var-202008-1238
Vulnerability from variot
In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit. runc is a CLI (command line interface) tool for building and running containers according to the OCI specification. BIND 9.0.0 to 9.11.21, 9.12.0 to 9.16.5, 9.17.0 to 9.17.3, 9.9.3-S1 to 9.11.21-S1 have security vulnerabilities, attackers can construct a special request to cause an assertion failure Causes the target service to end abnormally.
For the stable distribution (buster), these problems have been fixed in version 1:9.11.5.P4+dfsg-5.1+deb10u2.
We recommend that you upgrade your bind9 packages.
For the detailed security status of bind9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/bind9
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl9H9LBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Riow//eYx52gDQkiERYSEFJbSK34AzF5Ee3W8JYh1BG4PFagvR/y3hwddyFEkR pHlq/t78TPWi9oQ3j8uuQL0VLMA+8jyaNXA0h6BMs/3VKzGktFyINdKPBPIghT2w 2tugfgjK1MR0LZ27rcE86I1QoyFy+jHMmd03R0B0AQPWYkjp+2sp5nxskFVM9jXO 8emXIzT3IZns8WSS7xCZOqE6D40Vk/3hP5IXDXIbHHFUgl6jCEpPHJBHCgrtw9HZ Or/EQgy4y+QUZNqsPw93kxc7cwVWhauW/PX9VZ1HWnfMIWEZX9K8fmYPHlj4dJUa 1G45uTtYT7VaLvs+N7j1UulII+f1ZT9rrljasVKfbmALt+mp28/LzzcCCBMYohkK Ka30MmBu5yZnn36LNWGwaOO5D+cCHsc58awKu3C5wUG/QMBjT+dYlhkbUbllpZVj vMMXjnrefdkCLy7LEDAul1NLgxWcSWzcQ0SyNEfu9IajtA94unFMwNzFmQb7ykql WMkHTg+7mSdPCxOI+0g9+w+pKZFdBGZxXu76cV8FB1BmRitsM8XYrtBGO9uWvkI9 hIm7pHhyJB0E008qo+cKutpnvruLZLBUCutUuNHZAirq+zaHjoVDSxiqPWEJ9jdR Sx85bc7+6f1daR04r5ay/mCuWPTQYrM1VyBsFnAvGxWoznHnmbk= =kUyE -----END PGP SIGNATURE----- . 7) - aarch64, ppc64le, s390x
-
7.7) - ppc64, ppc64le, s390x, x86_64
-
========================================================================== Ubuntu Security Notice USN-4468-1 August 21, 2020
bind9 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Bind.
Software Description: - bind9: Internet Domain Name Server
Details:
Emanuel Almeida discovered that Bind incorrectly handled certain TCP payloads. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-8620)
Joseph Gullo discovered that Bind incorrectly handled QNAME minimization when used in certain configurations. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-8621)
Dave Feldman, Jeff Warren, and Joel Cunningham discovered that Bind incorrectly handled certain truncated responses to a TSIG-signed request. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2020-8622)
Lyu Chiy discovered that Bind incorrectly handled certain queries. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2020-8623)
Joop Boonen discovered that Bind incorrectly handled certain subdomain update-policy rules. A remote attacker granted privileges to change certain parts of a zone could use this issue to change other contents of the zone, contrary to expectations. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-8624)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: bind9 1:9.16.1-0ubuntu2.3
Ubuntu 18.04 LTS: bind9 1:9.11.3+dfsg-1ubuntu1.13
Ubuntu 16.04 LTS: bind9 1:9.10.3.dfsg.P4-8ubuntu1.17
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: bind security and bug fix update Advisory ID: RHSA-2020:5011-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5011 Issue date: 2020-11-10 CVE Names: CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 ==================================================================== 1. Summary:
An update for bind is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.
Security Fix(es):
-
bind: truncated TSIG response can lead to an assertion failure (CVE-2020-8622)
-
bind: remotely triggerable assertion failure in pk11.c (CVE-2020-8623)
-
bind: incorrect enforcement of update-policy rules of type "subdomain" (CVE-2020-8624)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
BIND stops DNSKEY lookup in get_dst_key() when a key with unsupported algorithm is found first [RHEL7] (BZ#1884530)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, the BIND daemon (named) will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1869473 - CVE-2020-8622 bind: truncated TSIG response can lead to an assertion failure 1869477 - CVE-2020-8623 bind: remotely triggerable assertion failure in pk11.c 1869480 - CVE-2020-8624 bind: incorrect enforcement of update-policy rules of type "subdomain" 1884530 - BIND stops DNSKEY lookup in get_dst_key() when a key with unsupported algorithm is found first [RHEL7]
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: bind-9.11.4-26.P2.el7_9.2.src.rpm
noarch: bind-license-9.11.4-26.P2.el7_9.2.noarch.rpm
x86_64: bind-debuginfo-9.11.4-26.P2.el7_9.2.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-export-libs-9.11.4-26.P2.el7_9.2.i686.rpm bind-export-libs-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-libs-9.11.4-26.P2.el7_9.2.i686.rpm bind-libs-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-libs-lite-9.11.4-26.P2.el7_9.2.i686.rpm bind-libs-lite-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-utils-9.11.4-26.P2.el7_9.2.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: bind-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-chroot-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-debuginfo-9.11.4-26.P2.el7_9.2.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-devel-9.11.4-26.P2.el7_9.2.i686.rpm bind-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-export-devel-9.11.4-26.P2.el7_9.2.i686.rpm bind-export-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-lite-devel-9.11.4-26.P2.el7_9.2.i686.rpm bind-lite-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-pkcs11-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.2.i686.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.2.i686.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-pkcs11-utils-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-sdb-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-sdb-chroot-9.11.4-26.P2.el7_9.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: bind-9.11.4-26.P2.el7_9.2.src.rpm
noarch: bind-license-9.11.4-26.P2.el7_9.2.noarch.rpm
x86_64: bind-debuginfo-9.11.4-26.P2.el7_9.2.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-export-libs-9.11.4-26.P2.el7_9.2.i686.rpm bind-export-libs-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-libs-9.11.4-26.P2.el7_9.2.i686.rpm bind-libs-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-libs-lite-9.11.4-26.P2.el7_9.2.i686.rpm bind-libs-lite-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-utils-9.11.4-26.P2.el7_9.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: bind-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-chroot-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-debuginfo-9.11.4-26.P2.el7_9.2.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-devel-9.11.4-26.P2.el7_9.2.i686.rpm bind-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-export-devel-9.11.4-26.P2.el7_9.2.i686.rpm bind-export-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-lite-devel-9.11.4-26.P2.el7_9.2.i686.rpm bind-lite-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-pkcs11-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.2.i686.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.2.i686.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-pkcs11-utils-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-sdb-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-sdb-chroot-9.11.4-26.P2.el7_9.2.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: bind-9.11.4-26.P2.el7_9.2.src.rpm
noarch: bind-license-9.11.4-26.P2.el7_9.2.noarch.rpm
ppc64: bind-9.11.4-26.P2.el7_9.2.ppc64.rpm bind-chroot-9.11.4-26.P2.el7_9.2.ppc64.rpm bind-debuginfo-9.11.4-26.P2.el7_9.2.ppc.rpm bind-debuginfo-9.11.4-26.P2.el7_9.2.ppc64.rpm bind-export-libs-9.11.4-26.P2.el7_9.2.ppc.rpm bind-export-libs-9.11.4-26.P2.el7_9.2.ppc64.rpm bind-libs-9.11.4-26.P2.el7_9.2.ppc.rpm bind-libs-9.11.4-26.P2.el7_9.2.ppc64.rpm bind-libs-lite-9.11.4-26.P2.el7_9.2.ppc.rpm bind-libs-lite-9.11.4-26.P2.el7_9.2.ppc64.rpm bind-pkcs11-9.11.4-26.P2.el7_9.2.ppc64.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.2.ppc.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.2.ppc64.rpm bind-pkcs11-utils-9.11.4-26.P2.el7_9.2.ppc64.rpm bind-utils-9.11.4-26.P2.el7_9.2.ppc64.rpm
ppc64le: bind-9.11.4-26.P2.el7_9.2.ppc64le.rpm bind-chroot-9.11.4-26.P2.el7_9.2.ppc64le.rpm bind-debuginfo-9.11.4-26.P2.el7_9.2.ppc64le.rpm bind-export-libs-9.11.4-26.P2.el7_9.2.ppc64le.rpm bind-libs-9.11.4-26.P2.el7_9.2.ppc64le.rpm bind-libs-lite-9.11.4-26.P2.el7_9.2.ppc64le.rpm bind-pkcs11-9.11.4-26.P2.el7_9.2.ppc64le.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.2.ppc64le.rpm bind-pkcs11-utils-9.11.4-26.P2.el7_9.2.ppc64le.rpm bind-utils-9.11.4-26.P2.el7_9.2.ppc64le.rpm
s390x: bind-9.11.4-26.P2.el7_9.2.s390x.rpm bind-chroot-9.11.4-26.P2.el7_9.2.s390x.rpm bind-debuginfo-9.11.4-26.P2.el7_9.2.s390.rpm bind-debuginfo-9.11.4-26.P2.el7_9.2.s390x.rpm bind-export-libs-9.11.4-26.P2.el7_9.2.s390.rpm bind-export-libs-9.11.4-26.P2.el7_9.2.s390x.rpm bind-libs-9.11.4-26.P2.el7_9.2.s390.rpm bind-libs-9.11.4-26.P2.el7_9.2.s390x.rpm bind-libs-lite-9.11.4-26.P2.el7_9.2.s390.rpm bind-libs-lite-9.11.4-26.P2.el7_9.2.s390x.rpm bind-pkcs11-9.11.4-26.P2.el7_9.2.s390x.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.2.s390.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.2.s390x.rpm bind-pkcs11-utils-9.11.4-26.P2.el7_9.2.s390x.rpm bind-utils-9.11.4-26.P2.el7_9.2.s390x.rpm
x86_64: bind-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-chroot-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-debuginfo-9.11.4-26.P2.el7_9.2.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-export-libs-9.11.4-26.P2.el7_9.2.i686.rpm bind-export-libs-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-libs-9.11.4-26.P2.el7_9.2.i686.rpm bind-libs-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-libs-lite-9.11.4-26.P2.el7_9.2.i686.rpm bind-libs-lite-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-pkcs11-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.2.i686.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-pkcs11-utils-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-utils-9.11.4-26.P2.el7_9.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: bind-debuginfo-9.11.4-26.P2.el7_9.2.ppc.rpm bind-debuginfo-9.11.4-26.P2.el7_9.2.ppc64.rpm bind-devel-9.11.4-26.P2.el7_9.2.ppc.rpm bind-devel-9.11.4-26.P2.el7_9.2.ppc64.rpm bind-export-devel-9.11.4-26.P2.el7_9.2.ppc.rpm bind-export-devel-9.11.4-26.P2.el7_9.2.ppc64.rpm bind-lite-devel-9.11.4-26.P2.el7_9.2.ppc.rpm bind-lite-devel-9.11.4-26.P2.el7_9.2.ppc64.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.2.ppc.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.2.ppc64.rpm bind-sdb-9.11.4-26.P2.el7_9.2.ppc64.rpm bind-sdb-chroot-9.11.4-26.P2.el7_9.2.ppc64.rpm
ppc64le: bind-debuginfo-9.11.4-26.P2.el7_9.2.ppc64le.rpm bind-devel-9.11.4-26.P2.el7_9.2.ppc64le.rpm bind-export-devel-9.11.4-26.P2.el7_9.2.ppc64le.rpm bind-lite-devel-9.11.4-26.P2.el7_9.2.ppc64le.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.2.ppc64le.rpm bind-sdb-9.11.4-26.P2.el7_9.2.ppc64le.rpm bind-sdb-chroot-9.11.4-26.P2.el7_9.2.ppc64le.rpm
s390x: bind-debuginfo-9.11.4-26.P2.el7_9.2.s390.rpm bind-debuginfo-9.11.4-26.P2.el7_9.2.s390x.rpm bind-devel-9.11.4-26.P2.el7_9.2.s390.rpm bind-devel-9.11.4-26.P2.el7_9.2.s390x.rpm bind-export-devel-9.11.4-26.P2.el7_9.2.s390.rpm bind-export-devel-9.11.4-26.P2.el7_9.2.s390x.rpm bind-lite-devel-9.11.4-26.P2.el7_9.2.s390.rpm bind-lite-devel-9.11.4-26.P2.el7_9.2.s390x.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.2.s390.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.2.s390x.rpm bind-sdb-9.11.4-26.P2.el7_9.2.s390x.rpm bind-sdb-chroot-9.11.4-26.P2.el7_9.2.s390x.rpm
x86_64: bind-debuginfo-9.11.4-26.P2.el7_9.2.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-devel-9.11.4-26.P2.el7_9.2.i686.rpm bind-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-export-devel-9.11.4-26.P2.el7_9.2.i686.rpm bind-export-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-lite-devel-9.11.4-26.P2.el7_9.2.i686.rpm bind-lite-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.2.i686.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-sdb-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-sdb-chroot-9.11.4-26.P2.el7_9.2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: bind-9.11.4-26.P2.el7_9.2.src.rpm
noarch: bind-license-9.11.4-26.P2.el7_9.2.noarch.rpm
x86_64: bind-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-chroot-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-debuginfo-9.11.4-26.P2.el7_9.2.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-export-libs-9.11.4-26.P2.el7_9.2.i686.rpm bind-export-libs-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-libs-9.11.4-26.P2.el7_9.2.i686.rpm bind-libs-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-libs-lite-9.11.4-26.P2.el7_9.2.i686.rpm bind-libs-lite-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-pkcs11-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.2.i686.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-pkcs11-utils-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-utils-9.11.4-26.P2.el7_9.2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: bind-debuginfo-9.11.4-26.P2.el7_9.2.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-devel-9.11.4-26.P2.el7_9.2.i686.rpm bind-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-export-devel-9.11.4-26.P2.el7_9.2.i686.rpm bind-export-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-lite-devel-9.11.4-26.P2.el7_9.2.i686.rpm bind-lite-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.2.i686.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-sdb-9.11.4-26.P2.el7_9.2.x86_64.rpm bind-sdb-chroot-9.11.4-26.P2.el7_9.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-8622 https://access.redhat.com/security/cve/CVE-2020-8623 https://access.redhat.com/security/cve/CVE-2020-8624 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX6qUINzjgjWX9erEAQgqaQ//fDh400CVsaclHRk7T4sY7CY6Cl+5yje4 4tAnP73cfPskYaWNy3k215ylN+Ciwe0W1v36zL5NURJs+/0MpKZ2ISJQTJxpnRbG WpabNVjZEX9NOMTqUjQHWK8qZtpvFBy1yaHp7167ZgIs2CDxhzRwGkIW0lJdjJOo W6WcyZBuGx62C3L8vqr55OaYTJkjHfsWQBcNmwcNIclfGKLzgWlOj8NFQ1jjJlpf YF1xm9ax2ia7YeOqY95m3qMhe8iFolV4hnuyCg78BPjcXB++Xi68Mi8HtNxCdyTX veZBvBpk7uzphOILirIUX6Wr7xFnq3wM9zvCQqzVJtxh02/022ljSIp1IzM5xD9y I9nwTwJ7ajSFRQx7//sjDlP06jzbODt9NYrUrmL43GO/A6hAiFzZNhvIKZachc2t EX/+gSNONuKk2COKK+khz2QjiRf8Dj6drAm+XGtA80e8e9qnMlc83XmyX6US6Knq SaPPf61AJbnwouaziMwr975oDNZwi3eTIIT96YyIfaFzLQz1bBx2qpxbaUf2fXOw FGzH111uS2N8mzShaxqJOyu6ZVXGx0Q1s+MZb8IWn48MYM89r8b3IVAVqFwbit8G EljiZa/nrh2+vDe0R6y0vdMfN10RjtAHFYuTPhgsFO/bjQh+x2Y7EYMOwvafPRTZ J+QpwTk58nQ=WRSp -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHEA-2020:5633
All OpenShift Container Platform users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor. Solution:
For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/):
1823765 - nfd-workers crash under an ipv6 environment 1838802 - mysql8 connector from operatorhub does not work with metering operator 1838845 - Metering operator can't connect to postgres DB from Operator Hub 1841883 - namespace-persistentvolumeclaim-usage query returns unexpected values 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1868294 - NFD operator does not allow customisation of nfd-worker.conf 1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration 1890672 - NFD is missing a build flag to build correctly 1890741 - path to the CA trust bundle ConfigMap is broken in report operator 1897346 - NFD worker pods not scheduler on a 3 node master/worker cluster 1898373 - Metering operator failing upgrade from 4.4 to 4.6 channel 1900125 - FIPS error while generating RSA private key for CA 1906129 - OCP 4.7: Node Feature Discovery (NFD) Operator in CrashLoopBackOff when deployed from OperatorHub 1908492 - OCP 4.7: Node Feature Discovery (NFD) Operator Custom Resource Definition file in olm-catalog is not in sync with the one in manifests dir leading to failed deployment from OperatorHub 1913837 - The CI and ART 4.7 metering images are not mirrored 1914869 - OCP 4.7 NFD - Operand configuration options for NodeFeatureDiscovery are empty, no supported image for ppc64le 1916010 - olm skip range is set to the wrong range 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923998 - NFD Operator is failing to update and remains in Replacing state
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202008-1238",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "steelstore cloud integrated storage",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "bind",
"scope": "gte",
"trust": 1.0,
"vendor": "isc",
"version": "9.17.0"
},
{
"model": "bind",
"scope": "gte",
"trust": 1.0,
"vendor": "isc",
"version": "9.12.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "bind",
"scope": "lte",
"trust": 1.0,
"vendor": "isc",
"version": "9.16.5"
},
{
"model": "dns server",
"scope": "lt",
"trust": 1.0,
"vendor": "synology",
"version": "2.2.2-5028"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.2"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "bind",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "9.9.3"
},
{
"model": "bind",
"scope": "gte",
"trust": 1.0,
"vendor": "isc",
"version": "9.0.0"
},
{
"model": "bind",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "9.11.21"
},
{
"model": "bind",
"scope": "lte",
"trust": 1.0,
"vendor": "isc",
"version": "9.17.3"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "20.04"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "bind",
"scope": "lte",
"trust": 1.0,
"vendor": "isc",
"version": "9.11.21"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8622"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "159981"
},
{
"db": "PACKETSTORM",
"id": "160205"
},
{
"db": "PACKETSTORM",
"id": "159985"
},
{
"db": "PACKETSTORM",
"id": "161536"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1071"
}
],
"trust": 1.0
},
"cve": "CVE-2020-8622",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-8622",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-186747",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-8622",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-8622",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security-officer@isc.org",
"id": "CVE-2020-8622",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202008-1071",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-186747",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-8622",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186747"
},
{
"db": "VULMON",
"id": "CVE-2020-8622"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1071"
},
{
"db": "NVD",
"id": "CVE-2020-8622"
},
{
"db": "NVD",
"id": "CVE-2020-8622"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In BIND 9.0.0 -\u003e 9.11.21, 9.12.0 -\u003e 9.16.5, 9.17.0 -\u003e 9.17.3, also affects 9.9.3-S1 -\u003e 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit. runc is a CLI (command line interface) tool for building and running containers according to the OCI specification. BIND 9.0.0 to 9.11.21, 9.12.0 to 9.16.5, 9.17.0 to 9.17.3, 9.9.3-S1 to 9.11.21-S1 have security vulnerabilities, attackers can construct a special request to cause an assertion failure Causes the target service to end abnormally. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 1:9.11.5.P4+dfsg-5.1+deb10u2. \n\nWe recommend that you upgrade your bind9 packages. \n\nFor the detailed security status of bind9 please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/bind9\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl9H9LBfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0Riow//eYx52gDQkiERYSEFJbSK34AzF5Ee3W8JYh1BG4PFagvR/y3hwddyFEkR\npHlq/t78TPWi9oQ3j8uuQL0VLMA+8jyaNXA0h6BMs/3VKzGktFyINdKPBPIghT2w\n2tugfgjK1MR0LZ27rcE86I1QoyFy+jHMmd03R0B0AQPWYkjp+2sp5nxskFVM9jXO\n8emXIzT3IZns8WSS7xCZOqE6D40Vk/3hP5IXDXIbHHFUgl6jCEpPHJBHCgrtw9HZ\nOr/EQgy4y+QUZNqsPw93kxc7cwVWhauW/PX9VZ1HWnfMIWEZX9K8fmYPHlj4dJUa\n1G45uTtYT7VaLvs+N7j1UulII+f1ZT9rrljasVKfbmALt+mp28/LzzcCCBMYohkK\nKa30MmBu5yZnn36LNWGwaOO5D+cCHsc58awKu3C5wUG/QMBjT+dYlhkbUbllpZVj\nvMMXjnrefdkCLy7LEDAul1NLgxWcSWzcQ0SyNEfu9IajtA94unFMwNzFmQb7ykql\nWMkHTg+7mSdPCxOI+0g9+w+pKZFdBGZxXu76cV8FB1BmRitsM8XYrtBGO9uWvkI9\nhIm7pHhyJB0E008qo+cKutpnvruLZLBUCutUuNHZAirq+zaHjoVDSxiqPWEJ9jdR\nSx85bc7+6f1daR04r5ay/mCuWPTQYrM1VyBsFnAvGxWoznHnmbk=\n=kUyE\n-----END PGP SIGNATURE-----\n. 7) - aarch64, ppc64le, s390x\n\n3. 7.7) - ppc64, ppc64le, s390x, x86_64\n\n3. ==========================================================================\nUbuntu Security Notice USN-4468-1\nAugust 21, 2020\n\nbind9 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Bind. \n\nSoftware Description:\n- bind9: Internet Domain Name Server\n\nDetails:\n\nEmanuel Almeida discovered that Bind incorrectly handled certain TCP\npayloads. A remote attacker could possibly use this issue to cause Bind to\ncrash, resulting in a denial of service. This issue only affected Ubuntu\n20.04 LTS. (CVE-2020-8620)\n\nJoseph Gullo discovered that Bind incorrectly handled QNAME minimization\nwhen used in certain configurations. A remote attacker could possibly use\nthis issue to cause Bind to crash, resulting in a denial of service. This\nissue only affected Ubuntu 20.04 LTS. (CVE-2020-8621)\n\nDave Feldman, Jeff Warren, and Joel Cunningham discovered that Bind\nincorrectly handled certain truncated responses to a TSIG-signed request. A\nremote attacker could possibly use this issue to cause Bind to crash,\nresulting in a denial of service. (CVE-2020-8622)\n\nLyu Chiy discovered that Bind incorrectly handled certain queries. A remote\nattacker could possibly use this issue to cause Bind to crash, resulting in\na denial of service. (CVE-2020-8623)\n\nJoop Boonen discovered that Bind incorrectly handled certain subdomain\nupdate-policy rules. A remote attacker granted privileges to change certain\nparts of a zone could use this issue to change other contents of the zone,\ncontrary to expectations. This issue only affected Ubuntu 18.04 LTS and\nUbuntu 20.04 LTS. (CVE-2020-8624)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.04 LTS:\n bind9 1:9.16.1-0ubuntu2.3\n\nUbuntu 18.04 LTS:\n bind9 1:9.11.3+dfsg-1ubuntu1.13\n\nUbuntu 16.04 LTS:\n bind9 1:9.10.3.dfsg.P4-8ubuntu1.17\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: bind security and bug fix update\nAdvisory ID: RHSA-2020:5011-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:5011\nIssue date: 2020-11-10\nCVE Names: CVE-2020-8622 CVE-2020-8623 CVE-2020-8624\n====================================================================\n1. Summary:\n\nAn update for bind is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly. \n\nSecurity Fix(es):\n\n* bind: truncated TSIG response can lead to an assertion failure\n(CVE-2020-8622)\n\n* bind: remotely triggerable assertion failure in pk11.c (CVE-2020-8623)\n\n* bind: incorrect enforcement of update-policy rules of type \"subdomain\"\n(CVE-2020-8624)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* BIND stops DNSKEY lookup in get_dst_key() when a key with unsupported\nalgorithm is found first [RHEL7] (BZ#1884530)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, the BIND daemon (named) will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1869473 - CVE-2020-8622 bind: truncated TSIG response can lead to an assertion failure\n1869477 - CVE-2020-8623 bind: remotely triggerable assertion failure in pk11.c\n1869480 - CVE-2020-8624 bind: incorrect enforcement of update-policy rules of type \"subdomain\"\n1884530 - BIND stops DNSKEY lookup in get_dst_key() when a key with unsupported algorithm is found first [RHEL7]\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nbind-9.11.4-26.P2.el7_9.2.src.rpm\n\nnoarch:\nbind-license-9.11.4-26.P2.el7_9.2.noarch.rpm\n\nx86_64:\nbind-debuginfo-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-export-libs-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-export-libs-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-libs-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-libs-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-libs-lite-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-libs-lite-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-utils-9.11.4-26.P2.el7_9.2.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nbind-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-chroot-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-devel-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-export-devel-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-export-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-lite-devel-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-lite-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-pkcs11-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-pkcs11-devel-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-pkcs11-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-pkcs11-libs-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-pkcs11-libs-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-pkcs11-utils-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-sdb-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-sdb-chroot-9.11.4-26.P2.el7_9.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nbind-9.11.4-26.P2.el7_9.2.src.rpm\n\nnoarch:\nbind-license-9.11.4-26.P2.el7_9.2.noarch.rpm\n\nx86_64:\nbind-debuginfo-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-export-libs-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-export-libs-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-libs-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-libs-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-libs-lite-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-libs-lite-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-utils-9.11.4-26.P2.el7_9.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nbind-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-chroot-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-devel-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-export-devel-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-export-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-lite-devel-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-lite-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-pkcs11-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-pkcs11-devel-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-pkcs11-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-pkcs11-libs-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-pkcs11-libs-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-pkcs11-utils-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-sdb-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-sdb-chroot-9.11.4-26.P2.el7_9.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nbind-9.11.4-26.P2.el7_9.2.src.rpm\n\nnoarch:\nbind-license-9.11.4-26.P2.el7_9.2.noarch.rpm\n\nppc64:\nbind-9.11.4-26.P2.el7_9.2.ppc64.rpm\nbind-chroot-9.11.4-26.P2.el7_9.2.ppc64.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.2.ppc.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.2.ppc64.rpm\nbind-export-libs-9.11.4-26.P2.el7_9.2.ppc.rpm\nbind-export-libs-9.11.4-26.P2.el7_9.2.ppc64.rpm\nbind-libs-9.11.4-26.P2.el7_9.2.ppc.rpm\nbind-libs-9.11.4-26.P2.el7_9.2.ppc64.rpm\nbind-libs-lite-9.11.4-26.P2.el7_9.2.ppc.rpm\nbind-libs-lite-9.11.4-26.P2.el7_9.2.ppc64.rpm\nbind-pkcs11-9.11.4-26.P2.el7_9.2.ppc64.rpm\nbind-pkcs11-libs-9.11.4-26.P2.el7_9.2.ppc.rpm\nbind-pkcs11-libs-9.11.4-26.P2.el7_9.2.ppc64.rpm\nbind-pkcs11-utils-9.11.4-26.P2.el7_9.2.ppc64.rpm\nbind-utils-9.11.4-26.P2.el7_9.2.ppc64.rpm\n\nppc64le:\nbind-9.11.4-26.P2.el7_9.2.ppc64le.rpm\nbind-chroot-9.11.4-26.P2.el7_9.2.ppc64le.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.2.ppc64le.rpm\nbind-export-libs-9.11.4-26.P2.el7_9.2.ppc64le.rpm\nbind-libs-9.11.4-26.P2.el7_9.2.ppc64le.rpm\nbind-libs-lite-9.11.4-26.P2.el7_9.2.ppc64le.rpm\nbind-pkcs11-9.11.4-26.P2.el7_9.2.ppc64le.rpm\nbind-pkcs11-libs-9.11.4-26.P2.el7_9.2.ppc64le.rpm\nbind-pkcs11-utils-9.11.4-26.P2.el7_9.2.ppc64le.rpm\nbind-utils-9.11.4-26.P2.el7_9.2.ppc64le.rpm\n\ns390x:\nbind-9.11.4-26.P2.el7_9.2.s390x.rpm\nbind-chroot-9.11.4-26.P2.el7_9.2.s390x.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.2.s390.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.2.s390x.rpm\nbind-export-libs-9.11.4-26.P2.el7_9.2.s390.rpm\nbind-export-libs-9.11.4-26.P2.el7_9.2.s390x.rpm\nbind-libs-9.11.4-26.P2.el7_9.2.s390.rpm\nbind-libs-9.11.4-26.P2.el7_9.2.s390x.rpm\nbind-libs-lite-9.11.4-26.P2.el7_9.2.s390.rpm\nbind-libs-lite-9.11.4-26.P2.el7_9.2.s390x.rpm\nbind-pkcs11-9.11.4-26.P2.el7_9.2.s390x.rpm\nbind-pkcs11-libs-9.11.4-26.P2.el7_9.2.s390.rpm\nbind-pkcs11-libs-9.11.4-26.P2.el7_9.2.s390x.rpm\nbind-pkcs11-utils-9.11.4-26.P2.el7_9.2.s390x.rpm\nbind-utils-9.11.4-26.P2.el7_9.2.s390x.rpm\n\nx86_64:\nbind-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-chroot-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-export-libs-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-export-libs-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-libs-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-libs-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-libs-lite-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-libs-lite-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-pkcs11-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-pkcs11-libs-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-pkcs11-libs-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-pkcs11-utils-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-utils-9.11.4-26.P2.el7_9.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nbind-debuginfo-9.11.4-26.P2.el7_9.2.ppc.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.2.ppc64.rpm\nbind-devel-9.11.4-26.P2.el7_9.2.ppc.rpm\nbind-devel-9.11.4-26.P2.el7_9.2.ppc64.rpm\nbind-export-devel-9.11.4-26.P2.el7_9.2.ppc.rpm\nbind-export-devel-9.11.4-26.P2.el7_9.2.ppc64.rpm\nbind-lite-devel-9.11.4-26.P2.el7_9.2.ppc.rpm\nbind-lite-devel-9.11.4-26.P2.el7_9.2.ppc64.rpm\nbind-pkcs11-devel-9.11.4-26.P2.el7_9.2.ppc.rpm\nbind-pkcs11-devel-9.11.4-26.P2.el7_9.2.ppc64.rpm\nbind-sdb-9.11.4-26.P2.el7_9.2.ppc64.rpm\nbind-sdb-chroot-9.11.4-26.P2.el7_9.2.ppc64.rpm\n\nppc64le:\nbind-debuginfo-9.11.4-26.P2.el7_9.2.ppc64le.rpm\nbind-devel-9.11.4-26.P2.el7_9.2.ppc64le.rpm\nbind-export-devel-9.11.4-26.P2.el7_9.2.ppc64le.rpm\nbind-lite-devel-9.11.4-26.P2.el7_9.2.ppc64le.rpm\nbind-pkcs11-devel-9.11.4-26.P2.el7_9.2.ppc64le.rpm\nbind-sdb-9.11.4-26.P2.el7_9.2.ppc64le.rpm\nbind-sdb-chroot-9.11.4-26.P2.el7_9.2.ppc64le.rpm\n\ns390x:\nbind-debuginfo-9.11.4-26.P2.el7_9.2.s390.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.2.s390x.rpm\nbind-devel-9.11.4-26.P2.el7_9.2.s390.rpm\nbind-devel-9.11.4-26.P2.el7_9.2.s390x.rpm\nbind-export-devel-9.11.4-26.P2.el7_9.2.s390.rpm\nbind-export-devel-9.11.4-26.P2.el7_9.2.s390x.rpm\nbind-lite-devel-9.11.4-26.P2.el7_9.2.s390.rpm\nbind-lite-devel-9.11.4-26.P2.el7_9.2.s390x.rpm\nbind-pkcs11-devel-9.11.4-26.P2.el7_9.2.s390.rpm\nbind-pkcs11-devel-9.11.4-26.P2.el7_9.2.s390x.rpm\nbind-sdb-9.11.4-26.P2.el7_9.2.s390x.rpm\nbind-sdb-chroot-9.11.4-26.P2.el7_9.2.s390x.rpm\n\nx86_64:\nbind-debuginfo-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-devel-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-export-devel-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-export-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-lite-devel-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-lite-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-pkcs11-devel-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-pkcs11-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-sdb-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-sdb-chroot-9.11.4-26.P2.el7_9.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nbind-9.11.4-26.P2.el7_9.2.src.rpm\n\nnoarch:\nbind-license-9.11.4-26.P2.el7_9.2.noarch.rpm\n\nx86_64:\nbind-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-chroot-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-export-libs-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-export-libs-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-libs-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-libs-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-libs-lite-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-libs-lite-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-pkcs11-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-pkcs11-libs-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-pkcs11-libs-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-pkcs11-utils-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-utils-9.11.4-26.P2.el7_9.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nbind-debuginfo-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-devel-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-export-devel-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-export-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-lite-devel-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-lite-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-pkcs11-devel-9.11.4-26.P2.el7_9.2.i686.rpm\nbind-pkcs11-devel-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-sdb-9.11.4-26.P2.el7_9.2.x86_64.rpm\nbind-sdb-chroot-9.11.4-26.P2.el7_9.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-8622\nhttps://access.redhat.com/security/cve/CVE-2020-8623\nhttps://access.redhat.com/security/cve/CVE-2020-8624\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX6qUINzjgjWX9erEAQgqaQ//fDh400CVsaclHRk7T4sY7CY6Cl+5yje4\n4tAnP73cfPskYaWNy3k215ylN+Ciwe0W1v36zL5NURJs+/0MpKZ2ISJQTJxpnRbG\nWpabNVjZEX9NOMTqUjQHWK8qZtpvFBy1yaHp7167ZgIs2CDxhzRwGkIW0lJdjJOo\nW6WcyZBuGx62C3L8vqr55OaYTJkjHfsWQBcNmwcNIclfGKLzgWlOj8NFQ1jjJlpf\nYF1xm9ax2ia7YeOqY95m3qMhe8iFolV4hnuyCg78BPjcXB++Xi68Mi8HtNxCdyTX\nveZBvBpk7uzphOILirIUX6Wr7xFnq3wM9zvCQqzVJtxh02/022ljSIp1IzM5xD9y\nI9nwTwJ7ajSFRQx7//sjDlP06jzbODt9NYrUrmL43GO/A6hAiFzZNhvIKZachc2t\nEX/+gSNONuKk2COKK+khz2QjiRf8Dj6drAm+XGtA80e8e9qnMlc83XmyX6US6Knq\nSaPPf61AJbnwouaziMwr975oDNZwi3eTIIT96YyIfaFzLQz1bBx2qpxbaUf2fXOw\nFGzH111uS2N8mzShaxqJOyu6ZVXGx0Q1s+MZb8IWn48MYM89r8b3IVAVqFwbit8G\nEljiZa/nrh2+vDe0R6y0vdMfN10RjtAHFYuTPhgsFO/bjQh+x2Y7EYMOwvafPRTZ\nJ+QpwTk58nQ=WRSp\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHEA-2020:5633\n\nAll OpenShift Container Platform users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor. Solution:\n\nFor OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):\n\n1823765 - nfd-workers crash under an ipv6 environment\n1838802 - mysql8 connector from operatorhub does not work with metering operator\n1838845 - Metering operator can\u0027t connect to postgres DB from Operator Hub\n1841883 - namespace-persistentvolumeclaim-usage query returns unexpected values\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1868294 - NFD operator does not allow customisation of nfd-worker.conf\n1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration\n1890672 - NFD is missing a build flag to build correctly\n1890741 - path to the CA trust bundle ConfigMap is broken in report operator\n1897346 - NFD worker pods not scheduler on a 3 node master/worker cluster\n1898373 - Metering operator failing upgrade from 4.4 to 4.6 channel\n1900125 - FIPS error while generating RSA private key for CA\n1906129 - OCP 4.7: Node Feature Discovery (NFD) Operator in CrashLoopBackOff when deployed from OperatorHub\n1908492 - OCP 4.7: Node Feature Discovery (NFD) Operator Custom Resource Definition file in olm-catalog is not in sync with the one in manifests dir leading to failed deployment from OperatorHub\n1913837 - The CI and ART 4.7 metering images are not mirrored\n1914869 - OCP 4.7 NFD - Operand configuration options for NodeFeatureDiscovery are empty, no supported image for ppc64le\n1916010 - olm skip range is set to the wrong range\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1923998 - NFD Operator is failing to update and remains in Replacing state\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8622"
},
{
"db": "VULHUB",
"id": "VHN-186747"
},
{
"db": "VULMON",
"id": "CVE-2020-8622"
},
{
"db": "PACKETSTORM",
"id": "168899"
},
{
"db": "PACKETSTORM",
"id": "159981"
},
{
"db": "PACKETSTORM",
"id": "160205"
},
{
"db": "PACKETSTORM",
"id": "158940"
},
{
"db": "PACKETSTORM",
"id": "159985"
},
{
"db": "PACKETSTORM",
"id": "161536"
},
{
"db": "PACKETSTORM",
"id": "158949"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8622",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "158940",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "158949",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159981",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "160205",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159845",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159511",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159004",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1071",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.4178",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2977",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3522",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1256",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2951.5",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2604",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2954",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4512",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2951.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3463",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0864",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3970",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2951.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2948",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0691",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3880",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041525",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "49866",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "159985",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "160207",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-186747",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-8622",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168899",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161536",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186747"
},
{
"db": "VULMON",
"id": "CVE-2020-8622"
},
{
"db": "PACKETSTORM",
"id": "168899"
},
{
"db": "PACKETSTORM",
"id": "159981"
},
{
"db": "PACKETSTORM",
"id": "160205"
},
{
"db": "PACKETSTORM",
"id": "158940"
},
{
"db": "PACKETSTORM",
"id": "159985"
},
{
"db": "PACKETSTORM",
"id": "161536"
},
{
"db": "PACKETSTORM",
"id": "158949"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1071"
},
{
"db": "NVD",
"id": "CVE-2020-8622"
}
]
},
"id": "VAR-202008-1238",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-186747"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T22:02:04.538000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "runc Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126812"
},
{
"title": "Red Hat: Moderate: bind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204183 - Security Advisory"
},
{
"title": "Red Hat: Moderate: bind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204992 - Security Advisory"
},
{
"title": "Red Hat: Moderate: bind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20205203 - Security Advisory"
},
{
"title": "Red Hat: Moderate: bind security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20205011 - Security Advisory"
},
{
"title": "Red Hat: Moderate: bind security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204500 - Security Advisory"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1457",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1457"
},
{
"title": "IBM: Security Bulletin: Vulnerability in bind affects IBM Integrated Analytics System",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=5df18782fa35770f1ccb0a60bd4d1fa5"
},
{
"title": "Debian Security Advisories: DSA-4752-1 bind9 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=803076d91d2c644d2eb525aea5dfdae2"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1564",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2020-1564"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.5.20 bug fix and golang security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20205118 - Security Advisory"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/NikulinMS/13-01-hw "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-8622"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1071"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-617",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186747"
},
{
"db": "NVD",
"id": "CVE-2020-8622"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.7,
"url": "https://kb.isc.org/docs/cve-2020-8622"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20200827-0003/"
},
{
"trust": 1.7,
"url": "https://www.synology.com/security/advisory/synology_sa_20_19"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2020/dsa-4752"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202008-19"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00053.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/4468-1/"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/4468-2/"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8622"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/dqn62gbmcic5ay4kyadgxnkvy6ajksje/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zkamjzxr66p6s5leu4sn7ussncwtxexp/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zkamjzxr66p6s5leu4sn7ussncwtxexp/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/dqn62gbmcic5ay4kyadgxnkvy6ajksje/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158940/ubuntu-security-notice-usn-4468-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-bind-affects-ibm-netezza-host-management/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2951.2/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041525"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158949/ubuntu-security-notice-usn-4468-2.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2954/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1256"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3880/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-multiple-bind-vulnerabilities-cve-2020-8622-cve-2020-8623-cve-2020-8624/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/49866"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/isc-bind-assertion-error-via-truncated-tsig-response-33128"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159981/red-hat-security-advisory-2020-4992-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0864"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bind-affects-ibm-integrated-analytics-system-4/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4512/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159004/gentoo-linux-security-advisory-202008-19.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2951.3/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4178/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2948"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2951.5/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2604"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0691"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2977/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-bind-affects-ibm-netezza-host-management-2/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160205/red-hat-security-advisory-2020-5203-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-bind-for-ibm-i-is-affected-by-cve-2020-8622-and-cve-2020-8624/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3522/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159511/red-hat-security-advisory-2020-4183-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3970/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3463/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159845/red-hat-security-advisory-2020-4500-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bind-affects-aix-cve-2020-8622/"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8623"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8624"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-8623"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-8622"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-8624"
},
{
"trust": 0.2,
"url": "https://usn.ubuntu.com/4468-1"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8619"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/bind9"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4992"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5203"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.p4-8ubuntu1.17"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/bind9/1:9.11.3+dfsg-1ubuntu1.13"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8620"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/bind9/1:9.16.1-0ubuntu2.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5011"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhea-2020:5633"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9802"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9895"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8625"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13225"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20388"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15165"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14382"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8812"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3899"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8819"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3867"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1971"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9893"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8808"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3902"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3900"