Security News > 2020 > December > Patch Tuesday brings bug fixes for OpenSSL, IBM, SAP, Kubernetes, Adobe, and Red Hat. And Microsoft, of course
For December's Patch Tuesday bug bonanza, Microsoft handed out fixes for a mere 58 vulnerabilities while various other orgs addressed shortcomings in their own software in separate, parallel announcements.
In a post on Monday to a Kubernetes mailing list, Apple software engineer Tim Allclair, a member of the Kubernetes Product Security Committee, outlined a medium severity bug by which an individual with the ability to create or edit services and pods could intercept traffic from other pods/nodes in the cluster.
IBM dumped 10 security notices on Monday evening, two of them rated High severity: CVE-2020-4430, enabling a Db2 denial of service attack, and CVE-2020-4739, enabling a local attacker to run arbitrary code.
Adobe posted security bulletins for Adobe Prelude, Adobe Experience Manager and Adobe Lightroom, along with a placeholder notice of soon-to-be-released Acrobat and Reader fixes.
Rather than use the term "Critical," SAP has labelled the flaw "Hot News," a moniker bestowed on three other SAP vulnerabilities in the 9.6 to 9.1 severity range.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/12/08/patch_tuesday_fixes/
Related news
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft holds last Patch Tuesday of the year with 72 gifts for admins (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- What Is Patch Tuesday? Microsoft’s Monthly Update Explained (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Microsoft says premature patch could make Windows Recall forget how to work (source)
- December 2024 Patch Tuesday forecast: The secure future initiative impact (source)
- Week in review: Veeam Service Provider Console flaws fixed, Patch Tuesday forecast (source)
- Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability (source)
- January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-20 | CVE-2020-4739 | Untrusted Search Path vulnerability in IBM DB2 IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. | 7.8 |
| 2020-05-07 | CVE-2020-4430 | Path Traversal vulnerability in IBM Data Risk Manager IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. | 4.3 |