Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-21002

CVE-2020-12762 is not fixed on 8.8 EUS

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Undefined Undefined
    • None
    • rhel-8.8.0.z
    • libfastjson
    • None
    • None
    • Important
    • rhel-security-special-projects
    • ssg_security
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • None
    • None
    • All
    • None

      What were you trying to do that didn't work?

      It appears CVE-2020-12762 has been fixed on 8.9 only.
      Customers using 8.8 EUS do not have this fix yet, even though it was committed in the tree mid of May 2023:

      commit 37571b46b94a5d9f2ba5040fc08158489106827e (HEAD -> rhel-8.8.0, origin/rhel-8.8.0)
Author: alakatos <alakatos@redhat.com>
Date:   Tue May 16 14:20:56 2023 +0200

    Address CVE-2020-12762
      Resolves: RHEL-18890
[...]
 Name:          libfastjson
 Version:       0.99.9
-Release:       1%{?dist}
+Release:       1%{?dist}.1
[...]

      Please provide the fix on 8.8 EUS ASAP.

      Please provide the package NVR for which bug is seen:

      libfastjson-0.99.9-1

      How reproducible:

      N/A

              rh-ee-alakatos Attila Lakatos
              rhn-support-rmetrich Renaud Métrich
              Attila Lakatos Attila Lakatos
              SSG Security QE SSG Security QE
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: