Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 5 articles for you...
98
security advisorysecurity issueRed HatRed Hat AMQ Broker 7.10.3 RHSA-2023:3185-01 Urgent DoS and Path Traversal
Red Hat AMQ Broker 7.10.3 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat AMQ Broker 7.10.3 release and security update Advisory ID: RHSA-2023:3185-01 Product: Red Hat JBoss AMQ Advisory URL: https://access.redhat.com/errata/RHSA-2023:3185 Issue date: 2023-05-17 CVE Names: CVE-2022-3782 CVE-2022-22970 CVE-2022-22971 CVE-2023-0482 CVE-2023-20860 CVE-2023-20861 ==================================================================== 1. Summary: Red Hat AMQ Broker 7.10.3 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.10.3 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es): * keycloak: path traversal via double URL encoding (CVE-2022-3782) * springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860) * springframework: DoS via data binding to multipartFile or servlet part (CVE-2022-22970) * springframework: DoS with STOMP over WebSocket (CVE-2022-22971) * springframework: Spring Expression DoS Vulnerability (CVE-2023-20861) * RESTEasy: creation ofinsecure temp files (CVE-2023-0482) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 2087272 - CVE-2022-22970 springframework: DoS via data binding to multipartFile or servlet part 2087274 - CVE-2022-22971 springframework: DoS with STOMP over WebSocket 2138971 - CVE-2022-3782 keycloak: path traversal via double URL encoding 2166004 - CVE-2023-0482 RESTEasy: creation of insecure temp files 2180528 - CVE-2023-20860 springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern 2180530 - CVE-2023-20861 springframework: Spring Expression DoS Vulnerability 5. References: https://access.redhat.com/security/cve/CVE-2022-3782 https://access.redhat.com/security/cve/CVE-2022-22970 https://access.redhat.com/security/cve/CVE-2022-22971 https://access.redhat.com/security/cve/CVE-2023-0482 https://access.redhat.com/security/cve/CVE-2023-20860 https://access.redhat.com/security/cve/CVE-2023-20861 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.10.3 https://docs.redhat.com/en/documentation/red_hat_amq_broker/7.10 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZGUUk9zjgjWX9erEAQgqjBAAmgXkf10OX/zRb3rEEhGbJeZi5gbXvLWe vemmkuTxF4kgezKgoORqn5o/txb5hjiGc2mnxiRxHhZ1SdIOt711L4b/NeWt5H6K smUFet1PFQRjOWS0bdHtksUQ2G4kbR81PnT94+1x8vtjJR+3KK72474CEHr20Sge pd91ZIn1IQB0sbmomzLtKNTmu8D7H2x29pf8aZXHbLjqwY2kE5XT4qT+Etdh4UYX FoTtOUJqnQrk7QhUIoXbSMoVp2D2eCpigFCYe1nyYR9LIkNuZN8XcRCPpkAMosPe pXK+ZPkQpbsIOTMGmxDiP07WRdLa9YakQLVSRizFWswsBe15syn0Lv6+JsdOZ2Ai McFcqczlrSeT8Df9MAtI1S5ac7pIB7ncs010U1+Jne5ece/fz1RMSKYUN5qqNUaS /VZJ1NXxgSZ90tCsgmxdmz7qPVIjRcKwkqKeZcblPUajNz0W4Wxn5Z+Nx4Ber3Yc /C3oAnpycP1PiFKPMrUL9PZbI7+BujxJG8w46wk96QCN2sx8a+bjVWmaQll2+pfU KFX2LfWUj9PBTk2HbGgH1bZjF+i0LIfaThlZF+MDDcVhUsHTPMQ4lSdxSliQD5TN 0VCYkst7ysemHohLWYWua9kbqvqGXsyUl//sDHuHyrViwvnDnVjcL9hSOmT9rFmQ iYToeUfUXXw=HXHd -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 17, 2023
•Important
Red Hat
98
security advisoryRed Hatsecurity enhancementRed Hat AMQ Broker 7.10.1 RHSA-2022:6916-01 Important: Security Issues
Red Hat AMQ Broker 7.10.1 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat AMQ Broker 7.10.1 release and security update Advisory ID: RHSA-2022:6916-01 Product: Red Hat JBoss AMQ Advisory URL: https://access.redhat.com/errata/RHSA-2022:6916 Issue date: 2022-10-12 CVE Names: CVE-2021-3121 CVE-2022-24823 CVE-2022-33980 CVE-2022-35278 ==================================================================== 1. Summary: Red Hat AMQ Broker 7.10.1 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.10.1 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es): * (CVE-2021-3121) gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation * (CVE-2022-35278) activemq-artemis: AMQ Broker web console HTML Injection * (CVE-2022-24823) netty: world readable temporary file containing sensitive data * (CVE-2022-33980) apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults For more details about the security issue(s), including the impact, a CVSS score,and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 2087186 - CVE-2022-24823 netty: world readable temporary file containing sensitive data 2105067 - CVE-2022-33980 apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults 2109805 - CVE-2022-35278 activemq-artemis: AMQ Broker web console HTML Injection 5. References: https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/cve/CVE-2022-24823 https://access.redhat.com/security/cve/CVE-2022-33980 https://access.redhat.com/security/cve/CVE-2022-35278 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.10.1 https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.10 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBY0bVrdzjgjWX9erEAQinZw/+I8SL4OTLaUcts/1Mjr5oJUybmO7IRI8C M17IJLoLl2ZcBKs6s0c//js5RPaZqG8LODItGIWVIBQUP88usmxAAg6DrSOl5lQ9 Qhc8AmBsxuRCLZN53VJ2IE9Ayg9xuSIF8Xs0739ydsyEuV30RldmuKczOJ+YnoKK aMsfGh9zsIIr4lwXOdTzbuQXWSLHagHdWft/Q59v8YCgUTldjjT+8fBdyHBA1TUx GQygQALFvzZvj5U3U3ZUTdazknqHS4YEH0AtIdBJ5NL13RU1NJ6+ONSZuWmIgIpB laanOHHvbYtsWTwkLn2vc6+Bofd8weJO0aCYd/PNzKKKU/DZWlYYU/Lcrr2uRVVW D2qbogwn+t2gPYvl+TTkG4CwBd0d9wer5AbmfSy9qsrzArN80oJcYbF2wvkltDhJ rbxWXZ1gk1HTz2AYJWGpdebl2O7oQGpMvOxYhrZhuEBmXHe1snM71/daVN8RHQQ7 X0GWTed0gP1yDQYr1uvBiCaAx9+Urdxh5eVhDsQjpnLXZgIrbwWwB3yr6vQYY3yX Cg2Rac1R8q+32K/BgDhsTts4Bq/cB5TZeAOHEHPfIdtubQteiP5p9rZr3ky0lOoI +SQTjfizbfANGrTwbMIZaK+N1oyK9cbd+RbRFHWZe0QDt9Vk8SD8F1eMiqSpLLHt nvVE2WSAtxg=NDnu -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 12, 2022
•Important
Red Hat
98
security advisorysecurity updatered hatRed Hat AMQ Broker 7.10.0 RHSA-2022:5101-01 Important Security Update
Red Hat AMQ Broker 7.10.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat AMQ Broker 7.10.0 release and security update Advisory ID: RHSA-2022:5101-01 Product: Red Hat JBoss AMQ Advisory URL: https://access.redhat.com/errata/RHSA-2022:5101 Issue date: 2022-06-16 CVE Names: CVE-2019-10744 CVE-2020-36518 CVE-2021-4040 CVE-2021-43797 CVE-2022-1833 CVE-2022-22968 CVE-2022-23913 ==================================================================== 1. Summary: Red Hat AMQ Broker 7.10.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.10.0 serves as a replacement for Red Hat AMQ Broker 7.9.4, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es): * nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties (CVE-2019-10744) * amq: AMQ Broker Operator ClusterWide Edit Permissions Due Token Exposure (CVE-2022-1833) * jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518) * AMQ Broker: Malformedmessage can result in partial DoS (OOM) (CVE-2021-4040) * netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797) * artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913) * springframework: Spring Framework: Data Binding Rules Vulnerability (CVE-2022-22968) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1739497 - CVE-2019-10744 nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties 2028254 - CVE-2021-4040 AMQ Broker: Malformed message can result in partial DoS (OOM) 2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling 2063601 - CVE-2022-23913 artemis-commons: Apache ActiveMQ Artemis DoS 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2075441 - CVE-2022-22968 Spring Framework: Data Binding Rules Vulnerability 2089406 - CVE-2022-1833 amq: AMQ Broker Operator ClusterWide Edit Permissions Due Token Exposure 5.References: https://access.redhat.com/security/cve/CVE-2019-10744 https://access.redhat.com/security/cve/CVE-2020-36518 https://access.redhat.com/security/cve/CVE-2021-4040 https://access.redhat.com/security/cve/CVE-2021-43797 https://access.redhat.com/security/cve/CVE-2022-1833 https://access.redhat.com/security/cve/CVE-2022-22968 https://access.redhat.com/security/cve/CVE-2022-23913 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.10.0 https://access.redhat.com/documentation/en-us/red_hat_amq_broker/ 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYqtvX9zjgjWX9erEAQiSVxAAozdM4qReUkfVxsjOM15+JKJwZTDhtGc9 +DSkxxbLO4CR6NntO3Ue2rDiVb38jH2pQpHpIUST2ahapqmuh71C2eQamRMdtSmS uQkft3d1UuHh4CillEhRO98LOUGvucWxzIGntymqsKRwfrcB7NfARwmHXabYGSZq H1OHepSFKU7g2IIxiJqxDwj9DO87lSyah9XANYDtaUtMadNhJ0Gc2U2aN45lUC6S N6VA2IZAl6L3CT7bF8AKGFZd4eVbhPMkDHk0leVdle2kQoThXpuR4qr8h7s9/ZVc JnYjJHiaK/Qb1k5vfvjyQUiKtykdwEQ+atey628fZhhusEtCWorGJv6mFkaqbNcc 2lAnJzCLBLvJHjWKlOfpGQey01A8m20zGdeJmyz8zlWwCPq0biXrCaXbjpMJ/9Mh ocDSLrxg5StRuRQ7stTeW3D7FQhP0aa7l6PwunWvepPqd3AXYSxCptfmHwzAaxQz qwMbJ7bM9ewuzRcZwalHDoUt5uquM1k/27rV1BFlAcz7XbCKhP5Uu+mzb3j415YS RmsS/c/f7zoV0M+cUkdRq7/tCN3+cyYfgY/s5PpGxvYo1vCe7TjYsxn07ylMPryA v+Qzrnb5SV+5Wuk7+BYkp42DR0MZmVAsq/kxoXMOCdW3GZiUc3W0tQZqsSMvjvxc CPv0F79fXT8=g2zv -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 16, 2022
•Important
Red Hat
98
security advisorysecurity issueRed HatRed Hat: RHSA-2021-4851 Moderate: AMQ Broker 7.9.1 Security Update
Red Hat AMQ Broker 7.9.1 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat AMQ Broker 7.9.1 release and security update Advisory ID: RHSA-2021:4851-01 Product: Red Hat JBoss AMQ Advisory URL: https://access.redhat.com/errata/RHSA-2021:4851 Issue date: 2021-11-30 Keywords: amq,messaging,integration,broker CVE Names: CVE-2021-37136 CVE-2021-37137 ==================================================================== 1. Summary: Red Hat AMQ Broker 7.9.1 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.9.1 serves as a replacement for Red Hat AMQ Broker 7.9.0, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es): * netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136) * netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137) For more details about the security issue(s), including the impact, a CVSS score,acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 5. References: https://access.redhat.com/security/cve/CVE-2021-37136 https://access.redhat.com/security/cve/CVE-2021-37137 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.9.1 https://access.redhat.com/documentation/en-us/red_hat_amq/2021.q4 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYaY4ONzjgjWX9erEAQjwTQ/+KvM3XfnqjXhDVOI0kOxvqXFsIdvxXL6v u6Og2TDZEKMjq3RYraBPFF8GPdARK2hACNS7dgnoD2uGgpIyeqWLN3lHv+kUUS0W I6fKcbC0rnEfRWTUoCRZ7jY9DQiJzOVyfAe1SgTv6csrzhEGTJRhMR05kE4yr3Aa YXt/oXcjgOVw3QoxZ/RY7YFOOwXH4OIx9iMn0t/vITwzba92PoUHYWfvkaHqSyxU 3p1bk1Y+5fW8neS6WCapgYMGgf/KoA0YJNF5L6GEPaBfPfQWb7qmGcZCyTpVvRJI 6lwjgbun+u2bzQYXKoD96kDvJ7j+DI+JTdLE3ZymU5vZKOarHnGhrrZUnFaieR4G fj/v5p3YRvpoE5Xv43CLX3DoBBvA8awyQSgz0AC/YkvAn7webYiCnbOlaQluMnMC dApR4oJjkB7zVmnnG2r4OLHdmPwsUGHvlGQNwRx5h7u0ghZfumUwyLMaudBvAKx3 hZbN4b6RgJLEeGI/8L823iWQs82vL5b0EP1EEYKrwenK4kTQdJtLgbXy1Wnz89sQ PGLEqhWQ+R3SuEwZQt2U0CtGVkm5FUCrHlhfPYSpXxNwESKSPgKLajpiW4IgoiF9 CvRXH9Jz8WLANcQKiqbvRLXav1t9/0JyB/3bl+xWt93LtLb4doo1/aiRZSrpfc57 bxbuWYV2WT4=Vz1/ -----END PGPSIGNATURE----- -- RHSA-announce mailing list
Nov 30, 2021
•Low
Red Hat
98
security advisorymoderatesecurity updateRed Hat AMQ Broker 7.8: RHSA-2020-5365-01 Moderate XSS Risk Advisory
Red Hat AMQ Broker 7.8 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat AMQ Broker 7.8 release and security update Advisory ID: RHSA-2020:5365-01 Product: Red Hat JBoss AMQ Advisory URL: https://access.redhat.com/errata/RHSA-2020:5365 Issue date: 2020-12-08 Keywords: amq,messaging,integration,broker Cross references: RHBA-2020:59621 CVE Names: CVE-2015-5183 CVE-2019-9827 CVE-2020-13932 CVE-2020-27216 ==================================================================== 1. Summary: Red Hat AMQ Broker 7.8 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.8.0 serves as a replacement for Red Hat AMQ Broker 7.7.0, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es): * hawtio: server side request forgery via initial /proxy/ substring of a URI (CVE-2019-9827) * mqtt-client: activemq: remote XSS in web console diagram plugin (CVE-2020-13932) * jetty: local temporary directory hijackingvulnerability (CVE-2020-27216) * Hawtio: HTTPOnly and Secure attributes not set on cookies (CVE-2015-5183) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1249182 - CVE-2015-5183 Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ 1728604 - CVE-2019-9827 hawtio: server side request forgery via initial /proxy/ substring of a URI 1858946 - CVE-2020-13932 activemq: remote XSS in web console diagram plugin 1891132 - CVE-2020-27216 jetty: local temporary directory hijacking vulnerability 5. References: https://access.redhat.com/security/cve/CVE-2015-5183 https://access.redhat.com/security/cve/CVE-2019-9827 https://access.redhat.com/security/cve/CVE-2020-13932 https://access.redhat.com/security/cve/CVE-2020-27216 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.8.0 https://docs.redhat.com/en/documentation/red_hat_amq/2020.q4 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBX88/s9zjgjWX9erEAQh84Q/+OV2piRQvIx+Yr3BC5fkmL9ylnna/2m6N 7nBvRlnB1yhQ36mnDTpckJR6hNDoytJ9LYIsRnW7ylR+Pv2fDpdBTUNt9nOX9Pgk kYlIQ1MoqtNLOfwKfNuva381+TB+iIwD+0EpHgjFP1pFpqvhL0djVBJ5V/sD/Yhy riqZlH3tSxsXeZCEETt+JKrYKM+bO7jfNJI3HsZw2s7peqUeeFeZV4bUhMV87TMb QNLHTUOXMqo0IfXBolMefzA4U+gbXYEzMC7mH3aQVT8azP4ZnCSg3CzsydBpPvdm JqcVUozS77K5ywQaOl4Tnmg0Uhl8fcIdkt9N+y3memkvWp0tAxGNR9wZJCkfe5TZ 0iKdBpNhEX47EhXkDGPy1oy1H80SaVgJqUxCL1UDqy9FbiNlSDZ9vuh5iRd6o9gb 7S+2guLRIjb/0lV5U+1AjbEmedBRt6MD5tkms3EQ+5/xR7c5FIvdzwHcD4OHs8VI GRNjTFfg9FrPwThwQedxAGxZ7sdJPrI6juYEz/g0YF4/yPM38RwGpf/ZmxbIU6ws ED3XqGJJp/iiPVlRevaVtvZiIU2RuSAUSN/tioZRzWlQY+Pt1M5BIK8XpnPgUfYz 39TFEpJpLKWqMjDuSY3ZAbSy/sOFRwRF6ZXDcj6nqYE8E9ybOz/7uXdosf7R94JI MWTdrWYnU6s=MZsI -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 08, 2020
Red Hat
98
security advisorysecurity updateRed HatRed Hat AMQ Broker 7.7 Release and Security Advisory RHSA-2020-2751-01
Red Hat AMQ Broker 7.7 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat AMQ Broker 7.7 release and security update Advisory ID: RHSA-2020:2751-01 Product: Red Hat JBoss AMQ Advisory URL: https://access.redhat.com/errata/RHSA-2020:2751 Issue date: 2020-06-25 Keywords: amq,messaging,integration,broker Cross references: RHEA-2020:55005-01 CVE Names: CVE-2015-5183 CVE-2020-1953 CVE-2020-10727 CVE-2020-11612 ==================================================================== 1. Summary: Red Hat AMQ Broker 7.7 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.7.0 serves as a replacement for Red Hat AMQ Broker 7.6.0, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es): * apache-commons-configuration: uncontrolled class instantiation when loading YAML files (CVE-2020-1953) * broker: resetUsers operation stores password in plain text (EMBARGOED CVE-2020-10727) * netty: compression/decompressioncodecs don't enforce limits on buffer allocation sizes (CVE-2020-11612) * A-MQ Console: HTTPOnly and Secure attributes not set on cookies (CVE-2015-5183) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1249182 - CVE-2015-5183 Hawtio: HTTPOnly and Secure attributes not set on cookies 1815212 - CVE-2020-1953 apache-commons-configuration: uncontrolled class instantiation when loading YAML files 1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes 1827200 - CVE-2020-10727 broker: resetUsers operation stores password in plain text 5. References: https://access.redhat.com/security/cve/CVE-2015-5183 https://access.redhat.com/security/cve/CVE-2020-1953 https://access.redhat.com/security/cve/CVE-2020-10727 https://access.redhat.com/security/cve/CVE-2020-11612 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.7.0&productChanged=yes https://docs.redhat.com/en/documentation/red_hat_amq/7.7 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXvSxstzjgjWX9erEAQgiUA//SN1p1lunK53FUcPw7SpwrLxIEg+JSEdS hgRJ+aFvFkVrR/cMTIbxyEuW5NG68bkaAf0qQbQEj9i2DYjcBMLvnIvcyNq2FK23 x5KfA9ErmgQ3yXz8Jc7xqAmpAMKsMVpEhCkHEfAzD/0QQIdoI++P/NALpIo6ODy3 UxnfszUaW3Yp0HImdhGVx6Ta8jJ8Ko2fIRR2YyP2c/FBlat+7FVSKUWT2+wegj3S ETI5n413TTvO/WuOI6Cb8B+c7AriWBelrys3wilstGlSK8d8F6Qcvi5Q+AMXWc9x 24WrP/h4UQbYerDZvmzo32akd5Qb4nuQtvqXLeKakaMUIROlFjS2YUulf6sITKpI 39754RjO/wN9EMd37S7mwromWW+fLOJQvrAIwFRCh+ccGpwSMGaB6+y8cYOl9+RP qbPg0kXmmp4fHhv7hIi9U4wm6oXt4SOglHyiif1nUAuIRehJh12pNzI+VgqD/1Hn O+1FbZGGw/xThUQqxUb3yRZtclqldf5FYo8q1b3MS+7E6m+ota0FvOFTXhzN23AE acK0BlKG9dnEYvmvi2SVAFhJP6Ycu91cpNR/VvAESuMHpt0IlrLJZPJOfe3JRTt/ 1AHmnjVPyaETW97SuKi7rDzHM5BbKjVQDg/BgZ3VOr4RN7s25Bt2IcFCFa/4ykt9 zE6zWJ1dhH8=NNkf -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 25, 2020
•Important
Red Hat
98
security advisorydenial of serviceRed HatRed Hat AMQ Broker 7.4.3 Important Advisory: Security Updates and Fixes
Red Hat AMQ Broker 7.4.3 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat AMQ Broker 7.4.3 release and security update Advisory ID: RHSA-2020:1445-01 Product: Red Hat JBoss AMQ Advisory URL: https://access.redhat.com/errata/RHSA-2020:1445 Issue date: 2020-04-14 Keywords: amq,messaging,integration,broker Cross references: RHBA-2020:52585-02 CVE Names: CVE-2019-0222 CVE-2019-9511 CVE-2019-9512 CVE-2019-9514 CVE-2019-9515 CVE-2019-9516 CVE-2019-9517 CVE-2019-9518 CVE-2019-10241 CVE-2019-10247 CVE-2019-16869 CVE-2019-20444 CVE-2019-20445 CVE-2020-7238 ==================================================================== 1. Summary: Red Hat AMQ Broker 7.4.3 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.4.3 serves as a replacement for Red Hat AMQ Broker 7.4.2, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es): * jetty: HTTP/2: largeamount of data requests leads to denial of service (CVE-2019-9511) * jetty: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512) * jetty: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514) * jetty: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515) * jetty: HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516) * jetty: HTTP/2: request for large response leads to denial of service (CVE-2019-9517) * jetty: HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518) * netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers (CVE-2019-16869) * netty: HTTP request smuggling (CVE-2019-20444) * netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header (CVE-2019-20445) * netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling (CVE-2020-7238) * mqtt-client: activemq: Corrupt MQTT frame can cause broker shutdown (CVE-2019-0222) * jetty: using specially formatted URL against DefaultServlet or ResourceHandler leads to XSS conditions (CVE-2019-10241) * jetty: error path information disclosure (CVE-2019-10247) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1696012 - CVE-2019-0222 activemq: Corrupt MQTT frame can cause broker shutdown 1705924 - CVE-2019-10241 jetty: using specially formatted URL against DefaultServlet or ResourceHandler leads to XSS conditions 1705993 - CVE-2019-10247 jetty: error path informationdisclosure 1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth 1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth 1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth 1735749 - CVE-2019-9518 HTTP/2: flood using empty frames results in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service 1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service 1758619 - CVE-2019-16869 netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling 1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header 1798524 - CVE-2019-20444 netty: HTTP request smuggling 5.References: https://access.redhat.com/security/cve/CVE-2019-0222 https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9512 https://access.redhat.com/security/cve/CVE-2019-9514 https://access.redhat.com/security/cve/CVE-2019-9515 https://access.redhat.com/security/cve/CVE-2019-9516 https://access.redhat.com/security/cve/CVE-2019-9517 https://access.redhat.com/security/cve/CVE-2019-9518 https://access.redhat.com/security/cve/CVE-2019-10241 https://access.redhat.com/security/cve/CVE-2019-10247 https://access.redhat.com/security/cve/CVE-2019-16869 https://access.redhat.com/security/cve/CVE-2019-20444 https://access.redhat.com/security/cve/CVE-2019-20445 https://access.redhat.com/security/cve/CVE-2020-7238 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.4.3 https://access.redhat.com/documentation/en-us/red_hat_amq/7.4/ 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXpW1OtzjgjWX9erEAQg6cQ//YmKrQh2cWAGCN39LxdqiKvowuw5syKN4 ihBu0ODG0yndm5UcNWLoFPFprGYVpuuCgfkOiwcDupxw6GxBC/Mzbzuwk6YD3BYU c0q88JUgGMYCw3LIQrmTyrlh+fEt+LyvuqRH7p634z9YSk721qMfTKfOiBEODDgi OasJGzvunAd3X8aatJWMIEqd9hrDXp5vXPqiGD3sH3WNbf1a0zUPjaXgRVSApYxU rNSYtUSAQzBuxbOV6DP2HGNoRg9LPMeJ08m8AwVxDZDnKMmMqwF7fZ+fsNVmnS7B EuGG2SvPnsq8d2fvN9mOZJ+Zu+duY7Da3chJH4F+0MitRGh2EJyF69DBneAlaPue BtC2aY+PbFsxFeY3wiC/hNem7aFeyfC0fFxeuYF908F2xVYEgFRL/qTR26Bjw5c8 j2tgYNRH7xhJTPFSX20V4CJT6imNGxrCYqvPcaXU5fAm0yMv9mnP2/2jq69Cd0Ja j9DVUmYmw0byyB4TS/fEIhG925e1/lKsSvFuJxwJ067TO/fYu7oj8nCGB2YKNfrY wzTSK2qZijX57+WEP5NPZvi0XiPlnb/Y81149rwm4Qdykd+DYXkcCdyMlXslf2pL XeiFxUEOYQSnqXC15okR/F6Za1RsXigA+I0e/ESPxOiGfD8YE2tF+78r3GGageDr CVr9Z0qcRDg=3tlx -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 14, 2020
•Important
Red Hat
98
security advisoryred hatimportantRed Hat A-MQ Broker 7.5 Important Security Advisory RHSA-2019-2995-01
Red Hat A-MQ Broker 7.5 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat A-MQ Broker 7.5 release and security update Advisory ID: RHSA-2019:2995-01 Product: Red Hat JBoss AMQ Advisory URL: https://access.redhat.com/errata/RHSA-2019:2995 Issue date: 2019-10-10 Keywords: amq,messaging,integration,broker Cross references: RHEA-2019:45713-01 CVE Names: CVE-2014-0114 ==================================================================== 1. Summary: Red Hat A-MQ Broker 7.5 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat A-MQ Broker 7.5.0 serves as a replacement for Red Hat A-MQ Broker 7.4.1, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es): * Apache Struts 1: Class Loader manipulation via request parameters(CVE-2014-0114) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying theupdate, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1091938 - CVE-2014-0114 Apache Struts 1: Class Loader manipulation via request parameters 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): ENTMQBR-2849 - CVE-2014-0114 Apache Struts 1: Class Loader manipulation via request parameters [amq-7.4.0] 6. References: https://access.redhat.com/security/cve/CVE-2014-0114 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.5.0 https://docs.redhat.com/en/documentation/red_hat_amq/7.5 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXZ7b4tzjgjWX9erEAQhy1BAAlZY3SIVWWf78mbhIhS4x+DCzq6s6W+B7 gh7bSOfLCqLNVyuqI99PH920CgZwtrN01VVt2by822MdIKKKHtbjFTzstm1ucLso QlYBLkmPzkC0xGPP4q67EDhr5KctJ4wlkerTnBhfwJxvFBLZnWzgGvmawbf3X7iQ qWwigzfVjiUwen7pv5Bol4WkzhTbvUxPEVDS696ziJI0zPyqnnDXpl+9lnXcYL0m GLsD59I984+gLxpl9fzgOPZxm2U1gGusO5rM9vUPmGX06XJo1nsUKUuhRfLoNwQm YcK6yVFE+TAOAKbmM2o62hnA/+UemV/bBQJh3ymVgjcHSz8UYae4vfmiPfiyBsVv STakDzO5yz+htMLJWVAnHjLEgbcGgzrH7jqXLzNO47bZR0oVVP6RjZnsZCdhxeT7 mPZtwWSVHFl8GRriGvEKQjC27Majwva5Hnwh82IPr5lgbLpWmvQSBzDHIObdyPts UYk+zBhZHNXzdQrnEA2BzhsXehZiMigKefutBPPEc+iXjFsLSTmGYceECyhUP/No RuQTYanb0GdgPDpgCOoDIgPtY3VyMiCur8BkQKGIyJt4aXdSaBoqAXt4KypAFExG lRVXHA8RRVcnqsxcpCA+VesIbPuTzmCSsgkQckv/TGLFgdAMLOA4J38bUCjulvMm 9D+Pu+r8KbU=kdcn -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 10, 2019
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!