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8566"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8743"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25211"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9805"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8820"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9807"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8769"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9850"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8811"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5635"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16168"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9803"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9862"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24659"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9327"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3885"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15503"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20807"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16935"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20916"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19956"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14422"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15157"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8835"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8764"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3865"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1730"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3864"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19906"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20387"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20387"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14391"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15999"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3862"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3901"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20916"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17546"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3884"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3884"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8823"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1752"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13225"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3895"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15165"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16935"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11793"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20454"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9894"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8816"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13627"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-6405"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3897"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9806"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8814"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8743"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17546"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9915"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16168"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8815"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8625"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10029"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8783"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20807"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13630"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13631"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8766"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3868"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8846"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3894"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3898"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4468-2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186747"
},
{
"db": "PACKETSTORM",
"id": "168899"
},
{
"db": "PACKETSTORM",
"id": "159981"
},
{
"db": "PACKETSTORM",
"id": "160205"
},
{
"db": "PACKETSTORM",
"id": "158940"
},
{
"db": "PACKETSTORM",
"id": "159985"
},
{
"db": "PACKETSTORM",
"id": "161536"
},
{
"db": "PACKETSTORM",
"id": "158949"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1071"
},
{
"db": "NVD",
"id": "CVE-2020-8622"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-186747"
},
{
"db": "VULMON",
"id": "CVE-2020-8622"
},
{
"db": "PACKETSTORM",
"id": "168899"
},
{
"db": "PACKETSTORM",
"id": "159981"
},
{
"db": "PACKETSTORM",
"id": "160205"
},
{
"db": "PACKETSTORM",
"id": "158940"
},
{
"db": "PACKETSTORM",
"id": "159985"
},
{
"db": "PACKETSTORM",
"id": "161536"
},
{
"db": "PACKETSTORM",
"id": "158949"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1071"
},
{
"db": "NVD",
"id": "CVE-2020-8622"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-21T00:00:00",
"db": "VULHUB",
"id": "VHN-186747"
},
{
"date": "2020-08-21T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8622"
},
{
"date": "2020-08-28T19:12:00",
"db": "PACKETSTORM",
"id": "168899"
},
{
"date": "2020-11-10T14:55:46",
"db": "PACKETSTORM",
"id": "159981"
},
{
"date": "2020-11-24T15:29:32",
"db": "PACKETSTORM",
"id": "160205"
},
{
"date": "2020-08-21T21:44:34",
"db": "PACKETSTORM",
"id": "158940"
},
{
"date": "2020-11-10T14:56:23",
"db": "PACKETSTORM",
"id": "159985"
},
{
"date": "2021-02-25T15:26:54",
"db": "PACKETSTORM",
"id": "161536"
},
{
"date": "2020-08-25T17:19:25",
"db": "PACKETSTORM",
"id": "158949"
},
{
"date": "2020-08-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-1071"
},
{
"date": "2020-08-21T21:15:12.247000",
"db": "NVD",
"id": "CVE-2020-8622"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-02T00:00:00",
"db": "VULHUB",
"id": "VHN-186747"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8622"
},
{
"date": "2021-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-1071"
},
{
"date": "2024-11-21T05:39:08.607000",
"db": "NVD",
"id": "CVE-2020-8622"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "158940"
},
{
"db": "PACKETSTORM",
"id": "158949"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1071"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ISC BIND Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-1071"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-1071"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.