RedHat: RHSA-2022-5029:01 Moderate: Red Hat build of Eclipse Vert.x...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat build of Eclipse Vert.x 4.2.7 security update
Advisory ID:       RHSA-2022:5029-01
Product:           Red Hat OpenShift Application Runtimes
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5029
Issue date:        2022-06-23
CVE Names:         CVE-2020-36518 CVE-2022-25647 
=====================================================================

1. Summary:

An update is now available for Red Hat build of Eclipse Vert.x.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability. For
more information, see the CVE pages listed in the References section.

2. Description:

This release of Red Hat build of Eclipse Vert.x 4.2.7 GA includes security
updates. For more information, see the release notes listed in the
References section.

Security Fix(es):

* jackson-databind: denial of service via a large depth of nested objects
(CVE-2020-36518)

* com.google.code.gson-gson: Deserialization of Untrusted Data in
com.google.code.gson-gson (CVE-2022-25647)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgements, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on.

The References section of this erratum contains a download link for the
update. You must be logged in to download the update.

4. Bugs fixed (https://bugzilla.redhat.com/):

2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects
2080850 - CVE-2022-25647 com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson

5. References:

https://access.redhat.com/security/cve/CVE-2020-36518
https://access.redhat.com/security/cve/CVE-2022-25647
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=catRhoar.eclipse.vertx&version=4.2.7
https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/4.2/html/release_notes_for_eclipse_vert.x_4.2/index

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYrRWD9zjgjWX9erEAQhySBAAlXKnG1+57IQ9cKGQWzpLWKFWJVqsyrGb
hI/qVXa3T2DnslKYD061oBjY6FEBYwVqOrZLkv+9bSuW5CqdworRqzW+ozpPUJw4
1IKqO//OXQ/2UAB9FSKjhcyIB/d6af3urm47rtbeplt8WBF3fh4+Zo+sVxpTRbhX
Kmy+z7YIEKkstR5AQR05mt9KHjpKkj4p2xMwtz3p+VJ0sff0O6gSMdA3oPKoSbms
b43OhcBeiO5eqXryTgtIauRC2tzOk1lGryfDoWI24x4RFPhgK9r67Vv8r6j6psFi
6mBcJvzCpynJSnVOR75KQl9E3t7yuIJR14M6p+PndlcrncMg7S7nlhVvRgdun+Dj
JuL5Kd8QDqu/UQiqLYCpCoZUkyDpg3ztVgR84Y0AFWMH7Q4o+K/dlWBwE1ejrxx0
klurqysi86Ra0UKwk5zzfvNi/r/Cm/7xdMliNrx8pozuZiFK4nW4y9a6Uvu7AH8v
nA4cC5zeM9DWFntZiCn3bfigSRcTdZlfhnvk6Csgzu/HhYR9p2QGnY76ZSgaVq45
ptqT37TDFHFhJSKhR7GLxwrVogT5HjrHV3OMpH2P7p/pO7MkKJovDY+YG5xk1TB8
gdBYMYiSGhlIRrdIeoLGIkqcOs0cEP86+UO1yeYjvIssG6dArotiSJt3LTN/mLzf
LEg430ARk3s=
=qurb
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2022-5029:01 Moderate: Red Hat build of Eclipse Vert.x 4.2.7

An update is now available for Red Hat build of Eclipse Vert.x

Summary

This release of Red Hat build of Eclipse Vert.x 4.2.7 GA includes security updates. For more information, see the release notes listed in the References section.
Security Fix(es):
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying the update, back up your existing installation, includingall applications, configuration files, databases and database settings, andso on.The References section of this erratum contains a download link for theupdate. You must be logged in to download the update.

References

https://access.redhat.com/security/cve/CVE-2020-36518 https://access.redhat.com/security/cve/CVE-2022-25647 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=catRhoar.eclipse.vertx&version=4.2.7 https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/4.2/html/release_notes_for_eclipse_vert.x_4.2/index

Package List

Severity
Advisory ID: RHSA-2022:5029-01
Product: Red Hat OpenShift Application Runtimes
Advisory URL: https://access.redhat.com/errata/RHSA-2022:5029
Issued Date: : 2022-06-23
CVE Names: CVE-2020-36518 CVE-2022-25647

Topic

An update is now available for Red Hat build of Eclipse Vert.x.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability. Formore information, see the CVE pages listed in the References section.

Relevant Releases Architectures

Bugs Fixed

2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects

2080850 - CVE-2022-25647 com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.