Linux Security
    Linux Security
    Linux Security

    RedHat: RHSA-2020-3017:01 Important: Red Hat support for Spring Boot 2.1.15

    Date
    231
    Posted By
    An update is now available for Red Hat support for Spring Boot. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Important: Red Hat support for Spring Boot 2.1.15 security and bug fix update
    Advisory ID:       RHSA-2020:3017-01
    Product:           Red Hat OpenShift Application Runtimes
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:3017
    Issue date:        2020-07-27
    CVE Names:         CVE-2020-1714 CVE-2020-9484 
    =====================================================================
    
    1. Summary:
    
    An update is now available for Red Hat support for Spring Boot.
    
    Red Hat Product Security has rated this update as having a security impact
    of Important. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each vulnerability
    from the CVE link(s) in the References section.
    
    2. Description:
    
    Red Hat support for Spring Boot provides an application platform that
    reduces the complexity of developing and operating applications (monoliths
    and microservices) for OpenShift as a containerized platform.
    
    This release of Red Hat support for Spring Boot 2.1.15 serves as a
    replacement for Red Hat support for Spring Boot 2.1.13, and includes
    security and bug fixes and enhancements. For further information, refer to
    the release notes linked to in the References section.
    
    Security Fix(es):
    
    * keycloak: Lack of checks in ObjectInputStream leading to Remote Code
    Execution (CVE-2020-1714)
    
    * tomcat: deserialization flaw in session persistence storage leading to
    RCE (CVE-2020-9484)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    3. Solution:
    
    Before applying the update, back up your existing installation, including
    all applications, configuration files, databases and database settings, and
    so on.
    
    The References section of this erratum contains a download link (you must
    log in to download the update).
    
    4. Bugs fixed (https://bugzilla.redhat.com/):
    
    1705975 - CVE-2020-1714 keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution
    1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE
    
    5. References:
    
    https://access.redhat.com/security/cve/CVE-2020-1714
    https://access.redhat.com/security/cve/CVE-2020-9484
    https://access.redhat.com/security/updates/classification/#important
    https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=catRhoar.spring.boot&version=2.1.15
    https://access.redhat.com/documentation/en-us/red_hat_support_for_spring_boot/2.1/html-single/release_notes_for_spring_boot_2.1/index
    
    6. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXx7SOtzjgjWX9erEAQiOwA//Vtzf+JAv0FdMxKoIMcCpxrxSSISo27iq
    TAOg1fDD0i5A2agpAH78/HjTwy8AucXdaBHAVKLKPI6hK3WeGAmAIzBDxOZ6bJlR
    XGSCiKIHLvX+sXLZHjBoLgNVrefxqBlCFRUDEr/anBOWUAcSwJIutmH381TbTJb5
    x7Z8gRDoP2VMl5fDE6Nq6ERwptH8td8CgR5AlCvMoNiZyX7MwREU2OIWp/0NZ7Rk
    QafCrxOZABCQYGmadM8bJhV/Qd7cpDvLnD0igWR5E/p35oMwXwOwEmWldYmFLV6D
    RyniwZYKofHeUhMdb1secJCNw7KSKBVRZkGsHCaK7zKH5+wRG85/zpMgVuSChuJx
    Hsmt4NRkq8EsU/1Vy5IDO/+FEEIjrfXZiisv3HlZd4rcXNW6pUc/vgZ/RniQeBrt
    YBlbB+mW5FJnDtgHtl3gjdBOUwPrlE4OhBAgIvKV5eT6yCY3wYgIkXHWvc0cMpFS
    XFwZWibWEp7rpJBHviniI+gwDMCVKp6DSpVSA+Q/RldF2UAzIB5+7FEMhPHMC05B
    3BE3bd1xHlcKLiC9OHPRveZd0ML83xrdOVSFa4q+2Dks0OBqZ+YHs38GvNOiPqVs
    jX6XOCe6Aa6ExPw5ver7tqrjeTvpmscbxNeaKSWAaryX4sPpDEfNPkio0cRTVD5z
    c8iSC8VQeWU=
    =0UBP
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    Advisories

    LinuxSecurity Poll

    Which aspect of server security are you most interested in learning more about?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/38-which-aspect-of-server-security-are-you-most-interested-in-learning-more-about?task=poll.vote&format=json
    38
    radio
    [{"id":"131","title":"Preventing information leakage","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"132","title":"Firewall considerations","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"133","title":"Permissions ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.