RHBA-2020:0547HighCVSS 8.8

Red Hat Bug Fix Advisory: Container Image Rebuild for Ansible Tower 3.4 Dependency

Published
February 18, 2020
Last Modified
June 27, 2026

🔗 CVE IDs covered (49)

📋 Description

CVE-2016-10739 — glibc: getaddrinfo should reject IP addresses with trailing characters CVE-2018-0495 — ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries CVE-2018-0734 — openssl: timing side channel attack in the DSA signature algorithm CVE-2018-1122 — procps: Local privilege escalation in top CVE-2018-5818 — LibRaw: DoS in parse_rollei function in internal/dcraw_common.cpp CVE-2018-5819 — LibRaw: DoS in parse_sinar_ia function in internal/dcraw_common.cpp CVE-2018-12404 — nss: Cache side-channel variant of the Bleichenbacher attack CVE-2018-12641 — binutils: Stack Exhaustion in the demangling functions provided by libiberty CVE-2018-12697 — binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c. CVE-2018-14618 — curl: NTLM password overflow via integer overflow CVE-2018-14647 — python: Missing salt initialization in _elementtree.c module CVE-2018-15686 — systemd: line splitting via fgets() allows for state injection during daemon-reexec CVE-2018-16062 — elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file CVE-2018-16402 — elfutils: Double-free due to double decompression of sections in crafted ELF causes crash CVE-2018-16403 — elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash CVE-2018-16842 — curl: Heap-based buffer over-read in the curl tool warning formatting CVE-2018-16866 — systemd: out-of-bounds read when parsing a crafted syslog message CVE-2018-16888 — systemd: kills privileged process if unprivileged PIDFile was tampered CVE-2018-18310 — elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl CVE-2018-18520 — elfutils: eu-size cannot handle recursive ar files CVE-2018-18521 — elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c CVE-2018-20217 — krb5: Reachable assertion in the KDC using S4U2Self requests CVE-2018-1000876 — binutils: integer overflow leads to heap-based buffer overflow in objdump CVE-2019-1559 — openssl: 0-byte record padding oracle CVE-2019-3858 — libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read CVE-2019-3861 — libssh2: Out-of-bounds reads with specially crafted SSH packets CVE-2019-3862 — libssh2: Out-of-bounds memory comparison with specially crafted message channel request CVE-2019-5010 — python: NULL pointer dereference using a specially crafted X509 certificate CVE-2019-7149 — elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw CVE-2019-7150 — elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c CVE-2019-7664 — elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h CVE-2019-7665 — elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c CVE-2019-9740 — python: CRLF injection via the query part of the url passed to urlopen() CVE-2019-9947 — python: CRLF injection via the path part of the url passed to urlopen() CVE-2019-9948 — python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms CVE-2019-11729 — nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault CVE-2019-11745 — nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate CVE-2019-13734 — sqlite: fts3: improve shadow table corruption detection CVE-2020-1734 — ansible: shell enabled by default in a pipe lookup plugin subprocess CVE-2020-1735 — ansible: path injection on dest parameter in fetch module CVE-2020-1736 — ansible: atomic_move primitive sets permissive permissions CVE-2020-1737 — ansible: Extract-Zip function in win_unzip module does not check extracted path CVE-2020-1738 — ansible: module package can be selected by the ansible facts CVE-2020-1739 — ansible: svn module leaks password when specified as a parameter CVE-2020-1740 — ansible: secrets readable after ansible-vault edit CVE-2020-1746 — ansible: Information disclosure issue in ldap_attr and ldap_entry modules CVE-2020-1753 — Ansible: kubectl connection plugin leaks sensitive information CVE-2020-10684 — Ansible: code injection when using ansible_facts as a subkey CVE-2020-10685 — Ansible: modules which use files encrypted with vault are not properly cleaned up

🔗 References (10)