Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2020:5611
HistoryDec 17, 2020 - 8:43 a.m.

(RHSA-2020:5611) Important: Red Hat Virtualization security, bug fix, and enhancement update

2020-12-1708:43:33
access.redhat.com
102

0.044 Low

EPSS

Percentile

92.4%

JSON

The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host’s resources and performing administrative tasks.

The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host’s resources and performing administrative tasks.

The following packages have been upgraded to a later upstream version: cockpit-ovirt (0.14.15), redhat-release-virtualization-host (4.4.3), redhat-virtualization-host (4.4.3), v2v-conversion-host (1.16.2). (BZ#1898023, BZ#1902301, BZ#1907539)

Security Fix(es):

  • lldpd: buffer overflow in the lldp_decode function in daemon/protocols/lldp.c (CVE-2015-8011)

  • nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Previously, upgrade from Red Had Virtualization (RHV) 4.4.1 to RHV 4.4.2 failed due to dangling symlinks from the iSCSI Storage Domain that weren’t cleaned up. In this release, the upgrade succeeds. (BZ#1895356)

  • Previously, when migrating a Windows virtual machine from a VMware environment to Red Hat Virtualization 4.4.3, the migration failed due to a file permission error. In this release, the migration succeeds. (BZ#1901423)

Related

nessus 17
nvd 2
cve 2
cvelist 2
ubuntucve 2
veracode 2
redhat 16
alpinelinux 1
debiancve 2
prion 2
ibm 32
githubexploit 1
osv 5
redhatcve 1
github 1
hackerone 1
freebsd 1
debian 2
ubuntu 1
openvas 5
archlinux 2
ics 1
f5 1
huntr 1
fedora 2
redos 1
checkpoint_advisories 1
oracle 5
nessus
nessus
RHEL 8 : Red Hat Virtualization (RHSA-2020:5611)
2020-12-18 00:00:00
RHEL 8 : OpenShift Container Platform 4.6.9 (RHSA-2020:5615)
2020-12-22 00:00:00
RHEL 7 : Red Hat OpenStack Platform 10.0 (openvswitch) (RHSA-2021:2205)
2021-06-02 00:00:00
nvd
nvd
CVE-2015-8011
2020-01-28 19:15:12
CVE-2020-8203
2020-07-15 17:15:11
cve
cve
CVE-2015-8011
2020-01-28 19:15:12
CVE-2020-8203
2020-07-15 17:15:11
cvelist
cvelist
CVE-2015-8011
2020-01-28 18:15:08
CVE-2020-8203
2020-07-15 16:10:27
ubuntucve
ubuntucve
CVE-2015-8011
2020-01-28 00:00:00
CVE-2020-8203
2020-07-15 00:00:00
veracode
veracode
Denial Of Service(DoS)
2020-12-19 06:04:26
Prototype Pollution
2020-04-28 09:42:14
redhat
redhat
(RHSA-2021:0028) Important: Red Hat Virtualization security, bug fix, and enhancement update
2021-01-06 11:03:12
(RHSA-2020:5615) Important: OpenShift Container Platform 4.6.9 packages and security update
2020-12-21 11:52:18
(RHSA-2021:2205) Important: Red Hat OpenStack Platform 10.0 (openvswitch) security update
2021-06-02 12:34:59
alpinelinux
alpinelinux
CVE-2015-8011
2020-01-28 19:15:12
debiancve
debiancve
CVE-2015-8011
2020-01-28 19:15:12
CVE-2020-8203
2020-07-15 17:15:11
prion
prion
Buffer overflow
2020-01-28 19:15:00
Code injection
2020-07-15 17:15:00
ibm
ibm
Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data - Node.js (CVE-2020-8203)
2020-10-01 21:23:31
Security Bulletin: CVE-2020-8203
2022-07-08 19:00:44
Security Bulletin: A vulnerability in JavaScript affects IBM License Metric Tool v9 (CVE-2020-8203).
2020-12-16 08:03:38
githubexploit
githubexploit
Exploit for Prototype Pollution in Lodash
2020-12-01 09:45:48
osv
osv
CVE-2020-8203
2020-07-15 17:15:11
Prototype Pollution in lodash
2020-07-15 19:15:48
openvswitch - security update
2021-01-22 00:00:00
redhatcve
redhatcve
CVE-2020-8203
2020-07-15 20:08:37
github
github
Prototype Pollution in lodash
2020-07-15 19:15:48
hackerone
hackerone
Node.js third-party modules: Prototype pollution attack (lodash)
2019-10-11 12:06:20
freebsd
freebsd
lldpd -- Buffer overflow/Denial of service
2015-10-04 00:00:00
debian
debian
[SECURITY] [DSA 4836-1] openvswitch security update
2021-01-22 18:52:14
[SECURITY] [DLA 2571-1] openvswitch security update
2021-02-19 22:10:32
ubuntu
ubuntu
Open vSwitch vulnerabilities
2021-01-13 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4691-1)
2021-01-14 00:00:00
Debian: Security Advisory (DSA-4836-1)
2021-01-24 00:00:00
Fedora: Security Advisory for dpdk (FEDORA-2021-fba11d37ee)
2021-03-05 00:00:00
archlinux
archlinux
[ASA-202101-28] openvswitch: multiple issues
2021-01-20 00:00:00
lldpd: denial of service
2015-10-30 00:00:00
ics
ics
Siemens Industrial Products LLDP (Update D)
2022-08-18 12:00:00
f5
f5
K06878231 : LLDPD vulnerabilities CVE-2015-8011 and CVE-2015-8012
2020-03-03 00:00:00
huntr
huntr
Lodash 4.17.15 in use which is vulnerable to CVE-2020-8203
2023-02-20 02:52:19
fedora
fedora
[SECURITY] Fedora 33 Update: dpdk-20.11-1.fc33
2021-03-04 20:10:59
[SECURITY] Fedora 33 Update: openvswitch-2.15.0-1.fc33
2021-03-04 20:11:00
redos
redos
ROS-20240418-08
2024-04-18 00:00:00
checkpoint_advisories
checkpoint_advisories
JavaScript Prototype Pollution (CVE-2020-28269; CVE-2020-28272; CVE-2020-28273; CVE-2020-28442; CVE-2020-28458; CVE-2020-28472; CVE-2020-7778; CVE-2020-8158; CVE-2020-8203; CVE-2021-25912; CVE-2021-44906)
2020-06-21 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00
Oracle Critical Patch Update Advisory - January 2022
2022-01-18 00:00:00
Oracle Critical Patch Update Advisory - April 2021
2021-04-20 00:00:00

0.044 Low

EPSS

Percentile

92.4%

JSON
Related for RHSA-2020:5611
nessus17nvd2cve2cvelist2ubuntucve2veracode2redhat16alpinelinux1debiancve2prion2ibm32githubexploit1osv5redhatcve1github1hackerone1freebsd1debian2ubuntu1openvas5archlinux2ics1f51huntr1fedora2redos1checkpoint_advisories1oracle5