Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Red Hat Quarkus 2.7.6.SP3 Important: RHSA-2022:8957-01 Security Fix

red hat
Calendar Grey December 13, 2022
Dist Redhat Esm H88
Red Hat releases a crucial update for Quarkus Framework, focusing on vulnerabilities and enhancements across various modules.
An update is now available for Red Hat build of Quarkus Platform

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Summary

This release of Red Hat build of Quarkus 2.7.6.SP3 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section.
Security Fix(es):
* CVE-2022-4147 quarkus-vertx-http: Security misconfiguration of CORS : OWASP A05_2021 level in Quarkus
* CVE-2022-4116 quarkus_dev_ui: Dev UI Config Editor is vulnerable to drive-by localhost attacks leading to RCE
* CVE-2022-45047 mina-sshd: Java unsafe deserialization vulnerability
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory red hat security fix important misconfiguration Java quarkus

References

https://access.redhat.com/security/cve/CVE-2022-4116 https://access.redhat.com/security/cve/CVE-2022-4147 https://access.redhat.com/security/cve/CVE-2022-45047 https://access.redhat.com/articles/4966181 https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=redhat.quarkus&version=2.7.6.SP3 https://access.redhat.com/documentation/en-us/red_hat_build_of_quarkus/2.7 https://bugzilla.redhat.com/show_bug.cgi?id=2148867 https://bugzilla.redhat.com/show_bug.cgi?id=2144748 https://bugzilla.redhat.com/show_bug.cgi?id=2145194 https://access.redhat.com/security/updates/classification/#important

Package List


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2022:8957-01
Product: Red Hat build of Quarkus
Advisory URL: https://access.redhat.com/errata/RHSA-2022:8957
Issue date: 2022-12-13

Topic

An update is now available for Red Hat build of Quarkus Platform. Red HatProduct Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability. Formore information, see the CVE links in the References section.

Topics%20covered

Topics Covered

security advisory red hat security fix important misconfiguration Java quarkus

Relevant Releases Architectures

Bugs Fixed

2144748 - CVE-2022-4116 quarkus_dev_ui: Dev UI Config Editor is vulnerable to drive-by localhost attacks leading to RCE

2145194 - CVE-2022-45047 mina-sshd: Java unsafe deserialization vulnerability

2148867 - CVE-2022-4147 quarkus-vertx-http: Security misconfiguration of CORS : OWASP A05_2021 level in Quarkus

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here