309

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21640

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28918

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3543

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3501

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25648

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8648

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27170

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25692

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2433

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3347

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12363

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3114

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28362

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12364

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2461

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15586

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/updating/updating-cluster

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36242

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-16845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21645

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27783

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25659

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21643

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30465

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21644

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2121

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2122

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21642

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17006

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20907

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11023

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12749

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12401

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12402

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1971

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20372

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7595

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20843

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17006

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11719

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20388

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12401

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17023

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11023

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17023

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12749

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-6829

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0778

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8177

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12403

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11022

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12400

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20388

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19956

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11756

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11756

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12243

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12400

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11727

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12243

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1971

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11719

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11727

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-5766

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12403

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-15903

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-5766

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15903

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20372

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19956

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11022

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17498

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17498

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20907

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20843

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12402

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35678

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3281

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20178

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20191

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3281

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20253

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20228

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0780

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20180

Trust: 0.1

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0343

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/perl/5.30.0-9ubuntu0.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/perl/5.22.1-9ubuntu0.9

Trust: 0.1

url:https://usn.ubuntu.com/4602-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/perl/5.26.1-6ubuntu0.5

Trust: 0.1

sources: VULHUB: VHN-163032 // PACKETSTORM: 162837 // PACKETSTORM: 163188 // PACKETSTORM: 162877 // PACKETSTORM: 158058 // PACKETSTORM: 161727 // PACKETSTORM: 161728 // PACKETSTORM: 161255 // PACKETSTORM: 159707 // NVD: CVE-2020-10543

CREDITS

Red Hat

Trust: 0.6

sources: PACKETSTORM: 162837 // PACKETSTORM: 163188 // PACKETSTORM: 162877 // PACKETSTORM: 161727 // PACKETSTORM: 161728 // PACKETSTORM: 161255

SOURCES

db:VULHUBid:VHN-163032
db:VULMONid:CVE-2020-10543
db:PACKETSTORMid:162837
db:PACKETSTORMid:163188
db:PACKETSTORMid:162877
db:PACKETSTORMid:158058
db:PACKETSTORMid:161727
db:PACKETSTORMid:161728
db:PACKETSTORMid:161255
db:PACKETSTORMid:159707
db:NVDid:CVE-2020-10543

LAST UPDATE DATE

2024-11-20T21:56:21.868000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-163032date:2022-05-12T00:00:00
db:VULMONid:CVE-2020-10543date:2023-11-07T00:00:00
db:NVDid:CVE-2020-10543date:2023-11-07T03:14:10.297

SOURCES RELEASE DATE

db:VULHUBid:VHN-163032date:2020-06-05T00:00:00
db:VULMONid:CVE-2020-10543date:2020-06-05T00:00:00
db:PACKETSTORMid:162837date:2021-05-27T13:28:54
db:PACKETSTORMid:163188date:2021-06-17T17:53:22
db:PACKETSTORMid:162877date:2021-06-01T14:45:29
db:PACKETSTORMid:158058date:2020-06-12T14:44:55
db:PACKETSTORMid:161727date:2021-03-09T16:25:11
db:PACKETSTORMid:161728date:2021-03-09T16:26:05
db:PACKETSTORMid:161255date:2021-02-02T16:12:23
db:PACKETSTORMid:159707date:2020-10-26T16:43:39
db:NVDid:CVE-2020-10543date:2020-06-05T14:15:10.467