RedHat: RHSA-2022-1333:01 Low: Red Hat Integration Camel-K 1.6.5 security
Summary
A micro version update (from 1.6.4 to 1.6.5) is now available for Red Hat
Camel K that includes CVE fixes in the base images, which are documented in
the Release Notes document linked in the References section.
Security Fix(es):
* spring-beans: spring-framework: RCE via Data Binding on JDK 9+
(CVE-2022-22965)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Summary
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
References
https://access.redhat.com/security/cve/CVE-2022-22965 https://access.redhat.com/security/vulnerabilities/RHSB-2022-003 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2022-Q2 https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q1
Package List
Topic
A micro version update (from 1.6.4 to 1.6.5) is now available for Red HatIntegration Camel K. The purpose of this text-only errata is to inform youabout the security issues fixed in this release.Red Hat Product Security has rated this update as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Bugs Fixed
2070348 - CVE-2022-22965 spring-framework: RCE via Data Binding on JDK 9+