During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2020-15685
Acknowledgments: Name: the Mozilla project Upstream: Damian Poddebniak
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:0297 https://access.redhat.com/errata/RHSA-2021:0297
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:0298 https://access.redhat.com/errata/RHSA-2021:0298
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:0299 https://access.redhat.com/errata/RHSA-2021:0299
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-15685
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:0397 https://access.redhat.com/errata/RHSA-2021:0397