Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2020:1486 - Security Advisory
Issued:
2020-04-16
Updated:
2020-04-16

RHSA-2020:1486 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: ipmitool security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for ipmitool is now available for Red Hat Enterprise Linux 7.5 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The ipmitool packages contain a command-line utility for interfacing with devices that support the Intelligent Platform Management Interface (IPMI) specification. IPMI is an open standard for machine health, inventory, and remote power control.

Security Fix(es):

  • ipmitool: Buffer overflow in read_fru_area_section function in lib/ipmi_fru.c (CVE-2020-5208)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the IPMI event daemon (ipmievd) will be restarted automatically.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.5 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.5 s390x
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.5 ppc64
  • Red Hat Enterprise Linux EUS Compute Node 7.5 x86_64
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.5 ppc64le

Fixes

  • BZ - 1798721 - CVE-2020-5208 ipmitool: Buffer overflow in read_fru_area_section function in lib/ipmi_fru.c

CVEs

  • CVE-2020-5208

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.5

SRPM
ipmitool-1.8.18-9.el7_5.src.rpm SHA-256: ba7b176256b0957fa71b384e283ee52aec1dcca860f40a05afc85b665bb1e7e2
x86_64
bmc-snmp-proxy-1.8.18-9.el7_5.noarch.rpm SHA-256: 53435624179a41648c9fbb8bd5a6065ae365cb082883513597da4f6352028b01
exchange-bmc-os-info-1.8.18-9.el7_5.noarch.rpm SHA-256: 59f4419e3283a731469e8b85d4770812ca46db6c9eac0f703287d5286a88ab0f
ipmitool-1.8.18-9.el7_5.x86_64.rpm SHA-256: 4a60d3a22ecbc83b665fe6c7a6e962080d33c6ebf74ca1009f3c870615ac48df
ipmitool-debuginfo-1.8.18-9.el7_5.x86_64.rpm SHA-256: c2218106d3e8e3b03d7715781bdc3e291be7d30fab1db4672ddfbb88d47c62ed

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.5

SRPM
ipmitool-1.8.18-9.el7_5.src.rpm SHA-256: ba7b176256b0957fa71b384e283ee52aec1dcca860f40a05afc85b665bb1e7e2
s390x
bmc-snmp-proxy-1.8.18-9.el7_5.noarch.rpm SHA-256: 53435624179a41648c9fbb8bd5a6065ae365cb082883513597da4f6352028b01
exchange-bmc-os-info-1.8.18-9.el7_5.noarch.rpm SHA-256: 59f4419e3283a731469e8b85d4770812ca46db6c9eac0f703287d5286a88ab0f
ipmitool-1.8.18-9.el7_5.s390x.rpm SHA-256: 7df9f2f64560a7796c4749edbd3fee4361b7b24f127c275539288fa84d7a6a57
ipmitool-debuginfo-1.8.18-9.el7_5.s390x.rpm SHA-256: 31174b3c9f0d05fce6fccaf6f32cdedcd8fc740902ee7f098b99997be9e09c90

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.5

SRPM
ipmitool-1.8.18-9.el7_5.src.rpm SHA-256: ba7b176256b0957fa71b384e283ee52aec1dcca860f40a05afc85b665bb1e7e2
ppc64
bmc-snmp-proxy-1.8.18-9.el7_5.noarch.rpm SHA-256: 53435624179a41648c9fbb8bd5a6065ae365cb082883513597da4f6352028b01
exchange-bmc-os-info-1.8.18-9.el7_5.noarch.rpm SHA-256: 59f4419e3283a731469e8b85d4770812ca46db6c9eac0f703287d5286a88ab0f
ipmitool-1.8.18-9.el7_5.ppc64.rpm SHA-256: 67dc67c50c0d5ac2c6f92d6b1c834fcd672ac662255a0a2cb35e2f06806f6616
ipmitool-debuginfo-1.8.18-9.el7_5.ppc64.rpm SHA-256: cb07bade6e510db1a959c152da54959ac8a26a716338bd8c310cab08de5a3040

Red Hat Enterprise Linux EUS Compute Node 7.5

SRPM
ipmitool-1.8.18-9.el7_5.src.rpm SHA-256: ba7b176256b0957fa71b384e283ee52aec1dcca860f40a05afc85b665bb1e7e2
x86_64
bmc-snmp-proxy-1.8.18-9.el7_5.noarch.rpm SHA-256: 53435624179a41648c9fbb8bd5a6065ae365cb082883513597da4f6352028b01
exchange-bmc-os-info-1.8.18-9.el7_5.noarch.rpm SHA-256: 59f4419e3283a731469e8b85d4770812ca46db6c9eac0f703287d5286a88ab0f
ipmitool-1.8.18-9.el7_5.x86_64.rpm SHA-256: 4a60d3a22ecbc83b665fe6c7a6e962080d33c6ebf74ca1009f3c870615ac48df
ipmitool-debuginfo-1.8.18-9.el7_5.x86_64.rpm SHA-256: c2218106d3e8e3b03d7715781bdc3e291be7d30fab1db4672ddfbb88d47c62ed

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.5

SRPM
ipmitool-1.8.18-9.el7_5.src.rpm SHA-256: ba7b176256b0957fa71b384e283ee52aec1dcca860f40a05afc85b665bb1e7e2
ppc64le
bmc-snmp-proxy-1.8.18-9.el7_5.noarch.rpm SHA-256: 53435624179a41648c9fbb8bd5a6065ae365cb082883513597da4f6352028b01
exchange-bmc-os-info-1.8.18-9.el7_5.noarch.rpm SHA-256: 59f4419e3283a731469e8b85d4770812ca46db6c9eac0f703287d5286a88ab0f
ipmitool-1.8.18-9.el7_5.ppc64le.rpm SHA-256: 51ad1f4a27731c1196d9f8edead1e02c2f90d0b080b7e7d28e94de320df52bda
ipmitool-debuginfo-1.8.18-9.el7_5.ppc64le.rpm SHA-256: 48f2da5acc75e9a8d8082903932305175dfd1fcaea189fd21f49e70da21f20c1

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2022 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter