Linux Security
    Linux Security
    Linux Security

    RedHat: RHSA-2020-3209:01 Moderate: AMQ Online 1.5.2 release and security

    Date
    207
    Posted By
    An update of the Red Hat OpenShift Container Platform 3.11 and 4.4/4.5 container images is now available for Red Hat AMQ Online. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: AMQ Online 1.5.2 release and security update
    Advisory ID:       RHSA-2020:3209-01
    Product:           Red Hat JBoss AMQ
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:3209
    Issue date:        2020-07-29
    Cross references:  RHBA-2020:57503-01
    CVE Names:         CVE-2020-13692 CVE-2020-14319 
    =====================================================================
    
    1. Summary:
    
    An update of the Red Hat OpenShift Container Platform 3.11 and 4.4/4.5
    container images is now available for Red Hat AMQ Online.
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Description:
    
    The release of Red Hat AMQ Online 1.5.2 serves as a replacement for AMQ
    Online 1.5.1, and includes bug fixes and enhancements, which are documented
    in the Release Notes document linked in the References.
    
    Security Fix(es):
    
    * AMQ Online: CSRF in graphQL requests (CVE-2020-14319)
    
    * postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML
    (CVE-2020-13692)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    3. Solution:
    
    The Red Hat OpenShift Container Platform 3.11 and 4.4/4.5 container images
    provided by this update can be downloaded from the Red Hat Container
    Registry at registry.access.redhat.com. Installation instructions for your
    platform are available from https://access.redhat.com.
    
    Dockerfiles and scripts should be amended either to refer to this new image
    specifically, or to the latest image generally.
    
    Before applying this update, make sure all previously released errata
    relevant to your system have been applied.
    
    4. Bugs fixed (https://bugzilla.redhat.com/):
    
    1852985 - CVE-2020-13692 postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML
    1854373 - CVE-2020-14319 amq-on: CSRF (in graphQL requests)
    
    5. References:
    
    https://access.redhat.com/security/cve/CVE-2020-13692
    https://access.redhat.com/security/cve/CVE-2020-14319
    https://access.redhat.com/security/updates/classification/#moderate
    https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.online&version=1.5.2
    https://access.redhat.com/documentation/en-us/red_hat_amq/7.7/html/release_notes_for_amq_online_1.5_on_openshift/index
    
    6. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXyGUKtzjgjWX9erEAQgw4g/+PTRUboI4VxkVtnCZptOiAZyVw9R+52XD
    CpQUqtBJhmEpJxX4QVYHreu0cJw8ZDMqPs+IRRwi3Cl8Z8ExMovZqfNpIm+aV/Qy
    yqdBK4qWMjKrjsT5U3F3r64eOmRP/dh0SALRjOVYMy/g1Ua132hT5MHUjzonggpe
    V/HJJ6N+m7uxfBqceEz1bNKtTXQKRhQgoXbLlVRCfbqt1+mEeigZVEi/eCOJrQc/
    AUqs54WsufFJVYsNGtnb0rV1lZndnFkCNmHrJvxTCZf1DyOi1ZtZRxP51GnxPWcm
    W6jSO1VD3lfIW8iVnBsNe/6y2ObAyVcgZmsADhrMrrNWwwbEEKgVL32S2n9mSel2
    M6TlHoq7PabNbIMsTeaCc2wsYR2wPVbgGMOfhYjIeXE/ofMuUHCc8cqdx4IzHYIG
    mpcU2PS3Nuf54lARNuNgkA4A6UKhXeiOZpxv+pJ3wK9yptor1AmZSaqMt6ph5fw0
    wHeb/9DQo1upjkP20XMG1N1InpGr/du/NiLi7FN+FCE1XMPBmUVUS35cnz+q1wok
    BurzgAmTzdlGkGEYzGC/WnT2GpiyfUYLId3Gxvmg4MRIyNXUPglQmMynJ/tbWLpS
    KFsGhL6yZ+3R65HZpMfQUN+v03RGMPJkpRMQjwcX8kjSbIlXE5qCX7BccSYLYgt3
    Y0qld5QMYwo=
    =bs2Z
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    Which aspect of server security are you most interested in learning more about?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/38-which-aspect-of-server-security-are-you-most-interested-in-learning-more-about?task=poll.vote&format=json
    38
    radio
    [{"id":"131","title":"Preventing information leakage","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"132","title":"Firewall considerations","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"133","title":"Permissions ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.