Lucene search
Cloud FoundryCFOUNDRY:BCFE0333C3F2E89FFDF11615D117C9AFHistoryJan 12, 2021 - 12:00 a.m.
USN-4662-1: OpenSSL vulnerability | Cloud Foundry
2021-01-1200:00:00
Cloud Foundry
www.cloudfoundry.org
118
0.004 Low
EPSS
Percentile
74.5%
Severity
High
Vendor
Canonical Ubuntu
Versions Affected
- Canonical Ubuntu 16.04
- Canonical Ubuntu 18.04
Description
David Benjamin discovered that OpenSSL incorrectly handled comparing certificates containing a EDIPartyName name type. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service.
CVEs contained in this USN include: CVE-2020-1971.
Affected Cloud Foundry Products and Versions
Severity is high unless otherwise noted.
- cflinuxfs3
- All versions prior to 0.212.0
- Xenial Stemcells
- 315.x versions prior to 315.203
- 456.x versions prior to 456.130
- 621.x versions prior to 621.94
- All other stemcells not listed.
- CF Deployment
- All versions prior to 15.4.0
Mitigation
Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:
- cflinuxfs3
- Upgrade All versions to 0.212.0 or greater
- Xenial Stemcells
- Upgrade 315.x versions to 315.203 or greater
- Upgrade 456.x versions to 456.130 or greater
- Upgrade 621.x versions to 621.94 or greater
- All other stemcells should be upgraded to the latest version available on bosh.io.
- CF Deployment
- Upgrade All versions to 15.4.0 or greater
References
History
2021-01-13: Initial vulnerability report published.
| CPE | Name | Operator | Version |
|---|---|---|---|
| cflinuxfs3 | lt | 0.212.0 | |
| xenial stemcells | lt | 315.203 | |
| xenial stemcells | lt | 456.130 | |
| xenial stemcells | lt | 621.94 | |
| cf deployment | lt | 15.4.0 |
Related
redhat
redhat
ibm
ibm
cbl_mariner
cbl_mariner
CVE-2020-1971 affecting package mysql 8.0.22-2
2021-08-25 19:57:27
openvas
openvas
Ubuntu: Security Advisory (USN-4662-1)
2020-12-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:3763-1)
2021-04-19 00:00:00
Huawei EulerOS: Security Advisory for openssl111d (EulerOS-SA-2021-1696)
2021-03-24 00:00:00
suse
suse
Security update for openssl-1_0_0 (important)
2020-12-12 00:00:00
Security update for openssl-1_1 (important)
2020-12-10 00:00:00
Security update for openssl-1_0_0 (important)
2020-12-17 00:00:00
archlinux
archlinux
[ASA-202012-24] openssl: denial of service
2020-12-16 00:00:00
gentoo
gentoo
OpenSSL: Denial of service
2020-12-23 00:00:00
osv
osv
openssl - security update
2020-12-14 00:00:00
BIT-node-2020-1971
2024-03-06 11:08:41
openssl - security update
2020-12-08 00:00:00
debian
debian
[SECURITY] [DSA 4807-1] openssl security update
2020-12-08 15:25:11
[SECURITY] [DLA 2493-1] openssl1.0 security update
2020-12-14 09:04:19
[SECURITY] [DSA 4807-1] openssl security update
2020-12-08 15:25:11
nessus
nessus
EulerOS Virtualization 3.0.6.6 : openssl (EulerOS-SA-2021-1505)
2021-03-04 00:00:00
Oracle Linux 6 : openssl (ELSA-2021-9137)
2021-03-26 00:00:00
RHEL 8 : openssl (RHSA-2020:5476)
2020-12-18 00:00:00
f5
f5
K42910051 : OpenSSL vulnerability CVE-2020-1971
2021-01-14 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-20:33.openssl
2020-12-08 00:00:00
nvd
nvd
CVE-2020-1971
2020-12-08 16:15:11
debiancve
debiancve
CVE-2020-1971
2020-12-08 16:15:11
freebsd
freebsd
OpenSSL -- NULL pointer de-reference
2020-12-08 00:00:00
cloudlinux
cloudlinux
Fix CVE: CVE-2020-1971
2020-12-09 11:10:00
redhatcve
redhatcve
CVE-2020-1971
2020-12-08 16:10:44
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 1.1.1i-alt1
2020-12-09 00:00:00
Security fix for the ALT Linux 10 package openssl1.1 version 1.1.1i-alt1
2020-12-08 00:00:00
prion
prion
Null pointer dereference
2020-12-08 16:15:00
fedora
fedora
[SECURITY] Fedora 32 Update: openssl-1.1.1i-1.fc32
2020-12-21 01:36:23
[SECURITY] Fedora 33 Update: openssl-1.1.1i-1.fc33
2020-12-16 01:43:55
veracode
veracode
Denial Of Service (DoS)
2020-12-09 10:07:39
cve
cve
CVE-2020-1971
2020-12-08 16:15:11
cvelist
cvelist
CVE-2020-1971 EDIPARTYNAME NULL pointer dereference
2020-12-08 00:00:00
alpinelinux
alpinelinux
CVE-2020-1971
2020-12-08 16:15:11
openssl
openssl
Vulnerability in OpenSSL CVE-2020-1971
2020-12-08 00:00:00
oraclelinux
oraclelinux
openssl security and bug fix update
2020-12-17 00:00:00
openssl security update
2020-12-17 00:00:00
openssl security update
2021-03-26 00:00:00
ubuntu
ubuntu
OpenSSL vulnerability
2020-12-08 00:00:00
amazon
amazon
Important: openssl
2020-12-08 19:28:00
Important: openssl, openssl11
2020-12-08 21:31:00
mageia
mageia
Updated openssl packages fix security vulnerability
2020-12-22 00:47:06
almalinux
almalinux
Important: openssl security and bug fix update
2020-12-15 15:55:57
ubuntucve
ubuntucve
CVE-2020-1971
2020-12-08 00:00:00
mscve
mscve
OpenSSL: CVE-2020-1971 EDIPARTYNAME NULL pointer de-reference
2021-10-12 07:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2020-0175
2020-12-10 00:00:00
Moderate Photon OS Security Update - PHSA-2020-3.0-0175
2020-12-10 00:00:00
githubexploit
githubexploit
Exploit for NULL Pointer Dereference in Openssl
2020-12-09 21:32:15
centos
centos
openssl security update
2020-12-18 00:03:46