Linux Security
    Linux Security
    Linux Security

    RedHat: RHSA-2020-5302:01 Important: Red Hat build of Quarkus 1.7.5 SP1

    Date 01 Dec 2020
    398
    Posted By LinuxSecurity Advisories
    An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Important: Red Hat build of Quarkus 1.7.5 SP1 release and security update
    Advisory ID:       RHSA-2020:5302-01
    Product:           Red Hat build of Quarkus
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:5302
    Issue date:        2020-12-01
    CVE Names:         CVE-2020-25638 
    =====================================================================
    
    1. Summary:
    
    An update is now available for Red Hat build of Quarkus.
    
    Red Hat Product Security has rated this update as having a security impact
    of Important. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each
    vulnerability. For more information, see the CVE links in the References
    section.
    
    2. Description:
    
    This release of Red Hat build of Quarkus 1.7.5 SP1 includes security
    updates, bug fixes, and enhancements. For more information, see the release
    notes page listed in the References section.
    
    Security Fix(es):
    
    * hibernate-core: SQL injection vulnerability when both
    hibernate.use_sql_comments and JPQL String literals are
    used(CVE-2020-25638)
    
    For more details about the security issues and their impact, the CVSS
    score, acknowledgments, and other related information see the CVE pages
    listed in the References section.
    
    3. Solution:
    
    Before applying the update, back up your existing installation, including
    all 
    applications, configuration files, databases and database settings, and so
    on.
    
    The References section of this erratum contains a download link for the
    update. 
    You must be logged in to download the update.
    
    4. Bugs fixed (https://bugzilla.redhat.com/):
    
    1881353 - CVE-2020-25638 hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used
    
    5. References:
    
    https://access.redhat.com/security/cve/CVE-2020-25638
    https://access.redhat.com/security/updates/classification/#important
    https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=redhat.quarkus&downloadType=distributions&version=1.7.5.SP1
    https://access.redhat.com/documentation/en-us/red_hat_build_of_quarkus/1.7/
    https://access.redhat.com/articles/4966181
    
    6. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBX8YtCtzjgjWX9erEAQjIxhAAnXu8raulQImJmfVEEsjrNuKHHeliknGi
    H3wHOy5BZUFbcbgGoZyqYAj6MPVARH/qOo7hr10kVzr3iEeJ3pwV/zGxbHtbjGUO
    BH8YYKHFPXf/WnGdRL09kO09SOoJVo8+bKQG7Wp5bSlyWri597TAqFRwLe6jgrFJ
    Q7khV8YhMGPXahP3469EuAzm29J+bvQn90FEDPShh9Iy5IqnqLZ+AdgiSzbJWsUH
    hvZ81yEQw5umyJrZB1kovQt3cJmO1QkpNNNmB0/XKYHlcTgWCj5vw0B3DeGjxHzF
    7B20aOKCULQRnleCMvnuxYW9Z4Wnko8BzI1t8rXbo3zd68bYJ6XkKrKg0W9LPFPP
    aGg/oxQW+UP9x9mrkZJ58EWID08/cFjcs9BTDztOIBvFqYyN2+uGwczaNsSMso5J
    29FCmFCiM17VFp2pQ14eXyAuvXIIXnGzdZhHAcF4O5PXy27IqOVDVIWk4AJLu1c1
    1bYu+0d4c/QP1IT28FM3TyBezMGIX5NR4T5k1CtH1QDOjvHng8zsU/7ahtmgKxeu
    tLWmzBksem/IDp5j3TSZZjtjKfSTBOvcVTT22RER4ppA6vwtdBNpB4lfecZdqoeG
    B8/P0OrojFTu20B3PCKlyr1jqkRoK5/fw5M6UzkUnxXjG/ucnvdUemOfazCXJupd
    qPSvjEoKIUM=
    =6tcw
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    Advisories

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"8","type":"x","order":"1","pct":27.59,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":20.69,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":51.72,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.