ID

VAR-202012-1527

CVE

CVE-2020-1971

TITLE

OpenSSL  In  NULL  Pointer reference vulnerability

DESCRIPTION

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). OpenSSL Project Than, OpenSSL Security Advisory [08 December 2020] Has been published. Severity - high (Severity: High)EDIPARTYNAME NULL pointer reference - CVE-2020-1971OpenSSL of GENERAL_NAME_cmp() the function is X.509 This function compares data such as the host name included in the certificate. GENERAL_NAME_cmp() Both arguments to be compared in the function are EDIPartyName If it was of type GENERAL_NAME_cmp() in a function NULL pointer reference (CWE-476) may occur and crash the server or client application calling the function.Crafted X.509 Denial of service by performing certificate verification processing (DoS) You may be attacked. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. A denial of service security issue exists in OpenSSL prior to 1.1.1i. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the extra low-latency container images for Red Hat OpenShift Container Platform 4.7. Bug Fix(es): * Configuring the system with non-RT kernel will hang the system (BZ#1923220) 3. Solution: For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 5. JIRA issues fixed (https://issues.jboss.org/): CNF-802 - Infrastructure-provided enablement/disablement of interrupt processing for guaranteed pod CPUs CNF-854 - Performance tests in CNF Tests 6. Bugs fixed (https://bugzilla.redhat.com/): 1732329 - Virtual Machine is missing documentation of its properties in yaml editor 1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv 1791753 - [RFE] [SSP] Template validator should check validations in template's parent template 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1848954 - KMP missing CA extensions in cabundle of mutatingwebhookconfiguration 1848956 - KMP requires downtime for CA stabilization during certificate rotation 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1853911 - VM with dot in network name fails to start with unclear message 1854098 - NodeNetworkState on workers doesn't have "status" key due to nmstate-handler pod failure to run "nmstatectl show" 1856347 - SR-IOV : Missing network name for sriov during vm setup 1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS 1859235 - Common Templates - after upgrade there are 2 common templates per each os-workload-flavor combination 1860714 - No API information from `oc explain` 1860992 - CNV upgrade - users are not removed from privileged SecurityContextConstraints 1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem 1866593 - CDI is not handling vm disk clone 1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs 1868817 - Container-native Virtualization 2.6.0 Images 1873771 - Improve the VMCreationFailed error message caused by VM low memory 1874812 - SR-IOV: Guest Agent expose link-local ipv6 address for sometime and then remove it 1878499 - DV import doesn't recover from scratch space PVC deletion 1879108 - Inconsistent naming of "oc virt" command in help text 1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running 1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT 1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability 1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message 1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used 1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, *before* the NodeNetworkConfigurationPolicy is applied 1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request. 1891285 - Common templates and kubevirt-config cm - update machine-type 1891440 - [v2v][VMware to CNV VM import API]Source VM with no network interface fail with unclear error 1892227 - [SSP] cluster scoped resources are not being reconciled 1893278 - openshift-virtualization-os-images namespace not seen by user 1893646 - [HCO] Pod placement configuration - dry run is not performed for all the configuration stanza 1894428 - Message for VMI not migratable is not clear enough 1894824 - [v2v][VM import] Pick the smallest template for the imported VM, and not always Medium 1894897 - [v2v][VMIO] VMimport CR is not reported as failed when target VM is deleted during the import 1895414 - Virt-operator is accepting updates to the placement of its workload components even with running VMs 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1898072 - Add Fedora33 to Fedora common templates 1898840 - [v2v] VM import VMWare to CNV Import 63 chars vm name should not fail 1899558 - CNV 2.6 - nmstate fails to set state 1901480 - VM disk io can't worked if namespace have label kubemacpool 1902046 - Not possible to edit CDIConfig (through CDI CR / CDIConfig) 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1903014 - hco-webhook pod in CreateContainerError 1903585 - [v2v] Windows 2012 VM imported from RHV goes into Windows repair mode 1904797 - [VMIO][vmware] A migrated RHEL/Windows VM starts in emergency mode/safe mode when target storage is NFS and target namespace is NOT "default" 1906199 - [CNV-2.5] CNV Tries to Install on Windows Workers 1907151 - kubevirt version is not reported correctly via virtctl 1907352 - VM/VMI link changes to `kubevirt.io~v1~VirtualMachineInstance` on CNV 2.6 1907691 - [CNV] Configuring NodeNetworkConfigurationPolicy caused "Internal error occurred" for creating datavolume 1907988 - VM loses dynamic IP address of its default interface after migration 1908363 - Applying NodeNetworkConfigurationPolicy for different NIC than default disables br-ex bridge and nodes lose connectivity 1908421 - [v2v] [VM import RHV to CNV] Windows imported VM boot failed: INACCESSIBLE BOOT DEVICE error 1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference 1909458 - [V2V][VMware to CNV VM import via api using VMIO] VM import to Ceph RBD/BLOCK fails on "qemu-img: /data/disk.img" error 1910857 - Provide a mechanism to enable the HotplugVolumes feature gate via HCO 1911118 - Windows VMI LiveMigration / shutdown fails on 'XML error: non unique alias detected: ua-') 1911396 - Set networkInterfaceMultiqueue false in rhel 6 template for e1000e interface 1911662 - el6 guests don't work properly if virtio bus is specified on various devices 1912908 - Allow using "scsi" bus for disks in template validation 1913248 - Creating vlan interface on top of a bond device via NodeNetworkConfigurationPolicy fails 1913320 - Informative message needed with virtctl image-upload, that additional step is needed from the user 1913717 - Users should have read permitions for golden images data volumes 1913756 - Migrating to Ceph-RBD + Block fails when skipping zeroes 1914177 - CNV does not preallocate blank file data volumes 1914608 - Obsolete CPU models (kubevirt-cpu-plugin-configmap) are set on worker nodes 1914947 - HPP golden images - DV shoudld not be created with WaitForFirstConsumer 1917908 - [VMIO] vmimport pod fail to create when using ceph-rbd/block 1917963 - [CNV 2.6] Unable to install CNV disconnected - requires kvm-info-nfd-plugin which is not mirrored 1919391 - CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration 1920576 - HCO can report ready=true when it failed to create a CR for a component operator 1920610 - e2e-aws-4.7-cnv consistently failing on Hyperconverged Cluster Operator 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923979 - kubernetes-nmstate: nmstate-handler pod crashes when configuring bridge device using ip tool 1927373 - NoExecute taint violates pdb; VMIs are not live migrated 1931376 - VMs disconnected from nmstate-defined bridge after CNV-2.5.4->CNV-2.6.0 upgrade 5. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Bugs fixed (https://bugzilla.redhat.com/): 1887648 - CVE-2020-13943 tomcat: Apache Tomcat HTTP/2 Request mix-up 1903409 - CVE-2020-1971 openssl: EDIPARTYNAME NULL pointer de-reference 1904221 - CVE-2020-17527 tomcat: HTTP/2 request header mix-up 1917209 - CVE-2021-24122 tomcat: Information disclosure when using NTFS file system 6. ========================================================================== Ubuntu Security Notice USN-4662-1 December 08, 2020 openssl, openssl1.0 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: OpenSSL could be made to crash if it processed specially crafted input. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: libssl1.1 1.1.1f-1ubuntu4.1 Ubuntu 20.04 LTS: libssl1.1 1.1.1f-1ubuntu2.1 Ubuntu 18.04 LTS: libssl1.0.0 1.0.2n-1ubuntu5.5 libssl1.1 1.1.1-1ubuntu2.1~18.04.7 Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.18 After a standard system update you need to reboot your computer to make all the necessary changes. Description: Red Hat OpenShift Do (odo) is a simple CLI tool for developers to create, build, and deploy applications on OpenShift. The odo tool is completely client-based and requires no server within the OpenShift cluster for deployment. It detects changes to local code and deploys it to the cluster automatically, giving instant feedback to validate changes in real-time. It supports multiple programming languages and frameworks. The advisory addresses the following issues: * Re-release of odo-init-image 1.1.3 for security updates 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2020:5642-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5642 Issue date: 2020-12-21 CVE Names: CVE-2020-1971 ===================================================================== 1. Summary: An update for openssl is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.6): Source: openssl-1.0.2k-17.el7_6.src.rpm x86_64: openssl-1.0.2k-17.el7_6.x86_64.rpm openssl-debuginfo-1.0.2k-17.el7_6.i686.rpm openssl-debuginfo-1.0.2k-17.el7_6.x86_64.rpm openssl-libs-1.0.2k-17.el7_6.i686.rpm openssl-libs-1.0.2k-17.el7_6.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6): x86_64: openssl-debuginfo-1.0.2k-17.el7_6.i686.rpm openssl-debuginfo-1.0.2k-17.el7_6.x86_64.rpm openssl-devel-1.0.2k-17.el7_6.i686.rpm openssl-devel-1.0.2k-17.el7_6.x86_64.rpm openssl-perl-1.0.2k-17.el7_6.x86_64.rpm openssl-static-1.0.2k-17.el7_6.i686.rpm openssl-static-1.0.2k-17.el7_6.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.6): Source: openssl-1.0.2k-17.el7_6.src.rpm ppc64: openssl-1.0.2k-17.el7_6.ppc64.rpm openssl-debuginfo-1.0.2k-17.el7_6.ppc.rpm openssl-debuginfo-1.0.2k-17.el7_6.ppc64.rpm openssl-devel-1.0.2k-17.el7_6.ppc.rpm openssl-devel-1.0.2k-17.el7_6.ppc64.rpm openssl-libs-1.0.2k-17.el7_6.ppc.rpm openssl-libs-1.0.2k-17.el7_6.ppc64.rpm ppc64le: openssl-1.0.2k-17.el7_6.ppc64le.rpm openssl-debuginfo-1.0.2k-17.el7_6.ppc64le.rpm openssl-devel-1.0.2k-17.el7_6.ppc64le.rpm openssl-libs-1.0.2k-17.el7_6.ppc64le.rpm s390x: openssl-1.0.2k-17.el7_6.s390x.rpm openssl-debuginfo-1.0.2k-17.el7_6.s390.rpm openssl-debuginfo-1.0.2k-17.el7_6.s390x.rpm openssl-devel-1.0.2k-17.el7_6.s390.rpm openssl-devel-1.0.2k-17.el7_6.s390x.rpm openssl-libs-1.0.2k-17.el7_6.s390.rpm openssl-libs-1.0.2k-17.el7_6.s390x.rpm x86_64: openssl-1.0.2k-17.el7_6.x86_64.rpm openssl-debuginfo-1.0.2k-17.el7_6.i686.rpm openssl-debuginfo-1.0.2k-17.el7_6.x86_64.rpm openssl-devel-1.0.2k-17.el7_6.i686.rpm openssl-devel-1.0.2k-17.el7_6.x86_64.rpm openssl-libs-1.0.2k-17.el7_6.i686.rpm openssl-libs-1.0.2k-17.el7_6.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: openssl-1.0.2k-17.el7_6.src.rpm aarch64: openssl-1.0.2k-17.el7_6.aarch64.rpm openssl-debuginfo-1.0.2k-17.el7_6.aarch64.rpm openssl-devel-1.0.2k-17.el7_6.aarch64.rpm openssl-libs-1.0.2k-17.el7_6.aarch64.rpm ppc64le: openssl-1.0.2k-17.el7_6.ppc64le.rpm openssl-debuginfo-1.0.2k-17.el7_6.ppc64le.rpm openssl-devel-1.0.2k-17.el7_6.ppc64le.rpm openssl-libs-1.0.2k-17.el7_6.ppc64le.rpm s390x: openssl-1.0.2k-17.el7_6.s390x.rpm openssl-debuginfo-1.0.2k-17.el7_6.s390.rpm openssl-debuginfo-1.0.2k-17.el7_6.s390x.rpm openssl-devel-1.0.2k-17.el7_6.s390.rpm openssl-devel-1.0.2k-17.el7_6.s390x.rpm openssl-libs-1.0.2k-17.el7_6.s390.rpm openssl-libs-1.0.2k-17.el7_6.s390x.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.6): ppc64: openssl-debuginfo-1.0.2k-17.el7_6.ppc.rpm openssl-debuginfo-1.0.2k-17.el7_6.ppc64.rpm openssl-perl-1.0.2k-17.el7_6.ppc64.rpm openssl-static-1.0.2k-17.el7_6.ppc.rpm openssl-static-1.0.2k-17.el7_6.ppc64.rpm ppc64le: openssl-debuginfo-1.0.2k-17.el7_6.ppc64le.rpm openssl-perl-1.0.2k-17.el7_6.ppc64le.rpm openssl-static-1.0.2k-17.el7_6.ppc64le.rpm s390x: openssl-debuginfo-1.0.2k-17.el7_6.s390.rpm openssl-debuginfo-1.0.2k-17.el7_6.s390x.rpm openssl-perl-1.0.2k-17.el7_6.s390x.rpm openssl-static-1.0.2k-17.el7_6.s390.rpm openssl-static-1.0.2k-17.el7_6.s390x.rpm x86_64: openssl-debuginfo-1.0.2k-17.el7_6.i686.rpm openssl-debuginfo-1.0.2k-17.el7_6.x86_64.rpm openssl-perl-1.0.2k-17.el7_6.x86_64.rpm openssl-static-1.0.2k-17.el7_6.i686.rpm openssl-static-1.0.2k-17.el7_6.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: openssl-debuginfo-1.0.2k-17.el7_6.aarch64.rpm openssl-perl-1.0.2k-17.el7_6.aarch64.rpm openssl-static-1.0.2k-17.el7_6.aarch64.rpm ppc64le: openssl-debuginfo-1.0.2k-17.el7_6.ppc64le.rpm openssl-perl-1.0.2k-17.el7_6.ppc64le.rpm openssl-static-1.0.2k-17.el7_6.ppc64le.rpm s390x: openssl-debuginfo-1.0.2k-17.el7_6.s390.rpm openssl-debuginfo-1.0.2k-17.el7_6.s390x.rpm openssl-perl-1.0.2k-17.el7_6.s390x.rpm openssl-static-1.0.2k-17.el7_6.s390.rpm openssl-static-1.0.2k-17.el7_6.s390x.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX+CWhtzjgjWX9erEAQg3xg/+MFMFNUlwd9HrQXzd30VMsv7clRwYxy5N XA+blkWbuZhA5/ibpe5DP4qGjBcVHPHs1jbQ8sKIcMYj/G7B97PMFscpqkAlRE6R LGvA62ZONi1LBOkzsIM4rlhGpsKQIRbmt337M5aTcgg8GH2HM1r7iiwa/ogO6CAU pGqzpEsWvkAS1QqlhHe5tyjRjSv5zpWmwBHo7Ca+5bscjO9ajuYtOOSaQF/pIBTf wV/jJNoJ/PNOdZwivCXt2J14k6itsK2Kq2TOv0rkUNh9XsOO+UXxSnuuiwDsdX6w 4NAS2qGmBmsr5L9WvANR0l8jqxoDY0SurxYrTy5a+Ybn80eplI1zn83bZBX66Knk Wwk/fy9v5IRLwuol3w8FWAF52b2wuunRpcMS1rw1GN+DI/RvtHhvPlCDUcgdld2a l9uTSUGI8KrBO4v8/NZsPptdqrVJhFda9D+xru+3gSfFqcIxd7Iw7ZeKDia9h804 FQo00CNtzmJlnmYtKFHTpPKv4rct37Pn16OhBysdmnp+b3C9dYhWyRZeJzVFtDGv 6eHbSleGy9am1Z2FE4kI3uFWMl3XSN30BgYL3WkosHu+AM5v72s+4TsE5oDctNjB BarZF8Ahp5weSV4ocB0KvcVDdfw/PtiqACH2peFdtL2pypA8BFb2agdRjPouJoyj WNjly0MC3R8= =Ey6y -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: This release adds the new Apache HTTP Server 2.4.37 Service Pack 6 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 5 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

overflow

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2026-04-02T21:47:56.036000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE