When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961
Acknowledgments: Name: the Mozilla project Upstream: Gabriel Corona
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:5240 https://access.redhat.com/errata/RHSA-2020:5240
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:5231 https://access.redhat.com/errata/RHSA-2020:5231
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:5233 https://access.redhat.com/errata/RHSA-2020:5233
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:5236 https://access.redhat.com/errata/RHSA-2020:5236
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2020:5232 https://access.redhat.com/errata/RHSA-2020:5232
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2020:5234 https://access.redhat.com/errata/RHSA-2020:5234
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:5238 https://access.redhat.com/errata/RHSA-2020:5238
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:5237 https://access.redhat.com/errata/RHSA-2020:5237
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-26961
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:5235 https://access.redhat.com/errata/RHSA-2020:5235
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:5257 https://access.redhat.com/errata/RHSA-2020:5257
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:5239 https://access.redhat.com/errata/RHSA-2020:5239
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:5314 https://access.redhat.com/errata/RHSA-2020:5314