Security News > 2020 > December > Patch Tuesday brings bug fixes for OpenSSL, IBM, SAP, Kubernetes, Adobe, and Red Hat. And Microsoft, of course
For December's Patch Tuesday bug bonanza, Microsoft handed out fixes for a mere 58 vulnerabilities while various other orgs addressed shortcomings in their own software in separate, parallel announcements.
In a post on Monday to a Kubernetes mailing list, Apple software engineer Tim Allclair, a member of the Kubernetes Product Security Committee, outlined a medium severity bug by which an individual with the ability to create or edit services and pods could intercept traffic from other pods/nodes in the cluster.
IBM dumped 10 security notices on Monday evening, two of them rated High severity: CVE-2020-4430, enabling a Db2 denial of service attack, and CVE-2020-4739, enabling a local attacker to run arbitrary code.
Adobe posted security bulletins for Adobe Prelude, Adobe Experience Manager and Adobe Lightroom, along with a placeholder notice of soon-to-be-released Acrobat and Reader fixes.
Rather than use the term "Critical," SAP has labelled the flaw "Hot News," a moniker bestowed on three other SAP vulnerabilities in the 9.6 to 9.1 severity range.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/12/08/patch_tuesday_fixes/
Related news
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft slips Task Manager and processor count fixes into Patch Tuesday (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft holds last Patch Tuesday of the year with 72 gifts for admins (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- November 2024 Patch Tuesday forecast: New servers arrive early (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Microsoft says premature patch could make Windows Recall forget how to work (source)
- December 2024 Patch Tuesday forecast: The secure future initiative impact (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-20 | CVE-2020-4739 | Untrusted Search Path vulnerability in IBM DB2 IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. | 7.8 |
2020-05-07 | CVE-2020-4430 | Path Traversal vulnerability in IBM Data Risk Manager IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. | 4.3 |