RedHat: RHSA-2022-5596:01 Moderate: Red Hat build of Quarkus 2.7.6 release
Summary
This release of Red Hat build of Quarkus 2.7.6 includes security updates,
bug
fixes, and enhancements. For more information, see the release notes page
listed
in the References section.
Security Fix(es):
* CVE-2020-36518 jackson-databind: denial of service via a large depth of
nested objects [quarkus-2]
Summary
Solution
Before applying the update, back up your existing installation, including
all
applications, configuration files, databases and database settings, and so
on.
The References section of this erratum contains a download link for the
update.
You must be logged in to download the update.
References
https://access.redhat.com/security/cve/CVE-2020-36518 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_build_of_quarkus/2.7/ https://access.redhat.com/articles/4966181
Package List
Topic
An update is now available for Red Hat build of Quarkus. Red Hat ProductSecurity has rated this update as having a security impact of Moderate. ACommon Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability. For moreinformation, see the CVE links in the References section.
Topic
Relevant Releases Architectures
Bugs Fixed
2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects