ID

VAR-202012-1527

CVE

CVE-2020-1971

TITLE

OpenSSL  In  NULL  Pointer reference vulnerability

DESCRIPTION

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). OpenSSL Project Than, OpenSSL Security Advisory [08 December 2020] Has been published. Severity - high (Severity: High)EDIPARTYNAME NULL pointer reference - CVE-2020-1971OpenSSL of GENERAL_NAME_cmp() the function is X.509 This function compares data such as the host name included in the certificate. GENERAL_NAME_cmp() Both arguments to be compared in the function are EDIPartyName If it was of type GENERAL_NAME_cmp() in a function NULL pointer reference (CWE-476) may occur and crash the server or client application calling the function.Crafted X.509 Denial of service by performing certificate verification processing (DoS) You may be attacked. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 6 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 5 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. Bugs fixed (https://bugzilla.redhat.com/): 1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module 1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values 1916813 - CVE-2021-20191 ansible: multiple modules expose secured values 1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option 1939349 - CVE-2021-3447 ansible: multiple modules expose secured values 5. Bug Fix(es): * Aggregator pod tries to parse ConfigMaps without results (BZ#1899479) * The compliancesuite object returns error with ocp4-cis tailored profile (BZ#1902251) * The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object (BZ#1902634) * [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object (BZ#1907414) * The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator (BZ#1908991) * Applying the "rhcos4-moderate" compliance profile leads to Ignition error "something else exists at that path" (BZ#1909081) * [OCP v46] Always update the default profilebundles on Compliance operator startup (BZ#1909122) 3. Bugs fixed (https://bugzilla.redhat.com/): 1899479 - Aggregator pod tries to parse ConfigMaps without results 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1902251 - The compliancesuite object returns error with ocp4-cis tailored profile 1902634 - The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object 1907414 - [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object 1908991 - The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator 1909081 - Applying the "rhcos4-moderate" compliance profile leads to Ignition error "something else exists at that path" 1909122 - [OCP v46] Always update the default profilebundles on Compliance operator startup 5. 7) - aarch64, ppc64le, s390x 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2020:5566-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5566 Issue date: 2020-12-16 CVE Names: CVE-2020-1971 ==================================================================== 1. Summary: An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: openssl-1.0.2k-21.el7_9.src.rpm x86_64: openssl-1.0.2k-21.el7_9.x86_64.rpm openssl-debuginfo-1.0.2k-21.el7_9.i686.rpm openssl-debuginfo-1.0.2k-21.el7_9.x86_64.rpm openssl-libs-1.0.2k-21.el7_9.i686.rpm openssl-libs-1.0.2k-21.