RedHat: RHSA-2021-4100:01 Moderate: Red Hat Integration - Service Registry
Summary
This release of Red Hat Integration - Service registry 2.0.2.GA serves as a
replacement for 2.0.1.GA, and includes the below security fixes.
Security Fix(es):
* apache-httpclient: incorrect handling of malformed authority component in
request URIs (CVE-2020-13956)
* RESTEasy: PathParam in RESTEasy can lead to a reflected XSS attack
(CVE-2021-20293)
* resteasy: Error message exposes endpoint class information
(CVE-2021-20289)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Summary
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
References
https://access.redhat.com/security/cve/CVE-2020-13956 https://access.redhat.com/security/cve/CVE-2021-20289 https://access.redhat.com/security/cve/CVE-2021-20293 https://access.redhat.com/security/updates/classification/#moderate
Package List
Topic
An update to the images for Red Hat Integration Service Registry is nowavailable from the Red Hat Container Catalog. The purpose of this text-onlyerrata is to inform you about the security issues fixed in this release.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Bugs Fixed
1886587 - CVE-2020-13956 apache-httpclient: incorrect handling of malformed authority component in request URIs
1935927 - CVE-2021-20289 resteasy: Error message exposes endpoint class information
1942819 - CVE-2021-20293 RESTEasy: PathParam in RESTEasy can lead to a reflected XSS attack