Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
98
security advisorysecurity issueimportant updateRed Hat Fuse 7.10.2.P1 RHSA-2022:4932-01 Important Token Signature Issue
A patch update (from 7.10.2 to 7.10.2.P1) is now available for Red Hat on OpenShift for EAP, Karaf, and Spring Boot. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Fuse 7.10.2.P1 security update Advisory ID: RHSA-2022:4932-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2022:4932 Issue date: 2022-06-07 CVE Names: CVE-2021-22573 ==================================================================== 1. Summary: A patch update (from 7.10.2 to 7.10.2.P1) is now available for Red Hat on OpenShift for EAP, Karaf, and Spring Boot. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: This release of Red Hat Fuse 7.10.1 serves as a replacement for Red Hat Fuse 7.10 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Security Fix(es): * google-oauth-client: Token signature not verified [fuse-7] (CVE-2021-22573) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ 4. Bugs fixed (https://bugzilla.redhat.com/): 2081879 - CVE-2021-22573 google-oauth-client: Token signature not verified 5. References: https://access.redhat.com/security/cve/CVE-2021-22573 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.10.2.P1 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYp9nUdzjgjWX9erEAQiNiBAAo4gtwYg3sju8sO7QX31IM928M0cM3QU3 Gj2l2kharF/WicDpc2xW9GZOJ09Z1D4F+UI9zqketdXQsS4Fbq9Rz0n0mQ8rDDvO xf02g3aXZWM1uItkzjjtQxGvd/vaQH/djRkBc3hO+ez9iBuE5sUHrUmAQ/aTE5Nq YzJ6XrO9QCxWpmwjnyC/kNs5Yds6DE27vxEHUqx8iDU9EUsybcZNbE45RMoHLx+m GyUiysRV0jCfRVggNt4GEqfjCOQJ/a3+ftWypW/oW42oOUarr8V1G/menlQLOWFO KmjcI+ISjvxQ51e+HVS50jHNgJPnxdrKb9ibiNSmUeYGPrjgRmNMOcUbUStCGj4o XZEB3mxsBZVQLKueygPIclnOiaitAVrJq+68ajS+V8at+XxA4U+2xZDieOxwAG6o 7HzTOLfuPHgssIDV2Qp0EixCw1rc/KIibCj1FN5y6FEvVzzlZzujXYTI/DybF6wQ ZgX4IYXCYDB+Il88L6l3MZR9e/n7JS8RBJKRlJgjudURX8L2/mjS1b1ZY99Lj8K0 lIP0IwDGobNwZnYk7pZ5Dvr8bKjni+yragiMZgezratObVySDzUIsHkhUrKTwk1M oK67Kc145gMbtEwHV3SV00fIHMBq4xumNBMpsI8SIIJsrZd+QSqI9xIV52c51pLb 28ICGYY235k=bKHz -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 07, 2022
•Important
Red Hat
98
security advisorysecurity issuered hatRedHat: RHSA-2020:3587-01 Important: JBoss Fuse/A-MQ Security Fix
An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Fuse/A-MQ 6.3 R17 security and bug fix update Advisory ID: RHSA-2020:3587-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2020:3587 Issue date: 2020-09-01 CVE Names: CVE-2019-9827 CVE-2019-10086 CVE-2020-11994 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below. Security fix(es): * commons-beanutils: apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default (CVE-2019-10086) * Camel: server-side template injection and arbitrary file disclosure on templating components (CVE-2020-11994) * hawtio: server side request forgery via initial /proxy/ substring of a URI (CVE-2019-9827) For more details about the security issue(s),including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are located in the download section of the customer portal. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1728604 - CVE-2019-9827 hawtio: server side request forgery via initial /proxy/ substring of a URI 1767483 - CVE-2019-10086 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default 1855786 - CVE-2020-11994 camel: server-side template injection and arbitrary file disclosure on templating components 5. References: https://access.redhat.com/security/cve/CVE-2019-9827 https://access.redhat.com/security/cve/CVE-2019-10086 https://access.redhat.com/security/cve/CVE-2020-11994 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.broker&downloadType=securityPatches&version=6.3.0 https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=securityPatches&version=6.3 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBX05eBtzjgjWX9erEAQhHQxAApQ4OX0s4px/8hoxBldKrHA1TdRdI3wYD WNGBzCh6b07BjRIlLz25fNlLFehgiTDA8cHejO5krVafGjhHn184dB7h+1okhujw XFet7NgMV0M2d5xiIgthsLM08Hu+x/3+VzOqgh/VxHOils+ud6wcLFIIUWX6C8mI LFUfdxeLXl4RKqVQmK0GPCMjhGH/34wcKW9/L/L1cOpsMVGP5gQU41NFsl//siII Lt2sfWUAGUJn/bxW/MISU+tMTdhk2qao4dqAziiqUzhnGP64jDUhU3Sk7vVtHPvk 7OS9aDY+rDbaHZuyFe+doqmC2s87cr74oK4U7E3Gfd642U+W7UuEJt22VUcPiBjP 78h0RRPuifdTPd5R+rwHRuOZL9JWNm71KvOBPyTaD+Pi8IRMtu12wQgqVVcPKDQa v6TbUrK/ChQYrj1Wb3B02Rn1Qz2S1nKo8cCdyd0ZaMydr5bxHfLrIZb261w5m04/ Y4CrUo4WiAKtKXZ1RC0RrF+G2OBBudhl/heBd/2IV+XVpcKAwmg0GuwXaLZg+HN1 OKS4HaOQdaUSzY/Qbd9GaMA+to/yv25SFlxl6S5m52z465fI74DNhMbw1nIzN6Rc 36fjSM3lXLvyIQVFrcuwaMdwGKXRrUIvRFATLqBntTWJIsx4DJlA2CtUZNLD8066 uLY75tdZ+6k=K8Z1 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 01, 2020
•Important
Red Hat
98
security advisoryupdatered hatRedHat: RHSA-2020-0481-01 Important: JBoss Fuse and A-MQ Security Update
An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Fuse/A-MQ 6.3 R15 security and bug fix update Advisory ID: RHSA-2020:0481-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2020:0481 Issue date: 2020-02-12 CVE Names: CVE-2015-9251 CVE-2019-10174 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below. Security fix(es): * infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods (CVE-2019-10174) * js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying theupdate, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are located in the download section of the customer portal. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests 1703469 - CVE-2019-10174 infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods 5. References: https://access.redhat.com/security/cve/CVE-2015-9251 https://access.redhat.com/security/cve/CVE-2019-10174 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.broker&downloadType=securityPatches&version=6.3.0 https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=securityPatches&version=6.3 https://docs.redhat.com/en/documentation/red_hat_jboss_fuse/6.3/html/release_notes/index 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXkQZStzjgjWX9erEAQgBIw/+NsU6N6p0YmMzXfske+iV+O0Oe13EStOB bPzwKV+9QUHfmRdIy7o3kUEviONKf/9ZbV33k7ZK3NjWaKD2ykAPCIuJezHrdpi5 eo1lbdNwmZlk0UJp9FniI/Z7+nidmasKBx07uCXiHPNGUe/JqNV9+qiZl9pn0NOJ KT2VeiliMyW2OhBBhiEf8c55SSeRTvo951d+K13V62CgQEnGrD3+4pjiqfnjkZtv s9UbPRLlF0wMdaYm4YkUxLdmU48X/hUzlSLiW7OSrT/eN/Lc76ScUq1MiTc0/H66 59yaii+0Wtz3SHUtLtrPX+TOwf2rr7x82aG5vYuFjOcyTeZE/cwYdRcbBhRp1apH dd7eSCeBbGw5XSLB4u2eTX6BQgClV17DgftOUUHnjiop+d7btIP7SMrFPlvewxKY OahEMt50FWJP5flYIHAIuaPuu+dsCIwtvpcKpjvaeW+lriuyeN41G6VqlPXByX/q zUXgev5wNWHmWgdUFDi8BDiXvgjPUMKuK489TeBDm7bhC12gFkcZ0I7YR0n3ARSJ AjMQt4aL19hoE70WzjpkRBxkb5gfP5nEllVe/+9afyhQCIEk+1Bg6d8zsiGEdrvR gTyxKvGmEAtYYjY62uYQ0JYr1kePLpZsIi9/tgSV2ZUA4391xtj2S0Ue9nzze1RA EVPwFRkVQq4=ATwj -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 12, 2020
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!