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openssl-debuginfo-1.0.2k-21.el7_9.i686.rpm openssl-debuginfo-1.0.2k-21.el7_9.x86_64.rpm openssl-devel-1.0.2k-21.el7_9.i686.rpm openssl-devel-1.0.2k-21.el7_9.x86_64.rpm openssl-perl-1.0.2k-21.el7_9.x86_64.rpm openssl-static-1.0.2k-21.el7_9.i686.rpm openssl-static-1.0.2k-21.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openssl-1.0.2k-21.el7_9.src.rpm x86_64: openssl-1.0.2k-21.el7_9.x86_64.rpm openssl-debuginfo-1.0.2k-21.el7_9.i686.rpm openssl-debuginfo-1.0.2k-21.el7_9.x86_64.rpm openssl-libs-1.0.2k-21.el7_9.i686.rpm openssl-libs-1.0.2k-21.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: openssl-debuginfo-1.0.2k-21.el7_9.i686.rpm openssl-debuginfo-1.0.2k-21.el7_9.x86_64.rpm openssl-devel-1.0.2k-21.el7_9.i686.rpm openssl-devel-1.0.2k-21.el7_9.x86_64.rpm openssl-perl-1.0.2k-21.el7_9.x86_64.rpm openssl-static-1.0.2k-21.el7_9.i686.rpm openssl-static-1.0.2k-21.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openssl-1.0.2k-21.el7_9.src.rpm ppc64: openssl-1.0.2k-21.el7_9.ppc64.rpm openssl-debuginfo-1.0.2k-21.el7_9.ppc.rpm openssl-debuginfo-1.0.2k-21.el7_9.ppc64.rpm openssl-devel-1.0.2k-21.el7_9.ppc.rpm openssl-devel-1.0.2k-21.el7_9.ppc64.rpm openssl-libs-1.0.2k-21.el7_9.ppc.rpm openssl-libs-1.0.2k-21.el7_9.ppc64.rpm ppc64le: openssl-1.0.2k-21.el7_9.ppc64le.rpm openssl-debuginfo-1.0.2k-21.el7_9.ppc64le.rpm openssl-devel-1.0.2k-21.el7_9.ppc64le.rpm openssl-libs-1.0.2k-21.el7_9.ppc64le.rpm s390x: openssl-1.0.2k-21.el7_9.s390x.rpm openssl-debuginfo-1.0.2k-21.el7_9.s390.rpm openssl-debuginfo-1.0.2k-21.el7_9.s390x.rpm openssl-devel-1.0.2k-21.el7_9.s390.rpm openssl-devel-1.0.2k-21.el7_9.s390x.rpm openssl-libs-1.0.2k-21.el7_9.s390.rpm openssl-libs-1.0.2k-21.el7_9.s390x.rpm x86_64: openssl-1.0.2k-21.el7_9.x86_64.rpm openssl-debuginfo-1.0.2k-21.el7_9.i686.rpm openssl-debuginfo-1.0.2k-21.el7_9.x86_64.rpm openssl-devel-1.0.2k-21.el7_9.i686.rpm openssl-devel-1.0.2k-21.el7_9.x86_64.rpm openssl-libs-1.0.2k-21.el7_9.i686.rpm openssl-libs-1.0.2k-21.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: openssl-debuginfo-1.0.2k-21.el7_9.ppc.rpm openssl-debuginfo-1.0.2k-21.el7_9.ppc64.rpm openssl-perl-1.0.2k-21.el7_9.ppc64.rpm openssl-static-1.0.2k-21.el7_9.ppc.rpm openssl-static-1.0.2k-21.el7_9.ppc64.rpm ppc64le: openssl-debuginfo-1.0.2k-21.el7_9.ppc64le.rpm openssl-perl-1.0.2k-21.el7_9.ppc64le.rpm openssl-static-1.0.2k-21.el7_9.ppc64le.rpm s390x: openssl-debuginfo-1.0.2k-21.el7_9.s390.rpm openssl-debuginfo-1.0.2k-21.el7_9.s390x.rpm openssl-perl-1.0.2k-21.el7_9.s390x.rpm openssl-static-1.0.2k-21.el7_9.s390.rpm openssl-static-1.0.2k-21.el7_9.s390x.rpm x86_64: openssl-debuginfo-1.0.2k-21.el7_9.i686.rpm openssl-debuginfo-1.0.2k-21.el7_9.x86_64.rpm openssl-perl-1.0.2k-21.el7_9.x86_64.rpm openssl-static-1.0.2k-21.el7_9.i686.rpm openssl-static-1.0.2k-21.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openssl-1.0.2k-21.el7_9.src.rpm x86_64: openssl-1.0.2k-21.el7_9.x86_64.rpm openssl-debuginfo-1.0.2k-21.el7_9.i686.rpm openssl-debuginfo-1.0.2k-21.el7_9.x86_64.rpm openssl-devel-1.0.2k-21.el7_9.i686.rpm openssl-devel-1.0.2k-21.el7_9.x86_64.rpm openssl-libs-1.0.2k-21.el7_9.i686.rpm openssl-libs-1.0.2k-21.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: openssl-debuginfo-1.0.2k-21.el7_9.i686.rpm openssl-debuginfo-1.0.2k-21.el7_9.x86_64.rpm openssl-perl-1.0.2k-21.el7_9.x86_64.rpm openssl-static-1.0.2k-21.el7_9.i686.rpm openssl-static-1.0.2k-21.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX9nOg9zjgjWX9erEAQhvEA//ZUkN9uw2GQy/4aTFGa1sA8stVE0uVsTh VxJxP7IzR37X19nMi4JMDDBdpOhIm2H0HVHVabD3IlU8Zofp49manAl73UAf5pv0 SQH05pUNNFc524Us37x5RBWSlF6+Q4R3uzaZUV7aw/a2lhrMpNrcXjCuJ4uZWF6v yfFbRjr1uqiXDRJ3gO6TGRpdwYWqPSpUN49/wyzX5oXDHpuaSJG18V2uR6e2MvRM ZGDkTM8wLm2VZ/EFMaDWNd47f2L0Dvscl4+AblRiBSkq+NJtun2GXxrslRhRMJqR qBk2i1i4fbL9YZNve5uNXzo3OOruhndTbVycmxPpKFVEFrYFdd26rQv7lnXA+jwO 8wc3qiIc38nPpSw1pVMyD/pWm/FkcjdGzBZKKKDcpUy/nWsbMcBDMSSXtz8HTZeB yycBocrKCp2XgkmN++pasGoYTS3DtYwFOWAiaAmDzutGO0dn0V8vN6vHSjhIszJd eAY0Jyq4nFKr/u+vaREJfAUYWY8vDuBFJdy3zBTze+3vU3YhzFWNGe2IAV/1Kvuq 9JRSV7h2NezuYTMSVe+8O2pjPJSBKlDnvjP3ElDRSLZEPCFnko+4mMsQG5y3sHZG cvmmbUjzL43huCaKYVaLLYA7TdXKy5bMnMOkJIxoSYmGB+4fdWQMu9grE8E4xmv5 hM3iICgHTq4=aX1d -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHEA-2020:5633 All OpenShift Container Platform users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor. Solution: For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/): 1823765 - nfd-workers crash under an ipv6 environment 1838802 - mysql8 connector from operatorhub does not work with metering operator 1838845 - Metering operator can't connect to postgres DB from Operator Hub 1841883 - namespace-persistentvolumeclaim-usage query returns unexpected values 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1868294 - NFD operator does not allow customisation of nfd-worker.conf 1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration 1890672 - NFD is missing a build flag to build correctly 1890741 - path to the CA trust bundle ConfigMap is broken in report operator 1897346 - NFD worker pods not scheduler on a 3 node master/worker cluster 1898373 - Metering operator failing upgrade from 4.4 to 4.6 channel 1900125 - FIPS error while generating RSA private key for CA 1906129 - OCP 4.7: Node Feature Discovery (NFD) Operator in CrashLoopBackOff when deployed from OperatorHub 1908492 - OCP 4.7: Node Feature Discovery (NFD) Operator Custom Resource Definition file in olm-catalog is not in sync with the one in manifests dir leading to failed deployment from OperatorHub 1913837 - The CI and ART 4.7 metering images are not mirrored 1914869 - OCP 4.7 NFD - Operand configuration options for NodeFeatureDiscovery are empty, no supported image for ppc64le 1916010 - olm skip range is set to the wrong range 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923998 - NFD Operator is failing to update and remains in Replacing state 5. Bug Fix(es): Users are directed to the Red Hat Ceph Storage 4.2 Release Notes for information on the most significant of these changes: https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/4.2/html /release_notes/ All users of the rhceph-4.2 image are advised to pull this updated image from the Red Hat Ecosystem Catalog. Bugs fixed (https://bugzilla.redhat.com/): 1843640 - CVE-2020-13379 grafana: SSRF incorrect access control vulnerability allows unauthenticated users to make grafana send HTTP requests to any URL 1879672 - /var/log/tcmu-runner.log within tcmu-runner container does not get rotated and log grows without limit

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

code problem

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2025-09-17T23:08:00.028000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE