Security News > 2020 > December > Patch Tuesday brings bug fixes for OpenSSL, IBM, SAP, Kubernetes, Adobe, and Red Hat. And Microsoft, of course
For December's Patch Tuesday bug bonanza, Microsoft handed out fixes for a mere 58 vulnerabilities while various other orgs addressed shortcomings in their own software in separate, parallel announcements.
In a post on Monday to a Kubernetes mailing list, Apple software engineer Tim Allclair, a member of the Kubernetes Product Security Committee, outlined a medium severity bug by which an individual with the ability to create or edit services and pods could intercept traffic from other pods/nodes in the cluster.
IBM dumped 10 security notices on Monday evening, two of them rated High severity: CVE-2020-4430, enabling a Db2 denial of service attack, and CVE-2020-4739, enabling a local attacker to run arbitrary code.
Adobe posted security bulletins for Adobe Prelude, Adobe Experience Manager and Adobe Lightroom, along with a placeholder notice of soon-to-be-released Acrobat and Reader fixes.
Rather than use the term "Critical," SAP has labelled the flaw "Hot News," a moniker bestowed on three other SAP vulnerabilities in the 9.6 to 9.1 severity range.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/12/08/patch_tuesday_fixes/
Related news
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- March 2025 Patch Tuesday forecast: A return to normalcy (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts (source)
- Week in review: Probing activity on Palo Alto Networks GlobalProtect portals, Patch Tuesday forecast (source)
- April's Patch Tuesday leaves unlucky Windows Hello users unable to login (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-20 | CVE-2020-4739 | Untrusted Search Path vulnerability in IBM DB2 IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. | 7.8 |
| 2020-05-07 | CVE-2020-4430 | Path Traversal vulnerability in IBM Data Risk Manager IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. | 4.3 |