Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Red Hat: RHSA-2021:3205-01 Moderate: Camel K Security Update

red hat
Calendar Grey August 18, 2021
Dist Redhat Esm H88
Red Hat Integration Camel K version 1.4 has launched, tackling several security vulnerabilities with moderate consequences. Discover additional details.
A minor version update (from 1.3 to 1.4) is now available for Red Hat Integration Camel K that includes bug fixes and enhancements

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Summary

A minor version update (from 1.3 to 1.4) is now available for Red Hat Camel K that includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* cron-utils: template injection allows attackers to inject arbitrary Java EL expressions leading to remote code execution (CVE-2020-26238)
* californium-core: DTLS - DoS vulnerability for certificate based handshakes (CVE-2020-27222)
* undertow: special character in query results in server errors(CVE-2020-27782)
* bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible (CVE-2020-28052)
* activemq: improper authentication allows MITM attack (CVE-2020-13920)
* flink: apache-flink: directory traversal attack allows remote file writing through the REST API (CVE-2020-17518)
* groovy: OS temporary directory leads to information disclosure (CVE-2020-17521)
* kubernetes-client: fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise (CVE-2021-20218)
* pdfbox: infinite loop while loading a crafted PDF file (CVE-2021-27807)
* cxf-rt-rs-json-basic: CXF: Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter (CVE-2021-30468)
* kotlin-scripting-jvm: kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure (CVE-2020-29582)
* pdfbox: OutOfMemory-Exception while loading a crafted PDF file (CVE-2021-27906)
* pdfbox: OutOfMemory-Exception while loading a crafted PDF file (CVE-2021-31811)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory denial of service access control security issues moderate update red hat integration camelk

References

https://access.redhat.com/security/cve/CVE-2020-13920 https://access.redhat.com/security/cve/CVE-2020-17518 https://access.redhat.com/security/cve/CVE-2020-17521 https://access.redhat.com/security/cve/CVE-2020-26238 https://access.redhat.com/security/cve/CVE-2020-27222 https://access.redhat.com/security/cve/CVE-2020-27782 https://access.redhat.com/security/cve/CVE-2020-28052 https://access.redhat.com/security/cve/CVE-2020-29582 https://access.redhat.com/security/cve/CVE-2021-20218 https://access.redhat.com/security/cve/CVE-2021-27807 https://access.redhat.com/security/cve/CVE-2021-27906 https://access.redhat.com/security/cve/CVE-2021-30468 https://access.redhat.com/security/cve/CVE-2021-31811 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_integration/2021.q3/html/getting_started_with_camel_k/ https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2021-Q3

Package List


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2021:3205-01
Product: Red Hat Integration
Advisory URL: https://access.redhat.com/errata/RHSA-2021:3205
Issue date: 2021-08-18
Cross references: RHBA-2021:79512-01

Topic

A minor version update (from 1.3 to 1.4) is now available for Red HatIntegration Camel K that includes bug fixes and enhancements. The purposeof this text-only errata is to inform you about the security issues fixedin this release.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory denial of service access control security issues moderate update red hat integration camelk

Relevant Releases Architectures

Bugs Fixed

1880101 - CVE-2020-13920 activemq: improper authentication allows MITM attack

1901304 - CVE-2020-27782 undertow: special character in query results in server errors1901655 - CVE-2020-26238 cron-utils: template injection allows attackers to inject arbitrary Java EL expressions leading to remote code execution

1912881 - CVE-2020-28052 bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible

1913312 - CVE-2020-17518 apache-flink: directory traversal attack allows remote file writing through the REST API

1922123 - CVE-2020-17521 groovy: OS temporary directory leads to information disclosure

1923405 - CVE-2021-20218 fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise

1930230 - CVE-2020-27222 californium-core: DTLS - DoS vulnerability for certificate based handshakes

1930291 - CVE-2020-29582 kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure

1941050 - CVE-2021-27906 pdfbox: OutOfMemory-Exception while loading a crafted PDF file

1941055 - CVE-2021-27807 pdfbox: infinite loop while loading a crafted PDF file

1971648 - CVE-2021-31811 pdfbox: OutOfMemory-Exception while loading a crafted PDF file

1973392 - CVE-2021-30468 CXF: Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here