Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Red Hat Data Grid 8.3.1 RHSA-2022:2232-01 Moderate: Denial of Service

red hat
Calendar Grey May 12, 2022
Dist Redhat Esm H88
Red Hat Product Security has released a security patch for Data Grid version 8.3.1, assessed as moderate in severity, including comprehensive instructions for mitigation procedures.
An update for Red Hat Data Grid is now available

Solution

To install this update, do the following:

1. Download the Data Grid 8.3.1 Server patch from the customer portal[²]. 2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. 3. Install the Data Grid 8.3.1 Server patch. 4. Restart Data Grid to ensure the changes take effect.

For more information about Data Grid 8.3.1, refer to the 8.3.1 Release Notes[³]

Summary

Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale.
Data Grid 8.3.1 replaces Data Grid 8.3.0 and includes bug fixes and enhancements. Find out more about Data Grid 8.3.1 in the Release Notes[3].
Security Fix(es):
* jackson-databind: denial of service via a large depth of nested objects [jdg-8] (CVE-2020-36518)
* kafka-clients: Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients [jdg-8] (CVE-2021-38153)
* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr [jdg-8] (CVE-2022-0084)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory moderate denial of service security update Red Hat timing attack data grid

References

https://access.redhat.com/security/cve/CVE-2020-36518 https://access.redhat.com/security/cve/CVE-2021-38153 https://access.redhat.com/security/cve/CVE-2022-0084 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid&downloadType=securityPatches&version=8.3 https://docs.redhat.com/en/documentation/red_hat_data_grid/8.3/html-single/red_hat_data_grid_8.3_release_notes/index

Package List


Advisory ID: RHSA-2022:2232-01
Product: Red Hat JBoss Data Grid
Advisory URL: https://access.redhat.com/errata/RHSA-2022:2232
Issue date: 2022-05-12

Topic

An update for Red Hat Data Grid is now available.

Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory moderate denial of service security update Red Hat timing attack data grid

Relevant Releases Architectures

Bugs Fixed

2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients

2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr

2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here