-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat Integration Camel Extension For Quarkus 2.13.2-1 security update
Advisory ID:       RHSA-2023:0888-01
Product:           Red Hat Integration
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0888
Issue date:        2023-02-21
CVE Names:         CVE-2022-41881 CVE-2022-41946 
====================================================================
1. Summary:

Red Hat Integration Camel Extensions for Quarkus 2.13.2-1 release and
security update is now available. The purpose of this text-only errata is
to inform you about the security issues fixed.

Red Hat Product Security has rated this update as having an impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

A security update for 2.13.2-1 is now available. The purpose of this
text-only errata is to inform you about the security issues fixed.

Security Fix(es):

* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS
(CVE-2022-41881)

* postgresql-jdbc: PreparedStatement.setText(int, InputStream) will create
a temporary file if the InputStream is larger than 2k (CVE-2022-41946)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2153379 - CVE-2022-41881 codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS
2153399 - CVE-2022-41946 postgresql-jdbc: PreparedStatement.setText(int, InputStream) will create a temporary file if the InputStream is larger than 2k

5. References:

https://access.redhat.com/security/cve/CVE-2022-41881
https://access.redhat.com/security/cve/CVE-2022-41946
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q1
https://access.redhat.com/documentation/en-us/red_hat_integration/2023.q1

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY/UNZdzjgjWX9erEAQiIwRAAnZ351u8MK7gF8jnA0mco14GKRqE4qauE
R1Mr0XPjxzfXNOA/QB6YYePqAKWgKfKuScGxHinRmi7yUpOsPT+6bUMUGXsD2Mrh
kDCox/PkgIEpW9VxocN87wfcStiJO3BLu2JAoIF4iHNtm9URRDe8DQ8b5kLiHLKP
pG7ikonYltrhuAgHwhgJA4/CDWnfRjmi2MGm7UMEGcpK/D/HujJzk4xfKj52Qt65
tpY3QNygYzrfIq0roJgTKao6iu18J0CxjXC1K+dhGWFDXz+JwLj2rRDssI5lShqc
w3lJtniHPaBgsBcBzQ1qexfkNY9/cTTOsESKuWumvvoZP6Kvsz6pMkz6Lz0NKAI2
ihWS8E1jgBMxOLvcxLOzRU5G6P2l1MP/Ij5b+j+aQr2yDs7hG3Gqpi3gaFBv8vlR
YJDY8mSZuDgnenkPL++Owv1kkB7uLcWraahSr7r2UM8oVdrE4PGIhkFZYCXg3gok
Yg/yZSdhi+QIvXjMZIyF927p1hlA/S53ZWEbq/E6YwqK/7ucJD04Z9Ya3OtyX/1L
kw+EeS9KmU13ghTxU6ycHDPZAbQfnhMeFS3oAh8HlCG1NB06t/wbMHhiGBbziSM/
4X69ZvNq4Yl4nNveoYzLKCiE5J7uw9J6kfqtWkVQrWujExThcGVhrTNdnnesFUIO
90SksFlZXVo=IZtB
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2023-0888:01 Moderate: Red Hat Integration Camel Extension For

Red Hat Integration Camel Extensions for Quarkus 2.13.2-1 release and security update is now available

Summary

A security update for 2.13.2-1 is now available. The purpose of this text-only errata is to inform you about the security issues fixed.
Security Fix(es):
* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)
* postgresql-jdbc: PreparedStatement.setText(int, InputStream) will create a temporary file if the InputStream is larger than 2k (CVE-2022-41946)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Summary


Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2022-41881 https://access.redhat.com/security/cve/CVE-2022-41946 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q1 https://access.redhat.com/documentation/en-us/red_hat_integration/2023.q1

Package List


Severity
Advisory ID: RHSA-2023:0888-01
Product: Red Hat Integration
Advisory URL: https://access.redhat.com/errata/RHSA-2023:0888
Issued Date: : 2023-02-21
CVE Names: CVE-2022-41881 CVE-2022-41946

Topic

Red Hat Integration Camel Extensions for Quarkus 2.13.2-1 release andsecurity update is now available. The purpose of this text-only errata isto inform you about the security issues fixed.Red Hat Product Security has rated this update as having an impact ofModerate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures


Bugs Fixed

2153379 - CVE-2022-41881 codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS

2153399 - CVE-2022-41946 postgresql-jdbc: PreparedStatement.setText(int, InputStream) will create a temporary file if the InputStream is larger than 2k


Related News

Linux Mint 22: Elevating Security and Usability for Admins
3 - 5 min read
Linux Mint has has long been recognized as a versatile and user-friendly distribution and has earned great popularity among administrators and
Exim 4.98 Addresses Critical Vulnerabilities, Bolsters Email Server Security
2 - 4 min read
Exim is one of Unix-like systems' most widely used mail transfer agents. It's essential for email delivery and handling and is a significant part of
Recent OpenSSH RCE Bug Explained: Impact & Mitigations
2 - 4 min read
In an era where cybersecurity threats loom larger than ever, the discovery of a Remote Code Execution (RCE) vulnerability in OpenSSH by Qualys’
CVE-2024-4577: A Swiftly Weaponized Vulnerability for Ransomware Distribution
2 - 4 min read
Security researchers recently issued an update detailing how attackers are exploiting a PHP code execution vulnerability to spread TellYouThePass
Play Ransomware Group Unleashes New Threat on ESXi Environments: Analysis & Mitigation Strategies
3 - 5 min read
The Play ransomware group, well-known for its double-extortion tactics, recently unveiled a Linux variant targeting ESXi environments. This
Critical Linux Kernel Vulnerabilities Patched in Ubuntu Azure Systems
2 - 4 min read
Canonical has fixed several recently identified critical Linux kernel vulnerabilities in July 2024. These vulnerabilities primarily affect Microsoft
The Urgent Need for Secure Software Development: New Report Serves as a Wake-Up Call for the Industry
3 - 5 min read
The Linux Foundation and Open Source Security Foundation recently published a report entitled "Secure Software Development Education 2024
Severe Linux Kernel Privilege Escalation Bugs Could Compromise Entire Systems
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved