RedHat: RHSA-2022-0501:01 Moderate: Red Hat Integration - Service Registry
Summary
This release of Red Hat Integration - Service registry 2.0.3.GA serves as a
replacement for 2.0.2.GA, and includes the below security fixes.
Security Fix(es):
* kafka-clients: Kafka: Timing Attack Vulnerability for Apache Kafka
Connect and Clients (CVE-2021-38153)
* xmlsec: xml-security: XPath Transform abuse allows for information
disclosure (CVE-2021-40690)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Summary
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
References
https://access.redhat.com/security/cve/CVE-2021-38153 https://access.redhat.com/security/cve/CVE-2021-40690 https://access.redhat.com/security/updates/classification/#moderate
Package List
Topic
An update to the images for Red Hat Integration Service Registry is nowavailable from the Red Hat Container Catalog. The purpose of this text-onlyerrata is to inform you about the security issues fixed in this release.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Bugs Fixed
2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients
2011190 - CVE-2021-40690 xml-security: XPath Transform abuse allows for information disclosure