-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: Open Liberty 20.0.0.3 Runtime security update
Advisory ID:       RHSA-2020:0824-01
Product:           Open Liberty
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:0824
Issue date:        2020-03-16
====================================================================
1. Summary:

Open Liberty 20.0.0.3 Runtime is now available from the Customer Portal.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Open Liberty is a lightweight open framework for building fast and
efficient cloud-native Java microservices. 

This release of Open Liberty 20.0.0.3 serves as a replacement for Open
Liberty 20.0.0.2 and includes security fixes, bug fixes, and enhancements.
For specific information about this release, see links in the References
section.

Security Fix(es):

* cxf: reflected XSS in the services listing page (CVE-2019-17573)

For more details about the security issue(s), see the IBM Security Bulletin
links for each CVE, listed in the References section.

3. Solution:

Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on.

The References section of this erratum contains a download link (you must
log in to download the update).

4. JIRA issues fixed (https://issues.redhat.com/plugins/servlet/samlsso

IBMRT-20 - Include Open Liberty 20.0.0.3 into Red Hat Runtimes

5. References:

https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=open.liberty&version=20.0.0.3
https://access.redhat.com/documentation/en-us/open_liberty/2020/

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXm+jctzjgjWX9erEAQjAvA//SKIYAhkLk0j1Axf8hVabAKH7GWo3vbCV
IdSJemJL2e8NPAUiAzoS61tKVKviYHp2FZFVKtaKjDDhaDDsHPrRvtZ9LtZ8zl/F
JCEI7pLYeUDY9ZwBA+5jmt91RKKLs6oxr/mtpBPABxkN3dK8Fp7G7wZnVC4OOEIY
YQYI1cJsRjoZmIzUDHF4ljV7SvhJFnoGRgpY30cN7fAgUv7Wcdaay5S/5cP9mPZz
q37sTT1Fy+dSy6BWiqzstkNjh03CZ0nINA01qiYgiNBirTEvuj6qkljIbAnNr0gZ
UuqJuApSaD2He/B/udNipGeGXhiYL0uvaTVL2/gN71Q/0h2+m574dpMdenE3olyr
ip1fmtXfoqKnbnqJYR7F6ciWgHuCt3qG1I21wnKHC07YwbEqhgShqYjqF5cqGeaW
ybtJEt81/zGpq/BVAdHDEaWrPpqy5LPMk0tsLNnV35oT8TmMKUtCocZFEWTWNg1y
76Whm3gflc5zVtEkOMRtPI4zapuc5bXbergAOM/PjyLiUF4eIIxWvVlDQqt+Q150
/MPorDl6mPqTDlRj1KvAwUjsfmvxm3ErpvYvSC7/tsKkZacj0J+63I5SsF3yyX/1
ubzBn9gUsQyqWM/l/01YfmpiodERJh5/83J3+0v3Vraj70M8zYPatAakdYpyUdjD
bNI/mBPOKTI=A8d2
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2020-0824:01 Moderate: Open Liberty 20.0.0.3 Runtime security

Open Liberty 20.0.0.3 Runtime is now available from the Customer Portal

Summary

Open Liberty is a lightweight open framework for building fast and efficient cloud-native Java microservices.
This release of Open Liberty 20.0.0.3 serves as a replacement for Open Liberty 20.0.0.2 and includes security fixes, bug fixes, and enhancements. For specific information about this release, see links in the References section.
Security Fix(es):
* cxf: reflected XSS in the services listing page (CVE-2019-17573)
For more details about the security issue(s), see the IBM Security Bulletin links for each CVE, listed in the References section.



Summary


Solution

Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link (you must log in to download the update).
4. JIRA issues fixed (https://issues.redhat.com/plugins/servlet/samlsso
IBMRT-20 - Include Open Liberty 20.0.0.3 into Red Hat Runtimes

References

https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=open.liberty&version=20.0.0.3 https://access.redhat.com/documentation/en-us/open_liberty/2020/

Package List


Severity
Advisory ID: RHSA-2020:0824-01
Product: Open Liberty
Advisory URL: https://access.redhat.com/errata/RHSA-2020:0824
Issued Date: : 2020-03-16

Topic

Open Liberty 20.0.0.3 Runtime is now available from the Customer Portal.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures


Bugs Fixed


Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved