Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
98
security advisorybug fixsecurity impactRedHat: RHSA-2019-3002-01 Important: Red Hat FIS 2.0 Security Update
An update is now available for Red Hat Fuse Integration Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat FIS 2.0 on Fuse 6.3.0 R13 security and bug fix update Advisory ID: RHSA-2019:3002-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2019:3002 Issue date: 2019-10-10 CVE Names: CVE-2018-11307 CVE-2018-12022 CVE-2018-12023 CVE-2018-14718 CVE-2018-14719 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 ==================================================================== 1. Summary: An update is now available for Red Hat Fuse Integration Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Fuse Integration Services provides a set of tools and containerized xPaaS images that enable development, deployment, and management of integration microservices within OpenShift. Security fix(es): * jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis (CVE-2018-11307) * jackson-databind: improper polymorphic deserialization of types from Jodd-db library (CVE-2018-12022) * jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver (CVE-2018-12023) * jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718) * jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-coreclasses (CVE-2018-14719) * jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360) * jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361) * jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Updating instructions and release notes may be found at: https://access.redhat.com/articles/3060411 4. Bugs fixed (https://bugzilla.redhat.com/): 1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1671096 - CVE-2018-12023 jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver 1671097 - CVE-2018-12022 jackson-databind: improper polymorphic deserialization of types from Jodd-db library 1677341 - CVE-2018-11307 jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis 5.References: https://access.redhat.com/security/cve/CVE-2018-11307 https://access.redhat.com/security/cve/CVE-2018-12022 https://access.redhat.com/security/cve/CVE-2018-12023 https://access.redhat.com/security/cve/CVE-2018-14718 https://access.redhat.com/security/cve/CVE-2018-14719 https://access.redhat.com/security/cve/CVE-2018-19360 https://access.redhat.com/security/cve/CVE-2018-19361 https://access.redhat.com/security/cve/CVE-2018-19362 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/articles/3060411 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXZ8o/9zjgjWX9erEAQjkpQ//VlEryEs6//fH3XL75mkGiOhEIPuyz7+0 ICG74MGZZNFYEqx9z8smQIIlfJHd2nHky9g4A9WY0K1DZglZDBDKooQVulHbqko4 6uSYx2IhpEqM16/EWPaqt3qqnDEcMYP3erq0QmAKAN5uiofGpiWH91lnkq/O/os7 l9hMGjlLqAiu0FxvnZTj1GrdldGNeS7XihpN1VoAwp6DnXxYloualETwKum7l4cY MKIjEqts+VtKq4l+xKN235wC/1yC8Qr9xnwn/4r5a5NpscN9g6vl7cTQdAjia2rP P8JDbYFByr96RDjyy5gVScDDyoI8OrCuNH2tBD4gbUh31czHvWxrOZ/icTKYSGqS AAYrvl0GTeHrIsuedar/PFiDj8+KawvuREbqHV1hkjIDTPqch7HCVfT0K92Y67n6 sMPkQY8Z/eKQEFhcrK+yMDZdWOxLraSUKfYXrgRqtDlAUvDFcWqLlSkTw8VsLxMr q/1uComAPUfSK4mBTq6Rb5mzSqHDT3G8rvV/btlE9jzaN+E9fJcSso+O+cjA3n9a gT8EsRcGcHphv0eL0Sw7Cm/wyrYXd6nRxGYtzfcG/3DAooSRPs6ONGCee485OAP8 Vm6FySuRJD50IDxsRembvCpZYih7ixZMBFIJRG9m2+7M7JF1hJ6pYEeFQyKPdQO3 oe1GMGqOWFA=SLu4 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 10, 2019
•Important
Red Hat
98
security advisorycriticalremote code executionRed Hat: RHSA-2018-2939-01 Critical: Remote Code Execution Threat
An update is now available for Red Hat Fuse Integration Services. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: Red Hat FIS 2.0 on Fuse 6.3.0 R8 security and bug fix update Advisory ID: RHSA-2018:2939-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2018:2939 Issue date: 2018-10-17 CVE Names: CVE-2017-12617 CVE-2018-1260 CVE-2018-1270 CVE-2018-1271 CVE-2018-1275 CVE-2018-1304 CVE-2018-1305 CVE-2018-1336 CVE-2018-7489 ==================================================================== 1. Summary: An update is now available for Red Hat Fuse Integration Services. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Fuse Integration Services provides a set of tools and containerized xPaaS images that enable development, deployment, and management of integration microservices within OpenShift. Security fix(es): * jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries (CVE-2018-7489) * spring-framework: Address partial fix for CVE-2018-1270 (CVE-2018-1275) * spring-framework: Directory traversal vulnerability with static resources on Windows filesystems (CVE-2018-1271) * spring-framework: Possible RCE via spring messaging (CVE-2018-1270) * spring-security-oauth: remote code execution in the authorization process (CVE-2018-1260) * tomcat: A bug in theUTF-8 decoder can lead to DoS (CVE-2018-1336) * tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304) * tomcat: Late application of security constraints can lead to resource exposure for unauthorised users (CVE-2018-1305) * tomcat: Remote Code Execution bypass for CVE-2017-12615 (CVE-2017-12617) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Updating instructions and release notes may be found at: https://access.redhat.com/articles/3060411 4. Bugs fixed (https://bugzilla.redhat.com/): 1494283 - CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615 1548282 - CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users1548289 - CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources 1549276 - CVE-2018-7489 jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries 1564405 - CVE-2018-1270 spring-framework: Possible RCE via spring messaging 1565307 - CVE-2018-1275 spring-framework: Address partial fix for CVE-2018-1270 1571050 - CVE-2018-1271 spring-framework: Directory traversal vulnerability with static resources on Windows filesystems 1584376 - CVE-2018-1260 spring-security-oauth: remote code execution in the authorization process 1607591 - CVE-2018-1336 tomcat: A bug in the UTF-8 decoder can lead to DoS 5.References: https://access.redhat.com/security/cve/CVE-2017-12617 https://access.redhat.com/security/cve/CVE-2018-1260 https://access.redhat.com/security/cve/CVE-2018-1270 https://access.redhat.com/security/cve/CVE-2018-1271 https://access.redhat.com/security/cve/CVE-2018-1275 https://access.redhat.com/security/cve/CVE-2018-1304 https://access.redhat.com/security/cve/CVE-2018-1305 https://access.redhat.com/security/cve/CVE-2018-1336 https://access.redhat.com/security/cve/CVE-2018-7489 https://access.redhat.com/security/updates/classification#critical 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW8eNhdzjgjWX9erEAQgCYw//fxaqJeQ2VPWVSwfYTALj1Lvjrx0bTnip T8MKlgYC4PSKZcOmchvC3f01kNljr1CEJaUQWQi1A+is141gjHgV2nFMSGTUBwBK yGSPLD0oLDJWc/7y7qWMxrotEWjROKIQ72AXwjOtcEeSe9vzSmWotexKR0JYUdgw 8GAMlBhyiQagOncOP3JkWnUkTdNryhY9f5tfX7xfXcDDoxjq4rAVqLrCrWZvr4ec P89vACj8PonE+U5DvFrWWH9nKxGcdvnm0ouib/XFB8GJ/jHhRgBsk/CFpDoEEng5 rzFmbt7fm1OKfgFhRCyrxsVQVUbk0d1ATs+Lpu7Ty3fGysW2bN860Hi+20RSWyow ybjLNU9xSHUG9623XTyyVYgRIox991zpHCHsDWwjsV1NxfjdYlJfHGtuHKNeVQzf h71cHuC7o7VhxZFhMFHjp+O71Ow5N6HcrZAtmKrihfhHRVFugXkvFGRl55gqb4rr Y6/dX/H1abVCNGA5kziXQnO0ce/dAdUZ2mb8XRs3UVgt0MIVD1zisE9d52fsRkr/ NygTi1xn4Pmodoth3C209aA4Iaycixmx4F8HoXSTPNUCYrr0FIjBpDJX35TeTcxg /RU/vyHwdAwz/5aJgFDFxILd4z8a9bIpYGMglMU1rB5y/ovuBB4qUU/o4y8aVYzh bunfRFjDlIY=l0NF -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 17, 2018
•Critical
Red Hat
98
security advisorysecurity issueRed HatRed Hat Fuse Integration Services Update RHSA-2018-2405-01 Critical Issue
An update is now available for Red Hat Fuse Integration Services. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: Red Hat FIS 2.0 on Fuse 6.3.0 R7 security and bug fix update Advisory ID: RHSA-2018:2405-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2018:2405 Issue date: 2018-08-14 CVE Names: CVE-2017-8046 CVE-2017-12196 CVE-2018-1199 CVE-2018-1295 CVE-2018-9159 ==================================================================== 1. Summary: An update is now available for Red Hat Fuse Integration Services. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Fuse Integration Services provides a set of tools and containerized xPaaS images that enable development, deployment, and management of integration microservices within OpenShift. Security fix(es): * undertow: Client can use bogus uri in Digest authentication (CVE-2017-12196) * spring-boot: Malicious PATCH requests submitted to servers can use specially crafted JSON data to run arbitrary Java code (CVE-2017-8046) * spring-framework: Improper URL path validation allows for bypassing of security checks on static resources (CVE-2018-1199) * ignite: Possible Execution of Arbitrary Code Within Deserialization Endpoints (CVE-2018-1295) * spark: Absolute and relative pathnames allow for unintended static file disclosure (CVE-2018-9159) For more details about thesecurity issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2017-12196 issue was discovered by Jan Stourac (Red Hat). 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Updating instructions and release notes may be found at: https://access.redhat.com/articles/3060411 4. Bugs fixed (https://bugzilla.redhat.com/): 1503055 - CVE-2017-12196 undertow: Client can use bogus uri in Digest authentication 1540030 - CVE-2018-1199 spring-framework: Improper URL path validation allows for bypassing of security checks on static resources 1553024 - CVE-2017-8046 spring-boot: Malicious PATCH requests submitted to servers can use specially crafted JSON data to run arbitrary Java code 1563133 - CVE-2018-1295 ignite: Possible Execution of Arbitrary Code Within Deserialization Endpoints 1563732 - CVE-2018-9159 spark: Absolute and relative pathnames allow for unintended static file disclosure 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): ENTESB-8308 - CVE-2017-8046 spring-boot: Malicious PATCH requests submitted to servers can use specially crafted JSON data to run arbitrary Java code ENTESB-8456 - CVE-2018-1199 spring: spring-framework: Improper URL path validation allows for bypassing of security checks on static resources [fis-2.0] ENTESB-8682 - CVE-2018-1295 ignite-core: ignite: Possible Execution of Arbitrary Code Within Deserialization Endpoints [fis-2.0] 6. References: https://access.redhat.com/security/cve/CVE-2017-8046 https://access.redhat.com/security/cve/CVE-2017-12196 https://access.redhat.com/security/cve/CVE-2018-1199 https://access.redhat.com/security/cve/CVE-2018-1295 https://access.redhat.com/security/cve/CVE-2018-9159 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/articles/3060411 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW3My6NzjgjWX9erEAQjUiA/9H5YVEJ2s9HD29te7+eqO14XKAxk12f5a JIordz4maQa153qYUOJOI4Yd2wy36norTH0YgA1kYEo3nL8UkhQK7TJYbgcJdTzt TaQhU+XPBH6ZBosVBo7mNX8sEVv4iE4wUaddbX2k6vcrUkzprwwRVufVLw07K8HM Qvz1oOVxJoWxZ5oFc+sP1hLmm6J0XlmoBgljLSwWlGfcc58ZHy6sdOFNWqkFgC70 GzxZML5HAl18/SqS6IjivWttxhET2Wi3/tEzWjptvoPFUAhr/DxrQCTgSuv96WCF hiPHK+2qNNFrUSceyqBsR3I2okdScwICPRWVyOh30gSofDmn6S3MUQBe87vM9Lt9 Z0iytbm8Ct/gTGyJFRfRMJekHO2KqgT8Wij3JgQ8gPqFgHQtjBt66fna5wzQglbe qi3WQgf/u7cC4XEHUvHKWeyXy556ASFalpse9SY+oiuSn4V1BR6H9RLOlQVC4lGF tlfWQwn+lMueCfl0e10uz4X1Qf8laA9cltye7PYnfIWiDj8v5ZnOkMMBIRvWZdQs r9tzCNtqAdut7aQD41+kKQIc9xPlsVWoIOe2qCUNQfkPfQavDI8cwlucAS+UPH6M lfVXOPCHfCfAXWOxzH4ZPiCJ07sTORHcqMBY8K1YtfN3iWeqqYFCN+hDqP3bxF8m I9eb/pVyijo=2nrn -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 14, 2018
•Critical
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!