ID

VAR-202008-1140


CVE

CVE-2020-8623


TITLE

ISC BIND Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202008-1070

DESCRIPTION

In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker. CVE-2020-8619 It was discovered that an asterisk character in an empty non- terminal can cause an assertion failure, resulting in denial of service. CVE-2020-8622 Dave Feldman, Jeff Warren, and Joel Cunningham reported that a truncated TSIG response can lead to an assertion failure, resulting in denial of service. CVE-2020-8624 Joop Boonen reported that update-policy rules of type "subdomain" are enforced incorrectly, allowing updates to all parts of the zone along with the intended subdomain. For the stable distribution (buster), these problems have been fixed in version 1:9.11.5.P4+dfsg-5.1+deb10u2. We recommend that you upgrade your bind9 packages. For the detailed security status of bind9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/bind9 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl9H9LBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Riow//eYx52gDQkiERYSEFJbSK34AzF5Ee3W8JYh1BG4PFagvR/y3hwddyFEkR pHlq/t78TPWi9oQ3j8uuQL0VLMA+8jyaNXA0h6BMs/3VKzGktFyINdKPBPIghT2w 2tugfgjK1MR0LZ27rcE86I1QoyFy+jHMmd03R0B0AQPWYkjp+2sp5nxskFVM9jXO 8emXIzT3IZns8WSS7xCZOqE6D40Vk/3hP5IXDXIbHHFUgl6jCEpPHJBHCgrtw9HZ Or/EQgy4y+QUZNqsPw93kxc7cwVWhauW/PX9VZ1HWnfMIWEZX9K8fmYPHlj4dJUa 1G45uTtYT7VaLvs+N7j1UulII+f1ZT9rrljasVKfbmALt+mp28/LzzcCCBMYohkK Ka30MmBu5yZnn36LNWGwaOO5D+cCHsc58awKu3C5wUG/QMBjT+dYlhkbUbllpZVj vMMXjnrefdkCLy7LEDAul1NLgxWcSWzcQ0SyNEfu9IajtA94unFMwNzFmQb7ykql WMkHTg+7mSdPCxOI+0g9+w+pKZFdBGZxXu76cV8FB1BmRitsM8XYrtBGO9uWvkI9 hIm7pHhyJB0E008qo+cKutpnvruLZLBUCutUuNHZAirq+zaHjoVDSxiqPWEJ9jdR Sx85bc7+6f1daR04r5ay/mCuWPTQYrM1VyBsFnAvGxWoznHnmbk= =kUyE -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: bind security update Advisory ID: RHSA-2020:4992-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4992 Issue date: 2020-11-10 CVE Names: CVE-2020-8622 CVE-2020-8623 ==================================================================== 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: truncated TSIG response can lead to an assertion failure (CVE-2020-8622) * bind: remotely triggerable assertion failure in pk11.c (CVE-2020-8623) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1869473 - CVE-2020-8622 bind: truncated TSIG response can lead to an assertion failure 1869477 - CVE-2020-8623 bind: remotely triggerable assertion failure in pk11.c 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.6): Source: bind-9.9.4-74.el7_6.5.src.rpm noarch: bind-license-9.9.4-74.el7_6.5.noarch.rpm x86_64: bind-debuginfo-9.9.4-74.el7_6.5.i686.rpm bind-debuginfo-9.9.4-74.el7_6.5.x86_64.rpm bind-libs-9.9.4-74.el7_6.5.i686.rpm bind-libs-9.9.4-74.el7_6.5.x86_64.rpm bind-libs-lite-9.9.4-74.el7_6.5.i686.rpm bind-libs-lite-9.9.4-74.el7_6.5.x86_64.rpm bind-utils-9.9.4-74.el7_6.5.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6): x86_64: bind-9.9.4-74.el7_6.5.x86_64.rpm bind-chroot-9.9.4-74.el7_6.5.x86_64.rpm bind-debuginfo-9.9.4-74.el7_6.5.i686.rpm bind-debuginfo-9.9.4-74.el7_6.5.x86_64.rpm bind-devel-9.9.4-74.el7_6.5.i686.rpm bind-devel-9.9.4-74.el7_6.5.x86_64.rpm bind-lite-devel-9.9.4-74.el7_6.5.i686.rpm bind-lite-devel-9.9.4-74.el7_6.5.x86_64.rpm bind-pkcs11-9.9.4-74.el7_6.5.x86_64.rpm bind-pkcs11-devel-9.9.4-74.el7_6.5.i686.rpm bind-pkcs11-devel-9.9.4-74.el7_6.5.x86_64.rpm bind-pkcs11-libs-9.9.4-74.el7_6.5.i686.rpm bind-pkcs11-libs-9.9.4-74.el7_6.5.x86_64.rpm bind-pkcs11-utils-9.9.4-74.el7_6.5.x86_64.rpm bind-sdb-9.9.4-74.el7_6.5.x86_64.rpm bind-sdb-chroot-9.9.4-74.el7_6.5.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.6): Source: bind-9.9.4-74.el7_6.5.src.rpm noarch: bind-license-9.9.4-74.el7_6.5.noarch.rpm ppc64: bind-9.9.4-74.el7_6.5.ppc64.rpm bind-chroot-9.9.4-74.el7_6.5.ppc64.rpm bind-debuginfo-9.9.4-74.el7_6.5.ppc.rpm bind-debuginfo-9.9.4-74.el7_6.5.ppc64.rpm bind-libs-9.9.4-74.el7_6.5.ppc.rpm bind-libs-9.9.4-74.el7_6.5.ppc64.rpm bind-libs-lite-9.9.4-74.el7_6.5.ppc.rpm bind-libs-lite-9.9.4-74.el7_6.5.ppc64.rpm bind-utils-9.9.4-74.el7_6.5.ppc64.rpm ppc64le: bind-9.9.4-74.el7_6.5.ppc64le.rpm bind-chroot-9.9.4-74.el7_6.5.ppc64le.rpm bind-debuginfo-9.9.4-74.el7_6.5.ppc64le.rpm bind-libs-9.9.4-74.el7_6.5.ppc64le.rpm bind-libs-lite-9.9.4-74.el7_6.5.ppc64le.rpm bind-pkcs11-9.9.4-74.el7_6.5.ppc64le.rpm bind-pkcs11-libs-9.9.4-74.el7_6.5.ppc64le.rpm bind-pkcs11-utils-9.9.4-74.el7_6.5.ppc64le.rpm bind-utils-9.9.4-74.el7_6.5.ppc64le.rpm s390x: bind-9.9.4-74.el7_6.5.s390x.rpm bind-chroot-9.9.4-74.el7_6.5.s390x.rpm bind-debuginfo-9.9.4-74.el7_6.5.s390.rpm bind-debuginfo-9.9.4-74.el7_6.5.s390x.rpm bind-libs-9.9.4-74.el7_6.5.s390.rpm bind-libs-9.9.4-74.el7_6.5.s390x.rpm bind-libs-lite-9.9.4-74.el7_6.5.s390.rpm bind-libs-lite-9.9.4-74.el7_6.5.s390x.rpm bind-utils-9.9.4-74.el7_6.5.s390x.rpm x86_64: bind-9.9.4-74.el7_6.5.x86_64.rpm bind-chroot-9.9.4-74.el7_6.5.x86_64.rpm bind-debuginfo-9.9.4-74.el7_6.5.i686.rpm bind-debuginfo-9.9.4-74.el7_6.5.x86_64.rpm bind-libs-9.9.4-74.el7_6.5.i686.rpm bind-libs-9.9.4-74.el7_6.5.x86_64.rpm bind-libs-lite-9.9.4-74.el7_6.5.i686.rpm bind-libs-lite-9.9.4-74.el7_6.5.x86_64.rpm bind-pkcs11-9.9.4-74.el7_6.5.x86_64.rpm bind-pkcs11-libs-9.9.4-74.el7_6.5.i686.rpm bind-pkcs11-libs-9.9.4-74.el7_6.5.x86_64.rpm bind-pkcs11-utils-9.9.4-74.el7_6.5.x86_64.rpm bind-utils-9.9.4-74.el7_6.5.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: bind-9.9.4-74.el7_6.5.src.rpm aarch64: bind-9.9.4-74.el7_6.5.aarch64.rpm bind-chroot-9.9.4-74.el7_6.5.aarch64.rpm bind-debuginfo-9.9.4-74.el7_6.5.aarch64.rpm bind-libs-9.9.4-74.el7_6.5.aarch64.rpm bind-libs-lite-9.9.4-74.el7_6.5.aarch64.rpm bind-pkcs11-9.9.4-74.el7_6.5.aarch64.rpm bind-pkcs11-libs-9.9.4-74.el7_6.5.aarch64.rpm bind-pkcs11-utils-9.9.4-74.el7_6.5.aarch64.rpm bind-utils-9.9.4-74.el7_6.5.aarch64.rpm noarch: bind-license-9.9.4-74.el7_6.5.noarch.rpm ppc64le: bind-9.9.4-74.el7_6.5.ppc64le.rpm bind-chroot-9.9.4-74.el7_6.5.ppc64le.rpm bind-debuginfo-9.9.4-74.el7_6.5.ppc64le.rpm bind-libs-9.9.4-74.el7_6.5.ppc64le.rpm bind-libs-lite-9.9.4-74.el7_6.5.ppc64le.rpm bind-pkcs11-9.9.4-74.el7_6.5.ppc64le.rpm bind-pkcs11-libs-9.9.4-74.el7_6.5.ppc64le.rpm bind-pkcs11-utils-9.9.4-74.el7_6.5.ppc64le.rpm bind-utils-9.9.4-74.el7_6.5.ppc64le.rpm s390x: bind-9.9.4-74.el7_6.5.s390x.rpm bind-chroot-9.9.4-74.el7_6.5.s390x.rpm bind-debuginfo-9.9.4-74.el7_6.5.s390.rpm bind-debuginfo-9.9.4-74.el7_6.5.s390x.rpm bind-libs-9.9.4-74.el7_6.5.s390.rpm bind-libs-9.9.4-74.el7_6.5.s390x.rpm bind-libs-lite-9.9.4-74.el7_6.5.s390.rpm bind-libs-lite-9.9.4-74.el7_6.5.s390x.rpm bind-utils-9.9.4-74.el7_6.5.s390x.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.6): ppc64: bind-debuginfo-9.9.4-74.el7_6.5.ppc.rpm bind-debuginfo-9.9.4-74.el7_6.5.ppc64.rpm bind-devel-9.9.4-74.el7_6.5.ppc.rpm bind-devel-9.9.4-74.el7_6.5.ppc64.rpm bind-lite-devel-9.9.4-74.el7_6.5.ppc.rpm bind-lite-devel-9.9.4-74.el7_6.5.ppc64.rpm bind-pkcs11-9.9.4-74.el7_6.5.ppc64.rpm bind-pkcs11-devel-9.9.4-74.el7_6.5.ppc.rpm bind-pkcs11-devel-9.9.4-74.el7_6.5.ppc64.rpm bind-pkcs11-libs-9.9.4-74.el7_6.5.ppc.rpm bind-pkcs11-libs-9.9.4-74.el7_6.5.ppc64.rpm bind-pkcs11-utils-9.9.4-74.el7_6.5.ppc64.rpm bind-sdb-9.9.4-74.el7_6.5.ppc64.rpm bind-sdb-chroot-9.9.4-74.el7_6.5.ppc64.rpm ppc64le: bind-debuginfo-9.9.4-74.el7_6.5.ppc64le.rpm bind-devel-9.9.4-74.el7_6.5.ppc64le.rpm bind-lite-devel-9.9.4-74.el7_6.5.ppc64le.rpm bind-pkcs11-devel-9.9.4-74.el7_6.5.ppc64le.rpm bind-sdb-9.9.4-74.el7_6.5.ppc64le.rpm bind-sdb-chroot-9.9.4-74.el7_6.5.ppc64le.rpm s390x: bind-debuginfo-9.9.4-74.el7_6.5.s390.rpm bind-debuginfo-9.9.4-74.el7_6.5.s390x.rpm bind-devel-9.9.4-74.el7_6.5.s390.rpm bind-devel-9.9.4-74.el7_6.5.s390x.rpm bind-lite-devel-9.9.4-74.el7_6.5.s390.rpm bind-lite-devel-9.9.4-74.el7_6.5.s390x.rpm bind-pkcs11-9.9.4-74.el7_6.5.s390x.rpm bind-pkcs11-devel-9.9.4-74.el7_6.5.s390.rpm bind-pkcs11-devel-9.9.4-74.el7_6.5.s390x.rpm bind-pkcs11-libs-9.9.4-74.el7_6.5.s390.rpm bind-pkcs11-libs-9.9.4-74.el7_6.5.s390x.rpm bind-pkcs11-utils-9.9.4-74.el7_6.5.s390x.rpm bind-sdb-9.9.4-74.el7_6.5.s390x.rpm bind-sdb-chroot-9.9.4-74.el7_6.5.s390x.rpm x86_64: bind-debuginfo-9.9.4-74.el7_6.5.i686.rpm bind-debuginfo-9.9.4-74.el7_6.5.x86_64.rpm bind-devel-9.9.4-74.el7_6.5.i686.rpm bind-devel-9.9.4-74.el7_6.5.x86_64.rpm bind-lite-devel-9.9.4-74.el7_6.5.i686.rpm bind-lite-devel-9.9.4-74.el7_6.5.x86_64.rpm bind-pkcs11-devel-9.9.4-74.el7_6.5.i686.rpm bind-pkcs11-devel-9.9.4-74.el7_6.5.x86_64.rpm bind-sdb-9.9.4-74.el7_6.5.x86_64.rpm bind-sdb-chroot-9.9.4-74.el7_6.5.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: bind-debuginfo-9.9.4-74.el7_6.5.aarch64.rpm bind-devel-9.9.4-74.el7_6.5.aarch64.rpm bind-lite-devel-9.9.4-74.el7_6.5.aarch64.rpm bind-pkcs11-devel-9.9.4-74.el7_6.5.aarch64.rpm bind-sdb-9.9.4-74.el7_6.5.aarch64.rpm bind-sdb-chroot-9.9.4-74.el7_6.5.aarch64.rpm ppc64le: bind-debuginfo-9.9.4-74.el7_6.5.ppc64le.rpm bind-devel-9.9.4-74.el7_6.5.ppc64le.rpm bind-lite-devel-9.9.4-74.el7_6.5.ppc64le.rpm bind-pkcs11-devel-9.9.4-74.el7_6.5.ppc64le.rpm bind-sdb-9.9.4-74.el7_6.5.ppc64le.rpm bind-sdb-chroot-9.9.4-74.el7_6.5.ppc64le.rpm s390x: bind-debuginfo-9.9.4-74.el7_6.5.s390.rpm bind-debuginfo-9.9.4-74.el7_6.5.s390x.rpm bind-devel-9.9.4-74.el7_6.5.s390.rpm bind-devel-9.9.4-74.el7_6.5.s390x.rpm bind-lite-devel-9.9.4-74.el7_6.5.s390.rpm bind-lite-devel-9.9.4-74.el7_6.5.s390x.rpm bind-pkcs11-9.9.4-74.el7_6.5.s390x.rpm bind-pkcs11-devel-9.9.4-74.el7_6.5.s390.rpm bind-pkcs11-devel-9.9.4-74.el7_6.5.s390x.rpm bind-pkcs11-libs-9.9.4-74.el7_6.5.s390.rpm bind-pkcs11-libs-9.9.4-74.el7_6.5.s390x.rpm bind-pkcs11-utils-9.9.4-74.el7_6.5.s390x.rpm bind-sdb-9.9.4-74.el7_6.5.s390x.rpm bind-sdb-chroot-9.9.4-74.el7_6.5.s390x.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-8622 https://access.redhat.com/security/cve/CVE-2020-8623 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX6pl+tzjgjWX9erEAQhQyw/9HwniSMeQau8ajMlvBJNILYI3wzlLefoF MQgpOS08iKhdQ/jzTceRVjHWmGSc4CpHDWXG2Y5qX0FsbVDjFvb/SXXU2Wnqxg/I h9xFggpS9dPDqEg1YzWpcWboEXIJftLXvqvSjifQZ2Nk22tCPih56FvddvKK7NxY AuWOAEIOe1o/509+eExH73NkeClnup3qlqOcuV2MSCB9VKdIYX7+PorzfSVAaz+N 5kFVijQ/giXAIfWBeKX/6hpI+ijU6T6GeUBBexfB07VgWfLAa3LI+MIX/xwHfwkg Yj8t5kZ34SdJSfJXkcAappUa75pOdX0okx4YV/Wrmlnk1ZFomlkklyP583OYr8mG Dx0hJ0Z9klA5cHTD5ftIviZzEQ3AfD5fGxc5ylVRoD/4sakyCETlFA80oXm5TeCo +Gan6S6t88QRHmTT9oFAosV5GIdJ8Fq2i+v0VQu4YYLKpmtOwUIA2Xl336xakudx zV3Li2nJ0Kf2RW1u/LdEPan4YItn0GDRy34Azk3E8gS1Q7QzTbJmgfPZ7QXfxH5h S9fngzEAL4IcYWrrKoDs4WKGJtFD1xQAUabIWYL5932S2dYUqnm5xunkr/smKZ4y AaEK4GeJE4L4O6hL4hUMyNe3PRUps4rcCchWhcgI61qgkMrsANIp18H/1M07B3O1 jiyZEQjHMXM=yEVS -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7.7) - ppc64, ppc64le, s390x, x86_64 3. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202008-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: BIND: Multiple vulnerabilities Date: August 29, 2020 Bugs: #738250 ID: 202008-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in BIND, the worst of which could result in a Denial of Service condition. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-dns/bind < 9.16.6 >= 9.16.6 Description =========== Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All BIND users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/bind-9.16.6" References ========== [ 1 ] CVE-2020-8620 https://nvd.nist.gov/vuln/detail/CVE-2020-8620 [ 2 ] CVE-2020-8621 https://nvd.nist.gov/vuln/detail/CVE-2020-8621 [ 3 ] CVE-2020-8622 https://nvd.nist.gov/vuln/detail/CVE-2020-8622 [ 4 ] CVE-2020-8623 https://nvd.nist.gov/vuln/detail/CVE-2020-8623 [ 5 ] CVE-2020-8624 https://nvd.nist.gov/vuln/detail/CVE-2020-8624 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202008-19 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.5.20. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2020:5119 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-rel ease-notes.html This update fixes the following bug among others: * Previously, the Prometheus swagger definition contained a `$ref` property which could not be resolved. This caused a runtime error to occur when using the Prometheus operand creation form. This was fixed by adding a `definitions` property to schema returned by the `definitionFor` helper function so that the `$ref` property can resolve. There are no longer runtime errors when using the Prometheus operand creation form. (BZ#1885228) You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.5.20-x86_64 The image digest is sha256:78b878986d2d0af6037d637aa63e7b6f80fc8f17d0f0d5b077ac6aca83f792a0 (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.5.20-s390x The image digest is sha256:372d9aea634d36704d8500a2f940edb3867bfde14c0e5aa19534ea5ac90083d4 (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.5.20-ppc64le The image digest is sha256:030d8323cce90de6bc7ad4119ebb7f000bde06e742f6923faf76707ffe85634a All OpenShift Container Platform 4.5 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.5/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor. Solution: For OpenShift Container Platform 4.5 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.5/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/): 1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS 1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs 1883268 - remove erroneously specified label drop rules 1885228 - Create Instance of Prometheus from operator returns blank page for non cluster-admin users 1892585 - [release 4.5] cluster-monitoring-operator: Fix bug in reflector not recovering from "Too large resource version" 1893202 - e2e-operator flakes with "TestMetricsAccessible: prometheus returned unexpected results: timed out waiting for the condition" 1893742 - move e2e test off of nfs image from docker.io/gmontero/nfs-server:latest 1894763 - Undiagnosed panic detected in pod 1894782 - OperatorHub generates incorrect RBAC 1895057 - Deleted netnamespace could not be re-created 1896990 - Console shows wrong value for maxUnavailable and maxSurge when set to 0 5. Bugs fixed (https://bugzilla.redhat.com/): 1732329 - Virtual Machine is missing documentation of its properties in yaml editor 1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv 1791753 - [RFE] [SSP] Template validator should check validations in template's parent template 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1848954 - KMP missing CA extensions in cabundle of mutatingwebhookconfiguration 1848956 - KMP requires downtime for CA stabilization during certificate rotation 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1853911 - VM with dot in network name fails to start with unclear message 1854098 - NodeNetworkState on workers doesn't have "status" key due to nmstate-handler pod failure to run "nmstatectl show" 1856347 - SR-IOV : Missing network name for sriov during vm setup 1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS 1859235 - Common Templates - after upgrade there are 2 common templates per each os-workload-flavor combination 1860714 - No API information from `oc explain` 1860992 - CNV upgrade - users are not removed from privileged SecurityContextConstraints 1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem 1866593 - CDI is not handling vm disk clone 1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs 1868817 - Container-native Virtualization 2.6.0 Images 1873771 - Improve the VMCreationFailed error message caused by VM low memory 1874812 - SR-IOV: Guest Agent expose link-local ipv6 address for sometime and then remove it 1878499 - DV import doesn't recover from scratch space PVC deletion 1879108 - Inconsistent naming of "oc virt" command in help text 1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running 1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT 1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability 1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message 1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used 1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, *before* the NodeNetworkConfigurationPolicy is applied 1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request. 1891285 - Common templates and kubevirt-config cm - update machine-type 1891440 - [v2v][VMware to CNV VM import API]Source VM with no network interface fail with unclear error 1892227 - [SSP] cluster scoped resources are not being reconciled 1893278 - openshift-virtualization-os-images namespace not seen by user 1893646 - [HCO] Pod placement configuration - dry run is not performed for all the configuration stanza 1894428 - Message for VMI not migratable is not clear enough 1894824 - [v2v][VM import] Pick the smallest template for the imported VM, and not always Medium 1894897 - [v2v][VMIO] VMimport CR is not reported as failed when target VM is deleted during the import 1895414 - Virt-operator is accepting updates to the placement of its workload components even with running VMs 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1898072 - Add Fedora33 to Fedora common templates 1898840 - [v2v] VM import VMWare to CNV Import 63 chars vm name should not fail 1899558 - CNV 2.6 - nmstate fails to set state 1901480 - VM disk io can't worked if namespace have label kubemacpool 1902046 - Not possible to edit CDIConfig (through CDI CR / CDIConfig) 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1903014 - hco-webhook pod in CreateContainerError 1903585 - [v2v] Windows 2012 VM imported from RHV goes into Windows repair mode 1904797 - [VMIO][vmware] A migrated RHEL/Windows VM starts in emergency mode/safe mode when target storage is NFS and target namespace is NOT "default" 1906199 - [CNV-2.5] CNV Tries to Install on Windows Workers 1907151 - kubevirt version is not reported correctly via virtctl 1907352 - VM/VMI link changes to `kubevirt.io~v1~VirtualMachineInstance` on CNV 2.6 1907691 - [CNV] Configuring NodeNetworkConfigurationPolicy caused "Internal error occurred" for creating datavolume 1907988 - VM loses dynamic IP address of its default interface after migration 1908363 - Applying NodeNetworkConfigurationPolicy for different NIC than default disables br-ex bridge and nodes lose connectivity 1908421 - [v2v] [VM import RHV to CNV] Windows imported VM boot failed: INACCESSIBLE BOOT DEVICE error 1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference 1909458 - [V2V][VMware to CNV VM import via api using VMIO] VM import to Ceph RBD/BLOCK fails on "qemu-img: /data/disk.img" error 1910857 - Provide a mechanism to enable the HotplugVolumes feature gate via HCO 1911118 - Windows VMI LiveMigration / shutdown fails on 'XML error: non unique alias detected: ua-') 1911396 - Set networkInterfaceMultiqueue false in rhel 6 template for e1000e interface 1911662 - el6 guests don't work properly if virtio bus is specified on various devices 1912908 - Allow using "scsi" bus for disks in template validation 1913248 - Creating vlan interface on top of a bond device via NodeNetworkConfigurationPolicy fails 1913320 - Informative message needed with virtctl image-upload, that additional step is needed from the user 1913717 - Users should have read permitions for golden images data volumes 1913756 - Migrating to Ceph-RBD + Block fails when skipping zeroes 1914177 - CNV does not preallocate blank file data volumes 1914608 - Obsolete CPU models (kubevirt-cpu-plugin-configmap) are set on worker nodes 1914947 - HPP golden images - DV shoudld not be created with WaitForFirstConsumer 1917908 - [VMIO] vmimport pod fail to create when using ceph-rbd/block 1917963 - [CNV 2.6] Unable to install CNV disconnected - requires kvm-info-nfd-plugin which is not mirrored 1919391 - CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration 1920576 - HCO can report ready=true when it failed to create a CR for a component operator 1920610 - e2e-aws-4.7-cnv consistently failing on Hyperconverged Cluster Operator 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923979 - kubernetes-nmstate: nmstate-handler pod crashes when configuring bridge device using ip tool 1927373 - NoExecute taint violates pdb; VMIs are not live migrated 1931376 - VMs disconnected from nmstate-defined bridge after CNV-2.5.4->CNV-2.6.0 upgrade 5. Bugs fixed (https://bugzilla.redhat.com/): 1823765 - nfd-workers crash under an ipv6 environment 1838802 - mysql8 connector from operatorhub does not work with metering operator 1838845 - Metering operator can't connect to postgres DB from Operator Hub 1841883 - namespace-persistentvolumeclaim-usage query returns unexpected values 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1868294 - NFD operator does not allow customisation of nfd-worker.conf 1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration 1890672 - NFD is missing a build flag to build correctly 1890741 - path to the CA trust bundle ConfigMap is broken in report operator 1897346 - NFD worker pods not scheduler on a 3 node master/worker cluster 1898373 - Metering operator failing upgrade from 4.4 to 4.6 channel 1900125 - FIPS error while generating RSA private key for CA 1906129 - OCP 4.7: Node Feature Discovery (NFD) Operator in CrashLoopBackOff when deployed from OperatorHub 1908492 - OCP 4.7: Node Feature Discovery (NFD) Operator Custom Resource Definition file in olm-catalog is not in sync with the one in manifests dir leading to failed deployment from OperatorHub 1913837 - The CI and ART 4.7 metering images are not mirrored 1914869 - OCP 4.7 NFD - Operand configuration options for NodeFeatureDiscovery are empty, no supported image for ppc64le 1916010 - olm skip range is set to the wrong range 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923998 - NFD Operator is failing to update and remains in Replacing state 5

Trust: 1.71

sources: NVD: CVE-2020-8623 // VULHUB: VHN-186748 // VULMON: CVE-2020-8623 // PACKETSTORM: 168899 // PACKETSTORM: 159981 // PACKETSTORM: 160205 // PACKETSTORM: 159004 // PACKETSTORM: 160207 // PACKETSTORM: 161742 // PACKETSTORM: 161536

AFFECTED PRODUCTS

vendor:netappmodel:steelstore cloud integrated storagescope:eqversion: -

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.10.5

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:31

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:iscmodel:bindscope:gteversion:9.10.0

Trust: 1.0

vendor:iscmodel:bindscope:gteversion:9.17.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:iscmodel:bindscope:lteversion:9.16.5

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.2

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:synologymodel:dns serverscope:ltversion:2.2.2-5027

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.11.21

Trust: 1.0

vendor:iscmodel:bindscope:lteversion:9.17.3

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:20.04

Trust: 1.0

vendor:iscmodel:bindscope:gteversion:9.12.1

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:32

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:iscmodel:bindscope:lteversion:9.11.21

Trust: 1.0

sources: NVD: CVE-2020-8623

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8623
value: HIGH

Trust: 1.0

security-officer@isc.org: CVE-2020-8623
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202008-1070
value: HIGH

Trust: 0.6

VULHUB: VHN-186748
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-8623
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-8623
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-186748
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-8623
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

sources: VULHUB: VHN-186748 // VULMON: CVE-2020-8623 // CNNVD: CNNVD-202008-1070 // NVD: CVE-2020-8623 // NVD: CVE-2020-8623

PROBLEMTYPE DATA

problemtype:CWE-617

Trust: 1.1

problemtype:CWE-269

Trust: 0.1

sources: VULHUB: VHN-186748 // NVD: CVE-2020-8623

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-1070

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202008-1070

PATCH

title: - url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126811

Trust: 0.6

title:Red Hat: Moderate: bind security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204992 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: bind security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20205011 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: bind security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20205203 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: bind security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204500 - Security Advisory

Trust: 0.1

title:Debian Security Advisories: DSA-4752-1 bind9 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=803076d91d2c644d2eb525aea5dfdae2

Trust: 0.1

title:IBM: Security Bulletin: Vulnerability in bind affects IBM Integrated Analytics Systemurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=92a438613464bc541fe716cb783df5cd

Trust: 0.1

title:Amazon Linux 2: ALAS2-2020-1564url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1564

Trust: 0.1

title:Red Hat: Moderate: OpenShift Container Platform 4.5.20 bug fix and golang security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20205118 - Security Advisory

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d

Trust: 0.1

title:veracode-container-security-finding-parserurl:https://github.com/vincent-deng/veracode-container-security-finding-parser

Trust: 0.1

sources: VULMON: CVE-2020-8623 // CNNVD: CNNVD-202008-1070

EXTERNAL IDS

db:NVDid:CVE-2020-8623

Trust: 2.5

db:PACKETSTORMid:159004

Trust: 0.8

db:PACKETSTORMid:159981

Trust: 0.8

db:PACKETSTORMid:160205

Trust: 0.8

db:PACKETSTORMid:159845

Trust: 0.7

db:PACKETSTORMid:158940

Trust: 0.7

db:AUSCERTid:ESB-2020.2977

Trust: 0.6

db:AUSCERTid:ESB-2020.3186.2

Trust: 0.6

db:AUSCERTid:ESB-2021.0691

Trust: 0.6

db:AUSCERTid:ESB-2020.2954

Trust: 0.6

db:AUSCERTid:ESB-2020.3522

Trust: 0.6

db:AUSCERTid:ESB-2020.4178

Trust: 0.6

db:AUSCERTid:ESB-2020.3186

Trust: 0.6

db:AUSCERTid:ESB-2021.0864

Trust: 0.6

db:AUSCERTid:ESB-2020.3970

Trust: 0.6

db:AUSCERTid:ESB-2020.3880

Trust: 0.6

db:NSFOCUSid:49868

Trust: 0.6

db:CNNVDid:CNNVD-202008-1070

Trust: 0.6

db:PACKETSTORMid:160207

Trust: 0.2

db:PACKETSTORMid:159985

Trust: 0.1

db:VULHUBid:VHN-186748

Trust: 0.1

db:VULMONid:CVE-2020-8623

Trust: 0.1

db:PACKETSTORMid:168899

Trust: 0.1

db:PACKETSTORMid:161742

Trust: 0.1

db:PACKETSTORMid:161536

Trust: 0.1

sources: VULHUB: VHN-186748 // VULMON: CVE-2020-8623 // PACKETSTORM: 168899 // PACKETSTORM: 159981 // PACKETSTORM: 160205 // PACKETSTORM: 159004 // PACKETSTORM: 160207 // PACKETSTORM: 161742 // PACKETSTORM: 161536 // CNNVD: CNNVD-202008-1070 // NVD: CVE-2020-8623

REFERENCES

url:https://www.debian.org/security/2020/dsa-4752

Trust: 1.9

url:https://security.gentoo.org/glsa/202008-19

Trust: 1.9

url:https://security.netapp.com/advisory/ntap-20200827-0003/

Trust: 1.8

url:https://www.synology.com/security/advisory/synology_sa_20_19

Trust: 1.8

url:https://kb.isc.org/docs/cve-2020-8623

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2020/08/msg00053.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html

Trust: 1.8

url:https://usn.ubuntu.com/4468-1/

Trust: 1.8

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/dqn62gbmcic5ay4kyadgxnkvy6ajksje/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zkamjzxr66p6s5leu4sn7ussncwtxexp/

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8623

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zkamjzxr66p6s5leu4sn7ussncwtxexp/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/dqn62gbmcic5ay4kyadgxnkvy6ajksje/

Trust: 0.7

url:https://packetstormsecurity.com/files/158940/ubuntu-security-notice-usn-4468-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3186.2/

Trust: 0.6

url:https://packetstormsecurity.com/files/159981/red-hat-security-advisory-2020-4992-01.html

Trust: 0.6

url:http://www.nsfocus.net/vulndb/49868

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0864

Trust: 0.6

url:https://packetstormsecurity.com/files/159004/gentoo-linux-security-advisory-202008-19.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4178/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bind-affects-ibm-integrated-analytics-system-5/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0691

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2954/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2977/

Trust: 0.6

url:https://packetstormsecurity.com/files/160205/red-hat-security-advisory-2020-5203-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3880/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-multiple-bind-vulnerabilities-cve-2020-8622-cve-2020-8623-cve-2020-8624/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3186/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3522/

Trust: 0.6

url:https://vigilance.fr/vulnerability/isc-bind-assertion-error-via-native-pkcs11-code-33129

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3970/

Trust: 0.6

url:https://packetstormsecurity.com/files/159845/red-hat-security-advisory-2020-4500-01.html

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-8622

Trust: 0.5

url:https://bugzilla.redhat.com/):

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-8623

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-8622

Trust: 0.5

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.5

url:https://access.redhat.com/security/team/contact/

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-8624

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-8624

Trust: 0.4

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.3

url:https://access.redhat.com/articles/11258

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-20907

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-15999

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-14422

Trust: 0.3

url:https://access.redhat.com/errata/rhsa-2020:4992

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-15586

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-16845

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20907

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-13050

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9925

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9802

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20218

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9895

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8625

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20388

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-15165

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14382

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8812

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3899

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8819

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3867

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-1971

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8720

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9893

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-19221

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8808

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3902

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-1751

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3900

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9805

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8820

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9807

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8769

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8710

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8813

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9850

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-7595

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8811

Trust: 0.2

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-16168

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9803

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9862

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24659

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9327

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3885

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-17450

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-15503

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-16935

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20916

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-5018

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-19956

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-10018

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8835

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8764

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8844

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3865

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-1730

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3864

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-19906

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20387

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14391

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3862

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3901

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8823

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-1752

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-15903

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3895

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-8492

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-11793

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20454

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-20843

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9894

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8816

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9843

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-13627

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-6405

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8771

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-13050

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3897

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9806

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8814

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-14889

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-20843

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8743

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3121

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9915

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8815

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-13632

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-10029

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8783

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20807

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-13630

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14040

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-8619

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-13631

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8766

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8846

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3868

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3894

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8782

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/617.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/vincent-deng/veracode-container-security-finding-parser

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8619

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://security-tracker.debian.org/tracker/bind9

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:5203

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8621

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8620

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20811

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.5/updating/updating-cluster

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14331

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14363

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8177

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-16845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20811

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:5118

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25637

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25637

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-rel

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15586

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15999

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14363

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:5119

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14422

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14331

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8177

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-16300

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14466

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-10105

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25684

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-15166

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25705

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26160

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-16230

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-6829

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12403

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3156

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14467

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10103

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14469

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11068

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-16229

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14465

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14882

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-16227

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25683

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-18197

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14461

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20206

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14881

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14464

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14463

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16228

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14879

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29652

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14351

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14469

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10105

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14880

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12321

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14461

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14468

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14466

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14882

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16227

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14464

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16452

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16230

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14468

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14467

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14559

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14462

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29661

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14880

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25682

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14881

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16300

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14462

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16229

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12400

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28362

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25685

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-16451

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-10103

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-16228

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0799

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14463

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25686

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25687

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16451

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14879

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14470

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25681

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14470

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9283

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27813

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14465

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11068

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-16452

Trust: 0.1

url:https://access.redhat.com/errata/rhea-2020:5633

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/updating/updating-cluster

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17450

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13225

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20454

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8566

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8743

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25211

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19906

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8710

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:5635

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-5018

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19956

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20807

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14889

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15157

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25658

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20387

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13627

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20916

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17546

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3884

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-3884

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13225

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19221

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15165

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-16935

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8720

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17546

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20388

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-16168

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20218

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8625

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24750

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15903

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-3898

Trust: 0.1

sources: VULHUB: VHN-186748 // VULMON: CVE-2020-8623 // PACKETSTORM: 168899 // PACKETSTORM: 159981 // PACKETSTORM: 160205 // PACKETSTORM: 159004 // PACKETSTORM: 160207 // PACKETSTORM: 161742 // PACKETSTORM: 161536 // CNNVD: CNNVD-202008-1070 // NVD: CVE-2020-8623

CREDITS

Red Hat

Trust: 1.1

sources: PACKETSTORM: 159981 // PACKETSTORM: 160205 // PACKETSTORM: 160207 // PACKETSTORM: 161742 // PACKETSTORM: 161536 // CNNVD: CNNVD-202008-1070

SOURCES

db:VULHUBid:VHN-186748
db:VULMONid:CVE-2020-8623
db:PACKETSTORMid:168899
db:PACKETSTORMid:159981
db:PACKETSTORMid:160205
db:PACKETSTORMid:159004
db:PACKETSTORMid:160207
db:PACKETSTORMid:161742
db:PACKETSTORMid:161536
db:CNNVDid:CNNVD-202008-1070
db:NVDid:CVE-2020-8623

LAST UPDATE DATE

2024-12-21T20:35:55.256000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-186748date:2022-04-28T00:00:00
db:VULMONid:CVE-2020-8623date:2023-11-07T00:00:00
db:CNNVDid:CNNVD-202008-1070date:2022-04-29T00:00:00
db:NVDid:CVE-2020-8623date:2024-11-21T05:39:08.767

SOURCES RELEASE DATE

db:VULHUBid:VHN-186748date:2020-08-21T00:00:00
db:VULMONid:CVE-2020-8623date:2020-08-21T00:00:00
db:PACKETSTORMid:168899date:2020-08-28T19:12:00
db:PACKETSTORMid:159981date:2020-11-10T14:55:46
db:PACKETSTORMid:160205date:2020-11-24T15:29:32
db:PACKETSTORMid:159004date:2020-08-31T14:39:46
db:PACKETSTORMid:160207date:2020-11-24T15:29:50
db:PACKETSTORMid:161742date:2021-03-10T16:02:43
db:PACKETSTORMid:161536date:2021-02-25T15:26:54
db:CNNVDid:CNNVD-202008-1070date:2020-08-21T00:00:00
db:NVDid:CVE-2020-8623date:2020-08-21T21:15:12.327