RedHat: RHSA-2020-0192:01 Moderate: Open Liberty 20.0.0.1 Runtime security

    Date 21 Jan 2020
    284
    Posted By LinuxSecurity Advisories
    A security update is now available for Open Liberty 20.0.0.1 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: Open Liberty 20.0.0.1 Runtime security update
    Advisory ID:       RHSA-2020:0192-01
    Product:           Open Liberty
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:0192
    Issue date:        2020-01-21
    =====================================================================
    
    1. Summary:
    
    A security update is now available for Open Liberty 20.0.0.1 from the
    Customer Portal.
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the originating Security Bulletin link(s) in the References section.
    
    2. Description:
    
    Open Liberty is a lightweight open framework for building fast and
    efficient cloud-native Java microservices. 
    
    This release of Open Liberty 20.0.0.1 serves as a replacement for Open
    Liberty 19.0.0.12 and includes bug fixes, enhancements, and security fixes.
    For specific information about this release, see links in the References
    section.
    
    Security Fix(es):
    
    * A Security Vulnerability affects IBM Cloud Private - Swagger UI
    (CVE-2019-17495)
    
    For more details about the security issue(s), see the IBM Security Bulletin
    links for each CVE, listed in the References section.
    
    3. Solution:
    
    Before applying the update, back up your existing installation, including
    all applications, configuration files, databases and database settings, and
    so on.
    
    The References section of this erratum contains a download link (you must
    log in to download the update).
    
    4. JIRA issues fixed (https://issues.jboss.org/):
    
    IBMRT-10 - Include open liberty 20.0.0.1 into redhat runtimes
    
    5. References:
    
    https://access.redhat.com/security/updates/classification/#moderate
    https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=open.liberty&downloadType=distributions&version=20.0.0.1
    https://www.ibm.com/support/pages/security-bulletin-security-vulnerability-affects-ibm-cloud-private-swagger-ui-cve-2019-17495
    https://access.redhat.com/articles/4544981
    
    6. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXic03tzjgjWX9erEAQjPrQ//b9O04NGwvU+SBQwIAx5ofCRROz2KfqLB
    dS9RIojZZmL+Y4wa/XHiPMCk5sqxn5yjsAlYOXgv+1pny24wuDrW39Y6F7wS8rPy
    idkvY3Bo1waiAOO/UHqAC0MeFnPwO1kBB8nYGwvpe0dMqq97ojbi1RMMHb8obY+f
    iV4MtxHjEJ4GIYXT+p2mEHBehPzaC3i9WEs9iDC9/vAhxaGtHN0kXcONlBbcqfN3
    qSvHcxyxd1RcZ6XtPpW6qxqAUC48SlTJv86w7744SlEtJH/cxSazv+v52ceb2HdI
    k9936qk1yaNVvGm6fCgBVYpS9/+COKeojp7XyOrSJ9hM900qsSpGvFXG6UkirrJE
    AsdIMbhTT8bj4+NdvQO27cCFj6SLpOx5bxxexIpec1yKwfq/WnMKDFUBLF+MJSqW
    +ov0bxzJRl9f8q01t+pYpMuSsXBCpYzAjjKsg+mp3DYjN4E+PTfJbYBHthIBbcpS
    rOMV+vfbbV2OmWvUZ4CO90yqmEcWye7mWyQy/qENz02e4G86WtmOc0LqPScb89vs
    A551HWuMqi0Rgk/pqtfREqDnNKcjHm3HKTheNDOuwotnWXjhJKHQQ47rI6HNhHSw
    UJc4DfKegWqIAU+eWQf3ZBLTIwC/CuJ79yiW9lDdy+eMmMT39hKBf0yZzYGi9o/I
    3Tgp7En6HTE=
    =ysr3
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    If you are using full-disk encryption: are you concerned about the resulting performance hit?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/34-if-you-are-using-full-disk-encryption-are-you-concerned-about-the-resulting-performance-hit?task=poll.vote&format=json
    34
    radio
    [{"id":"120","title":"Yes","votes":"14","type":"x","order":"1","pct":60.87,"resources":[]},{"id":"121","title":"No ","votes":"9","type":"x","order":"2","pct":39.13,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.