Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Red Hat Data Grid 8.1.1 RHSA-2021:0433-01 Moderate Memory Leak Issue

red hat
Calendar Grey February 8, 2021
Dist Redhat Esm H88
Critical patch release for Ubuntu Server 20.04.5 resolves significant vulnerabilities such as buffer overflow and potential data breach.
A security update for Red Hat Data Grid is now available

Solution

Refer to the Data Grid 8.1 Upgrade Guide for instructions on upgrading to this version.

The References section of this erratum contains a download link (you must log in to download the update).

Summary

Red Hat Data Grid is a distributed, in-memory data store.
This release of Red Hat Data Grid 8.1.1 serves as a replacement for Red Hat Data Grid 8.1.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL (CVE-2020-25644)
* XStream: remote code execution due to insecure XML deserialization when relying on blocklists (CVE-2020-26217)
* infinispan: authorization check missing for server management operations (CVE-2020-25711)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory data protection remote code execution moderate severity memory leak Red Hat Data Grid authorization check authorization missing

References

https://access.redhat.com/security/cve/CVE-2020-25644 https://access.redhat.com/security/cve/CVE-2020-25711 https://access.redhat.com/security/cve/CVE-2020-26217 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid&downloadType=securityPatches&version=8.1 https://docs.redhat.com/en/documentation/red_hat_data_grid/8.1/html/upgrading_data_grid/index

Package List


Advisory ID: RHSA-2021:0433-01
Product: Red Hat JBoss Data Grid
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0433
Issue date: 2021-02-08

Topic

A security update for Red Hat Data Grid is now available.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory data protection remote code execution moderate severity memory leak Red Hat Data Grid authorization check authorization missing

Relevant Releases Architectures

Bugs Fixed

1885485 - CVE-2020-25644 wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL

1897618 - CVE-2020-25711 infinispan: authorization check missing for server management operations

1898907 - CVE-2020-26217 XStream: remote code execution due to insecure XML deserialization when relying on blocklists

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here