RedHat: RHSA-2020-0497:01 Important: AMQ Online security update

    Date13 Feb 2020
    555
    Posted ByLinuxSecurity Advisories
    An update of the Red Hat OpenShift Container Platform 3.11 and 4.1 container images is now available for Red Hat AMQ Online. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Important: AMQ Online security update
    Advisory ID:       RHSA-2020:0497-01
    Product:           Red Hat JBoss AMQ
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:0497
    Issue date:        2020-02-13
    CVE Names:         CVE-2019-20444 CVE-2019-20445 CVE-2020-7238 
    =====================================================================
    
    1. Summary:
    
    An update of the Red Hat OpenShift Container Platform 3.11 and 4.1
    container images is now available for Red Hat AMQ Online.  
    
    Red Hat Product Security has rated this update as having a security impact
    of Important. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each vulnerability
    from the CVE link(s) in the References section.
    
    2. Description:
    
    The release of Red Hat AMQ Online 1.3.3 serves as a replacement for AMQ
    online 1.3.2, and includes bug fixes and enhancements, which are documented
    in the Release Notes document linked in the References. 
    
    Security Fix(es):
    
    * netty: HTTP request smuggling (CVE-2019-20444)
    
    * netty: HttpObjectDecoder.java allows Content-Length header to accompanied
    by second Content-Length header (CVE-2019-20445)
    
    * netty: HTTP Request Smuggling due to Transfer-Encoding whitespace
    mishandling (CVE-2020-7238)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    3. Solution:
    
    The Red Hat OpenShift Container Platform 3.11 and 4.1 container images
    provided by this update can be downloaded from the Red Hat Container
    Registry at registry.access.redhat.com. Installation instructions for your
    platform are available from https://access.redhat.com.
    
    Dockerfiles and scripts should be amended either to refer to this new image
    specifically, or to the latest image generally.
    
    Before applying this update, make sure all previously released errata
    relevant to your system have been applied.
    
    4. Bugs fixed (https://bugzilla.redhat.com/):
    
    1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling
    1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header
    1798524 - CVE-2019-20444 netty: HTTP request smuggling
    
    5. References:
    
    https://access.redhat.com/security/cve/CVE-2019-20444
    https://access.redhat.com/security/cve/CVE-2019-20445
    https://access.redhat.com/security/cve/CVE-2020-7238
    https://access.redhat.com/security/updates/classification/#important
    https://access.redhat.com/documentation/en-us/red_hat_amq/7.5/html/release_notes_for_amq_online_1.3_on_openshift/
    
    6. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXkViltzjgjWX9erEAQh9Cg/9Epnd8bf83W0lXss9jSO28wxS95x4hrgQ
    Y5Cz9GqCVpymptqQI+mVKaZiFL8d7ilGIIfb2Oen3zFt+MsB85JkQ1ewbbNCVEVK
    bxUAir4mTX898DO6QO9f6Y/Wl0i56Tm/ZxsYqrxCAEXvy68aqWOVOjZK/DnDwBT1
    xgB2Mdn8DaImEPVqvO11vIeOVPYg1X6TZm4Q3a3gUkqkBuclRQmkULKHDLdXzQZQ
    3ZanOP8SRzrXOw4ZvBobZJdQS/nesIdMWrgc6Ecn08opLderC39+hrFSQgFPJFaj
    1+satMpNkWyyNa5qYzAnRCba7VYObdU50GIdoNqppkPDnYD6j/5wJ2EZxADRzlWi
    K2A9mBSmJ/ikU2J8wJUWxpTZznawtKDqgmjO7xPITsl+eLfhszxkj9EnyW+qV4Yk
    kTVg27pIECn6S9QtdvxxwPkJt4huPZ81cQEM614/6ZohtG6Aw9TrtS/F2eVnZ/Ak
    IpmVkrr42Sa99P+NY7szfTlcLb2DxK/vI8DKXlleR1ohCrFhDv1KkxU7Nh8ki3lt
    ZV410nNmU/eghW4QoIWUdILADvbwtecY2p1TePITrmJNCukYHvM5Qz1KEsp64ARE
    0qHarUY+dMo1QhhWdaZMRKXojIBJXocnY9Zd1DxZQlTwOr/2nbTs/cvkQRu8kQRM
    NTzlUSY//lE=
    =2tDG
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"31","type":"x","order":"1","pct":91.18,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"2","type":"x","order":"2","pct":5.88,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"1","type":"x","order":"3","pct":2.94,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.