ID

VAR-202012-1527

CVE

CVE-2020-1971

TITLE

OpenSSL  In  NULL  Pointer reference vulnerability

DESCRIPTION

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). OpenSSL Project Than, OpenSSL Security Advisory [08 December 2020] Has been published. Severity - high (Severity: High)EDIPARTYNAME NULL pointer reference - CVE-2020-1971OpenSSL of GENERAL_NAME_cmp() the function is X.509 This function compares data such as the host name included in the certificate. GENERAL_NAME_cmp() Both arguments to be compared in the function are EDIPartyName If it was of type GENERAL_NAME_cmp() in a function NULL pointer reference (CWE-476) may occur and crash the server or client application calling the function.Crafted X.509 Denial of service by performing certificate verification processing (DoS) You may be attacked. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. This issue was reported to OpenSSL on 9th November 2020 by David Benjamin (Google). Initial analysis was performed by David Benjamin with additional analysis by Matt Caswell (OpenSSL). The fix was developed by Matt Caswell. Note ==== OpenSSL 1.0.2 is out of support and no longer receiving public updates. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv/20201208.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html . Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1850004 - CVE-2020-11023 jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution 1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape 5. Description: Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. Bugs fixed (https://bugzilla.redhat.com/): 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 5. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1887648 - CVE-2020-13943 tomcat: Apache Tomcat HTTP/2 Request mix-up 1903409 - CVE-2020-1971 openssl: EDIPARTYNAME NULL pointer de-reference 1904221 - CVE-2020-17527 tomcat: HTTP/2 request header mix-up 1917209 - CVE-2021-24122 tomcat: Information disclosure when using NTFS file system 6. Bug Fix(es): * Container-native Virtualization 2.5.3 Images (BZ#1902961) 3. Bugs fixed (https://bugzilla.redhat.com/): 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1902961 - Container-native Virtualization 2.5.3 Images 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2020:5566-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5566 Issue date: 2020-12-16 CVE Names: CVE-2020-1971 ==================================================================== 1. Summary: An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: openssl-1.0.2k-21.el7_9.src.rpm x86_64: openssl-1.0.2k-21.el7_9.x86_64.rpm openssl-debuginfo-1.0.2k-21.el7_9.i686.rpm openssl-debuginfo-1.0.2k-21.el7_9.x86_64.rpm openssl-libs-1.0.2k-21.el7_9.i686.rpm openssl-libs-1.0.2k-21.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openssl-debuginfo-1.0.2k-21.el7_9.i686.rpm openssl-debuginfo-1.0.2k-21.el7_9.x86_64.rpm openssl-devel-1.0.2k-21.el7_9.i686.rpm openssl-devel-1.0.2k-21.el7_9.x86_64.rpm openssl-perl-1.0.2k-21.el7_9.x86_64.rpm openssl-static-1.0.2k-21.el7_9.i686.rpm openssl-static-1.0.2k-21.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openssl-1.0.2k-21.el7_9.src.rpm x86_64: openssl-1.0.2k-21.el7_9.x86_64.rpm openssl-debuginfo-1.0.2k-21.el7_9.i686.rpm openssl-debuginfo-1.0.2k-21.el7_9.x86_64.rpm openssl-libs-1.0.2k-21.el7_9.i686.rpm openssl-libs-1.0.2k-21.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: openssl-debuginfo-1.0.2k-21.el7_9.i686.rpm openssl-debuginfo-1.0.2k-21.el7_9.x86_64.rpm openssl-devel-1.0.2k-21.el7_9.i686.rpm openssl-devel-1.0.2k-21.el7_9.x86_64.rpm openssl-perl-1.0.2k-21.el7_9.x86_64.rpm openssl-static-1.0.2k-21.el7_9.i686.rpm openssl-static-1.0.2k-21.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openssl-1.0.2k-21.el7_9.src.rpm ppc64: openssl-1.0.2k-21.el7_9.ppc64.rpm openssl-debuginfo-1.0.2k-21.el7_9.ppc.rpm openssl-debuginfo-1.0.2k-21.el7_9.ppc64.rpm openssl-devel-1.0.2k-21.el7_9.ppc.rpm openssl-devel-1.0.2k-21.el7_9.ppc64.rpm openssl-libs-1.0.2k-21.el7_9.ppc.rpm openssl-libs-1.0.2k-21.el7_9.ppc64.rpm ppc64le: openssl-1.0.2k-21.el7_9.ppc64le.rpm openssl-debuginfo-1.0.2k-21.el7_9.ppc64le.rpm openssl-devel-1.0.2k-21.el7_9.ppc64le.rpm openssl-libs-1.0.2k-21.el7_9.ppc64le.rpm s390x: openssl-1.0.2k-21.el7_9.s390x.rpm openssl-debuginfo-1.0.2k-21.el7_9.s390.rpm openssl-debuginfo-1.0.2k-21.el7_9.s390x.rpm openssl-devel-1.0.2k-21.el7_9.s390.rpm openssl-devel-1.0.2k-21.el7_9.s390x.rpm openssl-libs-1.0.2k-21.el7_9.s390.rpm openssl-libs-1.0.2k-21.el7_9.s390x.rpm x86_64: openssl-1.0.2k-21.el7_9.x86_64.rpm openssl-debuginfo-1.0.2k-21.el7_9.i686.rpm openssl-debuginfo-1.0.2k-21.el7_9.x86_64.rpm openssl-devel-1.0.2k-21.el7_9.i686.rpm openssl-devel-1.0.2k-21.el7_9.x86_64.rpm openssl-libs-1.0.2k-21.el7_9.i686.rpm openssl-libs-1.0.2k-21.