Red Hat Security Advisory 2020-0981-01

Red Hat Security Advisory 2020-0981-01: Posted Mar 27, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-0981-01 - The ipmitool packages contain a command-line utility for interfacing with devices that support the Intelligent Platform Management Interface specification. IPMI is an open standard for machine health, inventory, and remote power control. Issues addressed include a buffer overflow vulnerability.; tags | advisory, remote, overflow; systems | linux, redhat; advisories | CVE-2020-5208; SHA-256 | ca35dc444d79793c1d0c0f18d0e9312c06b6ad4fddd368824ac4dbbd2d922d89; Download | Favorite | View

Red Hat Security Advisory 2020-0981-01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: ipmitool security update
Advisory ID:       RHSA-2020:0981-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:0981
Issue date:        2020-03-26
CVE Names:         CVE-2020-5208 
=====================================================================

1. Summary:

An update for ipmitool is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The ipmitool packages contain a command-line utility for interfacing with
devices that support the Intelligent Platform Management Interface (IPMI)
specification. IPMI is an open standard for machine health, inventory, and
remote power control.

Security Fix(es):

* ipmitool: Buffer overflow in read_fru_area_section function in
lib/ipmi_fru.c (CVE-2020-5208)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the IPMI event daemon (ipmievd) will be
restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1798721 - CVE-2020-5208 ipmitool: Buffer overflow in read_fru_area_section function in lib/ipmi_fru.c

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
ipmitool-1.8.18-12.el8_1.src.rpm

aarch64:
ipmievd-1.8.18-12.el8_1.aarch64.rpm
ipmievd-debuginfo-1.8.18-12.el8_1.aarch64.rpm
ipmitool-1.8.18-12.el8_1.aarch64.rpm
ipmitool-debuginfo-1.8.18-12.el8_1.aarch64.rpm
ipmitool-debugsource-1.8.18-12.el8_1.aarch64.rpm

noarch:
exchange-bmc-os-info-1.8.18-12.el8_1.noarch.rpm

ppc64le:
ipmievd-1.8.18-12.el8_1.ppc64le.rpm
ipmievd-debuginfo-1.8.18-12.el8_1.ppc64le.rpm
ipmitool-1.8.18-12.el8_1.ppc64le.rpm
ipmitool-debuginfo-1.8.18-12.el8_1.ppc64le.rpm
ipmitool-debugsource-1.8.18-12.el8_1.ppc64le.rpm

s390x:
ipmievd-1.8.18-12.el8_1.s390x.rpm
ipmievd-debuginfo-1.8.18-12.el8_1.s390x.rpm
ipmitool-1.8.18-12.el8_1.s390x.rpm
ipmitool-debuginfo-1.8.18-12.el8_1.s390x.rpm
ipmitool-debugsource-1.8.18-12.el8_1.s390x.rpm

x86_64:
ipmievd-1.8.18-12.el8_1.x86_64.rpm
ipmievd-debuginfo-1.8.18-12.el8_1.x86_64.rpm
ipmitool-1.8.18-12.el8_1.x86_64.rpm
ipmitool-debuginfo-1.8.18-12.el8_1.x86_64.rpm
ipmitool-debugsource-1.8.18-12.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-5208
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXnzA49zjgjWX9erEAQiaOhAAippDkAEuvSiBq3q9n2FUoySZ4D+GXT/S
m9BPu/bGy3Nx9QMLchcCiW6nBPmpqdCE4Tp4NWUof0+/TsUSrQPqCX3v3atycW4O
cguBR5Wld6vPrVNSaF+ypEiWB2jg0br1G29o8nO7rcCdXp3b43bT/uxHWLFNxCiK
RqVqNZ4/Mz1My2Fo0wQoS8hr4vQmIX+Y+vOXMccg3XSmvA0XF+JmG10+LJLEv3MC
uyhZM47D/At9vJdNzc4aj4TDtuSZLKMsKpy3kdb7UdbMdkoICibe2GtPatKhaDLB
QvtitWWv/donplz0MaOWf26e51xSk1QNR5E/pvNoHo++xyh1uNI9S/O2ebidNw4n
NrP0F97qZkuRCdzu34SxI2pn+RgdVBBvpxEZpC+JpX0244tUYDXry1fUJbSluwj9
YOMJQygjYoW/uK6O2ovtlr1CHd0z9xsf+ignvk52VMuc0BjaMQuBY5BUX5LFAKOY
pH2g0sGr9BMqYxlGPY3C+cuIBwTOWEJB2vAwR4fNKW0Zgp68zntWSTmZcpNLZb9/
60BVTYxk9pB9fF8nOBjg1Hyyqqk2kGVW+tL7kaypSDkPoG9FrMMOk/iD/KvysI+y
zY6tAm7ZcPH4+GoGOUcT3Jtmlw3/OSWjTYZn7garNb9WETkrbRI9D6JFWmDSnM1o
cmwKQar+NL4=
=kQIe
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Top Authors In Last 30 Days

Red Hat 183 files
Ubuntu 59 files
Debian 20 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Google Security Research 6 files
E1.Coders 4 files
Ersin Erenler 4 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,007)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,166)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,459)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,428)
UNIX (9,390)
UnixWare (187)
Windows (6,647)
Other

Red Hat Security Advisory 2020-0981-01

Red Hat Security Advisory 2020-0981-01

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Red Hat Security Advisory 2020-0981-01

Share This

Red Hat Security Advisory 2020-0981-01

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems