-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Critical: Red Hat build of Eclipse Vert.x 4.1.5 SP1 security update
Advisory ID:       RHSA-2021:5093-01
Product:           Red Hat OpenShift Application Runtimes
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:5093
Issue date:        2021-12-14
CVE Names:         CVE-2021-44228 
====================================================================
1. Summary:

An update is now available for Red Hat build of Eclipse Vert.x.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability. For
more information, see the CVE pages listed in the References section.

2. Description:

This release of Red Hat build of Eclipse Vert.x 4.1.5 SP1 includes security
updates. For more information, see the release notes listed in the
References section.

Security Fix(es):

* log4j-core: Remote code execution in Log4j 2.x when logs contain an
attacker-controlled string value (CVE-2021-44228)

For more details about the security issues and their impact, the CVSS
score, acknowledgements, and other related information, see the CVE pages
listed in the References section.

3. Solution:

Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on.

The References section of this erratum contains a download link for the
update. You must be logged in to download the update.

4. Bugs fixed (https://bugzilla.redhat.com/):

2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value

5. References:

https://access.redhat.com/security/cve/CVE-2021-44228
https://access.redhat.com/security/updates/classification/#critical
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=catRhoar.eclipse.vertx&version=4.1.5.SP1
https://access.redhat.com/security/vulnerabilities/RHSB-2021-009
https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/4.1/html/release_notes_for_eclipse_vert.x_4.1/index

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYbj1DdzjgjWX9erEAQhxyA/8DjakF9qQUEpnpBiM22WJ7YmI0NTZ0pwh
6pIex/TSODetn5yq5CWBV0Y5jm7UiIkpECSiSakJHprnLZyXZ522bmtyRVnagnfk
7V+hUbVr9J/PbQ4PJEpLH6mrcNTgwW29itCuQAdBJ7a3oD/cm4MOcP3QpJffVtwR
t0/Ke01AHRY6A+C3r711hTn0qtVFVXrV8qxL2+poWZZC6eVuJXb8MNgI0D2vbrWb
OLYDYDjppSAi4LO9bHW1CNENywCFHQbaPPoMeq4tyHeiwM83UmiARHzRjRXu6twI
A9KBktWwqXR5DB2UL1ei967y0rcNLDcAGml9J5quqy9ibHkgpVPuSLT3PXuSbC+A
OGof+p3wjqjbdxRIslxaQOT/xnRCFpHetMtEIfC5335i+8gDsWMiIJxH9AyrlTxF
nXasFv9NIjewmU1F6QnRBLcZi7Zq7PUWQ4knFBoNOWRnew2F8R464RzR5VS/oliy
m0UUoRFHQaLkXD7G6vKha68tIDPsk2cHaZG66gplHyvKBc3gNPDIOsk+zinQTBx/
yoBiqyDnSAAYUGUU4g7+/Hrqmv490k3/z+aaxpU8LIXeNdrlDkecpa5IFKHwDXD/
+TFJHH93Q8zJ8XiFGR8IjLjtz6HcHNwW3MqJW25u6S7gq8qGZCIvlAmsLJfcX5V9
Vms+hKYLCSU=nW2M
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2021-5093:03 Critical: Red Hat build of Eclipse Vert.x 4.1.5

An update is now available for Red Hat build of Eclipse Vert.x

Summary

This release of Red Hat build of Eclipse Vert.x 4.1.5 SP1 includes security updates. For more information, see the release notes listed in the References section.
Security Fix(es):
* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)
For more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section.



Summary


Solution

Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.

References

https://access.redhat.com/security/cve/CVE-2021-44228 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=catRhoar.eclipse.vertx&version=4.1.5.SP1 https://access.redhat.com/security/vulnerabilities/RHSB-2021-009 https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/4.1/html/release_notes_for_eclipse_vert.x_4.1/index

Package List


Severity
Advisory ID: RHSA-2021:5093-01
Product: Red Hat OpenShift Application Runtimes
Advisory URL: https://access.redhat.com/errata/RHSA-2021:5093
Issued Date: : 2021-12-14
CVE Names: CVE-2021-44228

Topic

An update is now available for Red Hat build of Eclipse Vert.x.Red Hat Product Security has rated this update as having a security impactof Critical. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability. Formore information, see the CVE pages listed in the References section.


Topic


 

Relevant Releases Architectures


Bugs Fixed

2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value


Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved