Security Bulletin: Vulnerability in glibc affect OS Image for Red Hat Enterprise Linux shipped with Cloud Pak System (CVE-2020-27618)

Summary

Vulnerability found in glibc used by IBM OS Image for Red Hat Enterprise Linux shipped with Cloud Pak System (CVE-2020-27618). IBM Cloud Pak System addressed vulnerability shipped new base OS image based on Red Hat Enterprise Linux 8.4.

Vulnerability Details

CVEID:CVE-2020-27618
**DESCRIPTION:**GNU C Library (aka glibc or libc6) is vulnerable to a denial of service, caused by an error when processing some invalid inputs from several IBM character sets in the iconv function. By sending invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, IBM1399 encodings, a local authenticated attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196446 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Remediation/Fixes

If you are using an earlier unsupported release, IBM strongly recommends that you upgrade.

For Cloud Pak System v2.3.0.1, v2.3.1.1, v.2.3.2.0, v2.3.3.0, v2.3.3.1, v.2.3.3.2, v2.3.3.3, v2.3.3.3 Interim Fix 1, upgrade to Cloud Pak System v2.3.3.4 at Fix Central.

Information on upgrading at: <http://www.ibm.com/support/docview.wss?uid=ibm10887959&gt;

Workarounds and Mitigations

None