Main Vulnerability Database SB2021111028

SB2021111028 - Red Hat Enterprise Linux 8 update for babel

Published: November 10, 2021

Security Bulletin ID SB2021111028

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Path traversal (CVE-ID: CVE-2021-20095)

The vulnerability allows a local user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A local user can load arbitrary files on disk and execute arbitrary code.

2) Path traversal (CVE-ID: CVE-2021-42771)

The vulnerability allows a remote attacker to user compromise the affected system.

The vulnerability exists due to input validation error when processing directory traversal sequences within the locale .dat files in Babel.Locale. A remote user can load a malicious .dat file containing serialized Python objects and execute arbitrary code on the system.

Remediation

Install update from vendor's website.

References

https://access.redhat.com/errata/RHSA-2021:4201

SB2021111028 - Red Hat Enterprise Linux 8 update for babel

Breakdown by Severity

Description

Remediation

References

Please verify you're human