RedHat: RHSA-2020-0824:01 Moderate: Open Liberty 20.0.0.3 Runtime security

    Date 16 Mar 2020
    187
    Posted By LinuxSecurity Advisories
    Open Liberty 20.0.0.3 Runtime is now available from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: Open Liberty 20.0.0.3 Runtime security update
    Advisory ID:       RHSA-2020:0824-01
    Product:           Open Liberty
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:0824
    Issue date:        2020-03-16
    =====================================================================
    
    1. Summary:
    
    Open Liberty 20.0.0.3 Runtime is now available from the Customer Portal.
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Description:
    
    Open Liberty is a lightweight open framework for building fast and
    efficient cloud-native Java microservices. 
    
    This release of Open Liberty 20.0.0.3 serves as a replacement for Open
    Liberty 20.0.0.2 and includes security fixes, bug fixes, and enhancements.
    For specific information about this release, see links in the References
    section.
    
    Security Fix(es):
    
    * cxf: reflected XSS in the services listing page (CVE-2019-17573)
    
    For more details about the security issue(s), see the IBM Security Bulletin
    links for each CVE, listed in the References section.
    
    3. Solution:
    
    Before applying the update, back up your existing installation, including
    all applications, configuration files, databases and database settings, and
    so on.
    
    The References section of this erratum contains a download link (you must
    log in to download the update).
    
    4. JIRA issues fixed (https://issues.jboss.org/):
    
    IBMRT-20 - Include Open Liberty 20.0.0.3 into Red Hat Runtimes
    
    5. References:
    
    https://access.redhat.com/security/updates/classification/#moderate
    https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=open.liberty&version=20.0.0.3
    https://www.ibm.com/support/pages/security-bulletin-websphere-application-server-vulnerable-denial-service-CVE-2019-17573
    https://access.redhat.com/documentation/en-us/open_liberty/2020/
    
    6. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXm+jctzjgjWX9erEAQjAvA//SKIYAhkLk0j1Axf8hVabAKH7GWo3vbCV
    IdSJemJL2e8NPAUiAzoS61tKVKviYHp2FZFVKtaKjDDhaDDsHPrRvtZ9LtZ8zl/F
    JCEI7pLYeUDY9ZwBA+5jmt91RKKLs6oxr/mtpBPABxkN3dK8Fp7G7wZnVC4OOEIY
    YQYI1cJsRjoZmIzUDHF4ljV7SvhJFnoGRgpY30cN7fAgUv7Wcdaay5S/5cP9mPZz
    q37sTT1Fy+dSy6BWiqzstkNjh03CZ0nINA01qiYgiNBirTEvuj6qkljIbAnNr0gZ
    UuqJuApSaD2He/B/udNipGeGXhiYL0uvaTVL2/gN71Q/0h2+m574dpMdenE3olyr
    ip1fmtXfoqKnbnqJYR7F6ciWgHuCt3qG1I21wnKHC07YwbEqhgShqYjqF5cqGeaW
    ybtJEt81/zGpq/BVAdHDEaWrPpqy5LPMk0tsLNnV35oT8TmMKUtCocZFEWTWNg1y
    76Whm3gflc5zVtEkOMRtPI4zapuc5bXbergAOM/PjyLiUF4eIIxWvVlDQqt+Q150
    /MPorDl6mPqTDlRj1KvAwUjsfmvxm3ErpvYvSC7/tsKkZacj0J+63I5SsF3yyX/1
    ubzBn9gUsQyqWM/l/01YfmpiodERJh5/83J3+0v3Vraj70M8zYPatAakdYpyUdjD
    bNI/mBPOKTI=
    =A8d2
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"96","type":"x","order":"1","pct":80,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"18","type":"x","order":"2","pct":15,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"6","type":"x","order":"3","pct":5,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.