Linux Security
    Linux Security
    Linux Security

    RedHat: RHSA-2020-4252:01 Important: Red Hat build of Quarkus 1.7.5 release

    Date
    116
    Posted By
    An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Important: Red Hat build of Quarkus 1.7.5 release and security update
    Advisory ID:       RHSA-2020:4252-01
    Product:           Red Hat build of Quarkus
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:4252
    Issue date:        2020-10-14
    CVE Names:         CVE-2019-14900 CVE-2020-1714 CVE-2020-1728 
                       CVE-2020-10693 CVE-2020-11612 
    =====================================================================
    
    1. Summary:
    
    An update is now available for Red Hat build of Quarkus.
    
    Red Hat Product Security has rated this update as having a security impact
    of Important. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each
    vulnerability. For more information, see the CVE links in the References
    section.
    
    2. Description:
    
    This release of Red Hat build of Quarkus 1.7.5 includes security updates,
    bug fixes, and enhancements. For more information, see the release notes
    page listed in the References section.
    
    Security Fix(es):
    
    * hibernate-validator: Improper input validation in the interpolation of
    constraint error messages(CVE-2020-10693)
    
    * netty: compression/decompression codecs don't enforce limits on buffer
    allocation sizes(CVE-2020-11612)
    
    * keycloak: security headers missing on REST endpoints(CVE-2020-1728)
    
    * keycloak: Lack of checks in ObjectInputStream leading to Remote Code
    Execution(CVE-2020-1714)
    
    * hibernate: SQL injection issue in Hibernate ORM(CVE-2019-14900)
    
    For more details about the security issues and their impact, the CVSS
    score, acknowledgments, and other related information see the CVE pages
    listed in the References section.
    
    3. Solution:
    
    Before applying the update, back up your existing installation, including
    all applications, configuration files, databases and database settings, and
    so on.
    
    The References section of this erratum contains a download link for the
    update. You must be logged in to download the update.
    
    4. Bugs fixed (https://bugzilla.redhat.com/):
    
    1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM
    1705975 - CVE-2020-1714 keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution
    1800585 - CVE-2020-1728 keycloak: security headers missing on REST endpoints
    1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages
    1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes
    
    5. References:
    
    https://access.redhat.com/security/cve/CVE-2019-14900
    https://access.redhat.com/security/cve/CVE-2020-1714
    https://access.redhat.com/security/cve/CVE-2020-1728
    https://access.redhat.com/security/cve/CVE-2020-10693
    https://access.redhat.com/security/cve/CVE-2020-11612
    https://access.redhat.com/security/updates/classification/#important
    https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=redhat.quarkus&downloadType=distributions&version=1.7.5
    https://access.redhat.com/documentation/en-us/red_hat_build_of_quarkus/1.7/html/release_notes_for_red_hat_build_of_quarkus_1.7/index
    https://access.redhat.com/articles/4966181
    
    6. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBX4beetzjgjWX9erEAQjTDg//RB5xCBvApjefCDKkmL3wd9u9ci3uWhpw
    z+qqrqwqmAclZL5WaMinsd63OCAsflqR3uYOkXKma7YvZjAkwOcknZXORS7z8BL4
    JvNxf6aCCKGqBuib+JJDb7ahLI0E0jGofiXuisO/jTRFKIZ++3JFgAJOgcTdpXJv
    HG49oKzQOJ7i05ZNcKuT+CESwgaMbMzQhpfe3dG2IcWKtDRTdCzTRpS1X/l6hqhu
    P16GltfIhyHOfmEDWg6Z6oBnexYAt5T9AfV+sPqScE1F5/m1IvQqdQNojlHohKyD
    9H4aLZ5R5R/HcztXzHQyYmwmiABxkFpDk58O4JZJiBqvdOfc3XoReqOxUcwBKsD+
    wFGLeawvxgd+UjCMFsK8c8rEBjBKAjsGUo8+SXzsVO1297Y8FHcsLFmI4qJvf8I/
    y5Af8hQ7llo3YCMKUQSGWKn9HBj7ZEAI9zgMrzaWQsPOL7RAjIBwTdbeulrKh9L4
    Mx4Dvn0fk/q/n/OiiRzHLIVtoryMD4NYirK5TbeCBQrJYFBktr+P/GeQDBy3Gh+5
    UfirazB9uCs+BtWYiGPszT891jUCC0mCHICOQQWJbBPQfVq06EMDEBIuXKcRmBsz
    R/feL1OED+00J/NC4bPLQrC18LtaoN3nvL5Hr/3Ag9X22VQaoufl+ragPzJBt3zB
    EvtOC82CxMs=
    =67J6
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    Tails is the most secure Linux distro out there.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/41-ubuntu-is-a-more-secure-distro-than-fedora?task=poll.vote&format=json
    41
    radio
    [{"id":"142","title":"Yes - Tails get my vote!","votes":"4","type":"x","order":"1","pct":66.67,"resources":[]},{"id":"143","title":"Nope - Parrot OS has surpassed Tails in its security and privacy.","votes":"2","type":"x","order":"2","pct":33.33,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.