Alerts This Week
Warning Icon 1 825
Alerts This Week
Warning Icon 1 825

Red Hat Integration: RHSA-2021-4100-01 Moderate: Security Update

red hat
Calendar Grey November 2, 2021
Dist Redhat Esm H88
This bulletin presents recent insights on the Red Hat Integration Service Registry, highlighting essential corrections and their implications.
An update to the images for Red Hat Integration Service Registry is now available from the Red Hat Container Catalog

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Summary

This release of Red Hat Integration - Service registry 2.0.2.GA serves as a replacement for 2.0.1.GA, and includes the below security fixes.
Security Fix(es):
* apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956)
* RESTEasy: PathParam in RESTEasy can lead to a reflected XSS attack (CVE-2021-20293)
* resteasy: Error message exposes endpoint class information (CVE-2021-20289)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory security update moderate impact Red Hat Integration service registry

References

https://access.redhat.com/security/cve/CVE-2020-13956 https://access.redhat.com/security/cve/CVE-2021-20289 https://access.redhat.com/security/cve/CVE-2021-20293 https://access.redhat.com/security/updates/classification#moderate

Package List


Advisory ID: RHSA-2021:4100-01
Product: Red Hat Integration
Advisory URL: https://access.redhat.com/errata/RHSA-2021:4100
Issue date: 2021-11-02
Keywords: service-registry

Topic

An update to the images for Red Hat Integration Service Registry is nowavailable from the Red Hat Container Catalog. The purpose of this text-onlyerrata is to inform you about the security issues fixed in this release.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory security update moderate impact Red Hat Integration service registry

Relevant Releases Architectures

Bugs Fixed

1886587 - CVE-2020-13956 apache-httpclient: incorrect handling of malformed authority component in request URIs

1935927 - CVE-2021-20289 resteasy: Error message exposes endpoint class information

1942819 - CVE-2021-20293 RESTEasy: PathParam in RESTEasy can lead to a reflected XSS attack

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here