Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Red Hat AMQ Online 1.7.0 Low: Path Traversal And Information Disclosure

red hat
Calendar Grey March 25, 2021
Dist Redhat Esm H88
Red Hat AMQ Online 1.7.0 introduces key enhancements and security updates aimed at reducing vulnerabilities while ensuring operational continuity and robust performance
An update of the Red Hat OpenShift Container Platform 3.11 and 4.6/4.7 container images is now available for Red Hat AMQ Online

Solution

The Red Hat OpenShift Container Platform 3.11 and 4.6/4.7 container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available from https://access.redhat.com.

Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.

Before applying this update, make sure all previously released errata relevant to your system have been applied.

Summary

The release of Red Hat AMQ Online 1.7.0 serves as a replacement for earlier AMQ Online releases, and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.
Security Fix(es):
* fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise (CVE-2021-20218)
* netty: Information disclosure via the local system temporary directory (CVE-2021-21290)
* netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory Red Hat update information disclosure path traversal

References

https://access.redhat.com/security/cve/CVE-2021-20218 https://access.redhat.com/security/cve/CVE-2021-21290 https://access.redhat.com/security/cve/CVE-2021-21295 https://access.redhat.com/security/updates/classification#low

Package List


Severity
low
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2021:0986-01
Product: Red Hat JBoss AMQ
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0986
Issue date: 2021-03-25
Cross references: RHBA-2021:69759

Topic

An update of the Red Hat OpenShift Container Platform 3.11 and 4.6/4.7container images is now available for Red Hat AMQ Online.Red Hat Product Security has rated this update as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory Red Hat update information disclosure path traversal

Relevant Releases Architectures

Bugs Fixed

1923405 - CVE-2021-20218 fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise

1927028 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory

1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here