Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Red Hat: RHSA-2020-3017-01 Important: Spring Boot 2.1.15 Security Fix

red hat
Calendar Grey July 27, 2020
Dist Redhat Esm H88
Urgent security notice from Red Hat regarding Spring Boot 2.1.15 highlights significant vulnerabilities; updates are now released.
An update is now available for Red Hat support for Spring Boot

Solution

Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.

The References section of this erratum contains a download link (you must log in to download the update).

Summary

Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.
This release of Red Hat support for Spring Boot 2.1.15 serves as a replacement for Red Hat support for Spring Boot 2.1.13, and includes security and bug fixes and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution (CVE-2020-1714)
* tomcat: deserialization flaw in session persistence storage leading to RCE (CVE-2020-9484)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory Red Hat important update Remote Code Execution deserialization flaw Spring Boot

References

https://access.redhat.com/security/cve/CVE-2020-1714 https://access.redhat.com/security/cve/CVE-2020-9484 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=catRhoar.spring.boot&version=2.1.15 https://docs.redhat.com/en/documentation/red_hat_support_for_spring_boot/2.1/html-single/release_notes_for_spring_boot_2.1/index

Package List


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2020:3017-01
Product: Red Hat OpenShift Application Runtimes
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3017
Issue date: 2020-07-27

Topic

An update is now available for Red Hat support for Spring Boot.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory Red Hat important update Remote Code Execution deserialization flaw Spring Boot

Relevant Releases Architectures

Bugs Fixed

1705975 - CVE-2020-1714 keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution

1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here