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: openssl-debuginfo-1.0.2k-21.el7_9.ppc.rpm openssl-debuginfo-1.0.2k-21.el7_9.ppc64.rpm openssl-perl-1.0.2k-21.el7_9.ppc64.rpm openssl-static-1.0.2k-21.el7_9.ppc.rpm openssl-static-1.0.2k-21.el7_9.ppc64.rpm ppc64le: openssl-debuginfo-1.0.2k-21.el7_9.ppc64le.rpm openssl-perl-1.0.2k-21.el7_9.ppc64le.rpm openssl-static-1.0.2k-21.el7_9.ppc64le.rpm s390x: openssl-debuginfo-1.0.2k-21.el7_9.s390.rpm openssl-debuginfo-1.0.2k-21.el7_9.s390x.rpm openssl-perl-1.0.2k-21.el7_9.s390x.rpm openssl-static-1.0.2k-21.el7_9.s390.rpm openssl-static-1.0.2k-21.el7_9.s390x.rpm x86_64: openssl-debuginfo-1.0.2k-21.el7_9.i686.rpm openssl-debuginfo-1.0.2k-21.el7_9.x86_64.rpm openssl-perl-1.0.2k-21.el7_9.x86_64.rpm openssl-static-1.0.2k-21.el7_9.i686.rpm openssl-static-1.0.2k-21.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openssl-1.0.2k-21.el7_9.src.rpm x86_64: openssl-1.0.2k-21.el7_9.x86_64.rpm openssl-debuginfo-1.0.2k-21.el7_9.i686.rpm openssl-debuginfo-1.0.2k-21.el7_9.x86_64.rpm openssl-devel-1.0.2k-21.el7_9.i686.rpm openssl-devel-1.0.2k-21.el7_9.x86_64.rpm openssl-libs-1.0.2k-21.el7_9.i686.rpm openssl-libs-1.0.2k-21.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: openssl-debuginfo-1.0.2k-21.el7_9.i686.rpm openssl-debuginfo-1.0.2k-21.el7_9.x86_64.rpm openssl-perl-1.0.2k-21.el7_9.x86_64.rpm openssl-static-1.0.2k-21.el7_9.i686.rpm openssl-static-1.0.2k-21.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX9nOg9zjgjWX9erEAQhvEA//ZUkN9uw2GQy/4aTFGa1sA8stVE0uVsTh VxJxP7IzR37X19nMi4JMDDBdpOhIm2H0HVHVabD3IlU8Zofp49manAl73UAf5pv0 SQH05pUNNFc524Us37x5RBWSlF6+Q4R3uzaZUV7aw/a2lhrMpNrcXjCuJ4uZWF6v yfFbRjr1uqiXDRJ3gO6TGRpdwYWqPSpUN49/wyzX5oXDHpuaSJG18V2uR6e2MvRM ZGDkTM8wLm2VZ/EFMaDWNd47f2L0Dvscl4+AblRiBSkq+NJtun2GXxrslRhRMJqR qBk2i1i4fbL9YZNve5uNXzo3OOruhndTbVycmxPpKFVEFrYFdd26rQv7lnXA+jwO 8wc3qiIc38nPpSw1pVMyD/pWm/FkcjdGzBZKKKDcpUy/nWsbMcBDMSSXtz8HTZeB yycBocrKCp2XgkmN++pasGoYTS3DtYwFOWAiaAmDzutGO0dn0V8vN6vHSjhIszJd eAY0Jyq4nFKr/u+vaREJfAUYWY8vDuBFJdy3zBTze+3vU3YhzFWNGe2IAV/1Kvuq 9JRSV7h2NezuYTMSVe+8O2pjPJSBKlDnvjP3ElDRSLZEPCFnko+4mMsQG5y3sHZG cvmmbUjzL43huCaKYVaLLYA7TdXKy5bMnMOkJIxoSYmGB+4fdWQMu9grE8E4xmv5 hM3iICgHTq4=aX1d -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-4745-1 February 23, 2021 openssl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: Several security issues were fixed in OpenSSL. (CVE-2020-1971) Tavis Ormandy discovered that OpenSSL incorrectly handled parsing issuer fields. (CVE-2021-23841) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: libssl1.0.0 1.0.1f-1ubuntu2.27+esm2 Ubuntu 12.04 ESM: libssl1.0.0 1.0.1-4ubuntu5.45 After a standard system update you need to reboot your computer to make all the necessary changes. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.6.12. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2021:0038 Space precludes documenting all of the container images in this advisory. You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.6.12-x86_64 The image digest is sha256:5c3618ab914eb66267b7c552a9b51c3018c3a8f8acf08ce1ff7ae4bfdd3a82bd (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.6.12-s390x The image digest is sha256:9e78700d5b1b8618d67d39f12a2c163f08e537eb4cea89cd28d1aa3f4ea356bb (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.6.12-ppc64le The image digest is sha256:290cd8207d81123ba05c2f4f6f29c99c4001e1afbbfdee94c327ceb81ab75924 All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/): 1810470 - [Flake] volume expansion tests occasionally flake with EBS CSI driver 1811341 - Subpath test pod did not start within 5 minutes 1814282 - Storage e2es leaving namespaces/pods around 1836931 - `oc explain localvolume` returns empty description 1842747 - Not READYTOUSE volumesnapshot instance can not be deleted 1843008 - Fix reconcilliation of manifests for 4.6 channel for LSO 1850161 - [4.6] the skipVersion should exactly match regex in art.yaml 1852619 - must-gather creates empty files occasionally 1866843 - upgrade got stuck because of FailedAttachVolume 1867704 - cluster-storage-operator needs to grant pod list/watch permissions to aws operator 1867757 - Rebase node-registrar sidebar with latest version 1871439 - Bump node registrar golang version 1871955 - Allow snapshot operator to run on masters 1872000 - Allow ovirt controller to run on master nodes 1872244 - [aws-ebs-csi-driver] build fails 1872290 - storage operator does not install on ovirt 1872500 - Update resizer sidecar in CSI operators to use timeout parameter than csiTimeout 1873168 - add timeout parameter to resizer for aws 1877084 - tune resizer to have higher timeout than 2mins 1879221 - [Assisted-4.6][Staging] assisted-service API does not prevent a request with another user's credentials from setting cluster installation progress 1881625 - replace goautoreneg library in LSO 1886640 - CVE-2020-8566 kubernetes: Ceph RBD adminSecrets exposed in logs when loglevel >= 4 1888909 - Placeholder bug for OCP 4.6.0 rpm release 1889416 - Installer complains about not enough vcpu for the baremetal flavor where generic bm flavor is being used 1889936 - Backport timecache LRU fix 1894244 - [Backport 4.6] IO archive contains more records of than is the limit 1894678 - Installer panics on invalid flavor 1894878 - Helm chart fails to install using developer console because of TLS certificate error 1895325 - [OSP] External mode cluster creation disabled for Openstack and oVirt platform 1895426 - unable to edit an application with a custom builder image 1895434 - unable to edit custom template application 1897337 - Mounts failing with error "Failed to start transient scope unit: Argument list too long" 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1898178 - [OVN] EgressIP does not guard against node IP assignment 1899266 - [4.6z] Baremetal IPI with IPv6 control plane: nodes respond with duplicate packets to ICMP6 echo requests 1899622 - [4.6z] configure-ovs.sh doesn't configure bonding options 1900736 - [SR-IOV] Backport request to SR-IOV operator version 4.6 - SriovNetworkNodePolicies apply ignoring the spec.nodeSelector. 1900792 - Track all resource counts via telemetry 1901736 - additionalSecurityGroupIDs not working for master nodes 1903353 - Etcd container leaves grep and lsof zombie processes 1905947 - [Internal Mode] Object gateway (RGW) in unknown state after OCP upgrade. 1906428 - [release-4.6]: When using webhooks in OCP 4.5 fails to rollout latest deploymentconfig 1906723 - File /etc/NetworkManager/system-connections/default_connection.nmconnection is incompatible with SR-IOV operator 1906836 - [sig-arch][Early] Managed cluster should start all core operators: monitoring: container has runAsNonRoot and image has non-numeric user (nobody) 1907203 - clusterresourceoverride-operator has version: 1.0.0 every build 1908472 - High Podready Latency due to timed out waiting for annotations 1908749 - [GSS] Unable to deploy OCS 4.5.2 on OCP 4.6.1, cannot `Create OCS Cluster Service` 1908803 - [OVN] Network Policy fails to work when project label gets overwritten 1908847 - [4.6.z] RHCOS 4.6 - Missing Initiatorname 1909062 - ARO/Azure: excessive pod memory allocation causes node lockup 1909248 - Intermittent packet drop from pod to pod 1909682 - When scaling down the status of the node is stuck on deleting 1909990 - oVirt provider uses depricated cluster-api project 1910066 - OpenShift YAML editor jumps to top every few seconds 1910104 - [oVirt] Node is not removed when VM has been removed from oVirt engine 1911790 - [Assisted-4.6] [Staging] reduce disk speed requirement for test/dev environments 1913103 - Placeholder bug for OCP 4.6.0 rpm release 1913105 - Placeholder bug for OCP 4.6.0 metadata release 1913263 - [4.6] Unable to schedule a pod due to Insufficient ephemeral-storage 1913329 - [Assisted-4.6] [Staging] Installation fails to start 1914988 - [4.6.z] real-time kernel in RHCOS is not synchronized 1915007 - Fixed by revert -- Upgrade to OCP 4.6.9 results in cluster-wide DNS and connectivity issues due to bad NetworkPolicy flows 5

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

code problem

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2026-02-07T21:38:45.917000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE