Bug 1809833 (CVE-2020-1749)
| Summary: | CVE-2020-1749 kernel: some ipv6 protocols not encrypted over ipsec tunnel | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Wade Mealing <wmealing> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | acaringi, bhu, blc, brdeoliv, dhoward, dvlasenk, esammons, fhrbata, hkrzesin, iboverma, jlelli, jross, jshortt, jstancek, kernel-mgr, lgoncalv, matt, mcressma, mlangsdo, nmurray, qzhao, rt-maint, rvrbovsk, sdubroca, williams |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Linux kernel version 5.5 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-04-28 16:35:25 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1774440, 1774447, 1809837, 1809838, 1809839, 1809840, 1809848, 1888655 | ||
| Bug Blocks: | 1784146 | ||
|
Description
Wade Mealing
2020-03-04 01:31:16 UTC
Acknowledgments: Name: Xiumei Mu (Red Hat QE Engineering) Trackers above made, going to mark these trackers as duplicates of the product bugs. Leaving the -rt trackers. Mitigation: Disabling the IPV6 protocol may be a suitable workaround for systems that do not require the protocol to function correctly, however, if IPV6 is not in use this flaw will not be triggered. This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1567 https://access.redhat.com/errata/RHSA-2020:1567 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1769 https://access.redhat.com/errata/RHSA-2020:1769 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-1749 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4062 https://access.redhat.com/errata/RHSA-2020:4062 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4060 https://access.redhat.com/errata/RHSA-2020:4060 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:0354 https://access.redhat.com/errata/RHSA-2021:0354 |