RedHat: RHSA-2022-7257:01 Low: Red Hat Integration Camel-K 1.8.1 se...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Low: Red Hat Integration Camel-K 1.8.1 security update
Advisory ID:       RHSA-2022:7257-01
Product:           Red Hat Integration
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7257
Issue date:        2022-10-27
CVE Names:         CVE-2021-28169 CVE-2022-30973 
=====================================================================

1. Summary:

A micro version update is now available for Red Hat Integration Camel K.
The purpose of this text-only errata is to inform you about the security
issues fixed in this release.

Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

A minor version update is now available for Red Hat Camel K that includes
CVE fixes in the base images. Details are linked in the References section.

Security Fix(es):

* jetty: requests to the ConcatServlet and WelcomeFilter are able to access
protected resources within the WEB-INF directory (CVE-2021-28169)

* tika-core: incomplete fix for CVE-2022-30126 (CVE-2022-30973)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

1971016 - CVE-2021-28169 jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory
2099553 - CVE-2022-30973 tika-core: incomplete fix for CVE-2022-30126

5. References:

https://access.redhat.com/security/cve/CVE-2021-28169
https://access.redhat.com/security/cve/CVE-2022-30973
https://access.redhat.com/security/updates/classification/#low
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2022-Q4
https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q4

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY1x5zdzjgjWX9erEAQiIrQ//Q2Lhg4KrEnawcwk25oS501LhW1jpwkG9
qUds7B+MYQQu1IYCz1wlLfPXIlfuazOmwI2NPTU7EjAhVgW9jjV/eKMQvnfNU6Rp
erSabNWInCcR9FmEeSuXyhWhJwTL/+5onSHoyDGzCxxx5UbWddn46qPM35wxxf8u
4vnzF1Z54/yBNsqVKHHgCNVRkyr/kqf08W38cSCdtzH6oxfHNAse3PbkDA1LqIAe
xcjVB8q/qilCQo82azUAbHJ8+FfImV+rpIg2DNXCOt/++l2KdAiafGxg0w4+nPVw
tm+DQ4xBECJeeuk6PV4VjJy7snNCtowO3nmBkmSmOW3cXawLB8ff5y9Ns7fdv+Vx
ImQh32ux6Tk4MMVsjp+ThnO3bI1Kvo9aG5UoEWQcwCR8R05LQQVe7uS8yx+gJBLE
VXC+o65hR/IZ5N+BHeJigBpIx0kjlsWoFHHD71HSWsbv11MfHeBt+vrVp/E9mjJH
Xztud0pbbdIACUtPOMXE2L7bUTF2A27SXpbmeMWtCTs7Tk4u64SWRMFEQwOwemDo
b+Wz2UgfxRKBSk63sXrOgUdEb9JxY8s8yuBHIP41o4ZZCPVHu04Qu9hcOEWMD1jZ
qdBCyFJSHvcYjkQ7YKEUZPcBUcxe0uMCjHIqA8kXpZVRa9AdKX7oOG7LT77FoLcs
ZITkV9HJImk=
=tKnI
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2022-7257:01 Low: Red Hat Integration Camel-K 1.8.1 security

A micro version update is now available for Red Hat Integration Camel K

Summary

A minor version update is now available for Red Hat Camel K that includes CVE fixes in the base images. Details are linked in the References section.
Security Fix(es):
* jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory (CVE-2021-28169)
* tika-core: incomplete fix for CVE-2022-30126 (CVE-2022-30973)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2021-28169 https://access.redhat.com/security/cve/CVE-2022-30973 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2022-Q4 https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q4

Package List

Severity
Advisory ID: RHSA-2022:7257-01
Product: Red Hat Integration
Advisory URL: https://access.redhat.com/errata/RHSA-2022:7257
Issued Date: : 2022-10-27
CVE Names: CVE-2021-28169 CVE-2022-30973

Topic

A micro version update is now available for Red Hat Integration Camel K.The purpose of this text-only errata is to inform you about the securityissues fixed in this release.Red Hat Product Security has rated this update as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Relevant Releases Architectures

Bugs Fixed

1971016 - CVE-2021-28169 jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory

2099553 - CVE-2022-30973 tika-core: incomplete fix for CVE-2022-30126

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.