Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 3 articles for you...
98
security advisoryRed HatDoSRed Hat: RHSA-2023-4983-01 Important Updates for Process Automation Manager
An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which provides a detailed severity rating, is available for each. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Process Automation Manager 7.13.4 security update Advisory ID: RHSA-2023:4983-01 Product: Red Hat Process Automation Manager Advisory URL: https://access.redhat.com/errata/RHSA-2023:4983 Issue date: 2023-09-05 CVE Names: CVE-2021-30129 CVE-2022-3171 CVE-2022-25857 CVE-2022-37599 CVE-2022-38900 CVE-2022-40152 CVE-2022-42920 CVE-2022-45047 CVE-2023-0482 CVE-2023-20860 CVE-2023-20883 ===================================================================== 1. Summary: An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which provides a detailed severity rating, is available for each vulnerability from the CVE links in the References section. 2. Description: Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This asynchronous security patch is an update to Red Hat Process Automation Manager 7. Security Fixes: * apache-bcel: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920) * decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900) * mina-sshd: Java unsafe deserialization vulnerability(CVE-2022-45047) * spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883) * springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860) * loader-utils: regular expression denial of service in interpolateName.js (CVE-2022-37599) * protobuf-java: timeout in parser leads to DoS (CVE-2022-3171) * snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857) * woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152) * RESTEasy: creation of insecure temp files (CVE-2023-0482) * sshd-core: mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server (CVE-2021-30129) For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1981527 - CVE-2021-30129 mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server 2126789 - CVE-2022-25857 snakeyaml: Denial of Service due to missing nested depth limitation for collections 2134291 - CVE-2022-40152 woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks 2134872 - CVE-2022-37599 loader-utils: regular expression denial of service in interpolateName.js 2137645 - CVE-2022-3171 protobuf-java: timeout in parser leads to DoS 2142707 - CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing 2145194 - CVE-2022-45047 mina-sshd: Java unsafe deserialization vulnerability 2166004 - CVE-2023-0482 RESTEasy: creation of insecure temp files 2170644 - CVE-2022-38900 decode-uri-component: improper input validation resulting in DoS 2180528 - CVE-2023-20860 springframework:Security Bypass With Un-Prefixed Double Wildcard Pattern 2209342 - CVE-2023-20883 spring-boot: Spring Boot Welcome Page DoS Vulnerability 5. References: https://access.redhat.com/security/cve/CVE-2021-30129 https://access.redhat.com/security/cve/CVE-2022-3171 https://access.redhat.com/security/cve/CVE-2022-25857 https://access.redhat.com/security/cve/CVE-2022-37599 https://access.redhat.com/security/cve/CVE-2022-38900 https://access.redhat.com/security/cve/CVE-2022-40152 https://access.redhat.com/security/cve/CVE-2022-42920 https://access.redhat.com/security/cve/CVE-2022-45047 https://access.redhat.com/security/cve/CVE-2023-0482 https://access.redhat.com/security/cve/CVE-2023-20860 https://access.redhat.com/security/cve/CVE-2023-20883 https://access.redhat.com/security/updates/classification/#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJk93yjAAoJENzjgjWX9erEKqgP/1UlycSBys8Kqyupt2ZTt6Dc 9sWam6CyTWid71F4d/NrZlNEZ8hyHVyH4/IDaA7t6VnwbdMJZC3GqOA87sh0AXM9 uNSSwjQ/KHdhVfl7gST/YOdWSrKqG8WN405f0gIQNL7HOtYkFnzjQEI1mNeIy4OM c+gVKOpukuJcOd/Nol/dTeTgrWh95GVajDoIFdH2NVs6u2iYvrG549q7Ja2DBWri KSbVwyANrFuXSiQn/F17wOmp7MtabMR+Q6ZE7SnuKHVfBDxTKcp3JUOZ37rB0xMk YRu+DHpVuQWMcLBN0IHHM+qfoAL8WwI+YWs+qwMze29AZbCDDwBxe8p3Ml5/iTmZ vrms3iy99JqkbQS34lhEmmVNTk26no63boIdpuRURj1pHOTkcihtcBMU+IwmOEjy xfaROWy7EmI/IqQUt6kNhlaWjOWuZ+O3v2L2an9h+3+ZrMRolu8X2kYed98brSkc G2rooLO5nxIltW6F1iYo2DNYapvb+1KXDnyjW2RH4myQTiFb7vqI3aK/+wFmcxhD 6vXGedukV+ylBVr6kay/wAbETrvuEpD1ekch7nSQkVsfhj2ogbM67uvFW0DggGmx TB+KnZonBSa+z1s+lyFfYO06htRZzfKXHyhmuGbF0gFm2N1ySjulLMM8ATo85Wc2 gylNKjGyvndPEI09+thC =+EvW -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 05, 2023
•Important
Red Hat
98
security advisorydenial of serviceRed HatRed Hat: RHSA-2022-6813 Important Security Patch for Automation Manager
An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Process Automation Manager 7.13.1 security update Advisory ID: RHSA-2022:6813-01 Product: Red Hat Process Automation Manager Advisory URL: https://access.redhat.com/errata/RHSA-2022:6813 Issue date: 2022-10-05 CVE Names: CVE-2020-7746 CVE-2020-36518 CVE-2021-23436 CVE-2021-44906 CVE-2022-0235 CVE-2022-0722 CVE-2022-1365 CVE-2022-1650 CVE-2022-2458 CVE-2022-21363 CVE-2022-21724 CVE-2022-23437 CVE-2022-23913 CVE-2022-24771 CVE-2022-24772 CVE-2022-24785 CVE-2022-26520 CVE-2022-31129 ==================================================================== 1. Summary: An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This asynchronous security patch is an update to Red Hat Process Automation Manager 7. Security Fix(es): * chart.js: prototype pollution (CVE-2020-7746) * moment: inefficient parsing algorithm resulting in DoS(CVE-2022-31129) * package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 (CVE-2021-23436) * artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913) * Business-central: Possible XML External Entity Injection attack (CVE-2022-2458) * cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-1365) * jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518) * jdbc-postgresql: postgresql-jdbc: Arbitrary File Write Vulnerability (CVE-2022-26520) * jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes (CVE-2022-21724) * Moment.js: Path traversal in moment.locale (CVE-2022-24785) * org.drools-droolsjbpm-integration: minimist: prototype pollution (CVE-2021-44906) * org.kie.workbench-kie-wb-common: minimist: prototype pollution (CVE-2021-44906) * parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url (CVE-2022-0722) * xercesimpl: xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437) * eventsource: Exposure of Sensitive Information (CVE-2022-1650) * mysql-connector-java: Difficult to exploit vulnerability allows a high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363) * node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235) * node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772) * node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery (CVE-2022-24771) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For on-premise installations, before applying the update, back up your existing installation, including allapplications, configuration files, databases and database settings, and so on. Red Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link. You must log in to download the update. 4. Bugs fixed (https://bugzilla.redhat.com/): 2041833 - CVE-2021-23436 immer: type confusion vulnerability can lead to a bypass of CVE-2020-28477 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2047200 - CVE-2022-23437 xerces-j2: infinite loop when handling specially crafted XML document payloads 2047343 - CVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors2050863 - CVE-2022-21724 jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes 2063601 - CVE-2022-23913 artemis-commons: Apache ActiveMQ Artemis DoS 2064007 - CVE-2022-26520 postgresql-jdbc: Arbitrary File Write Vulnerability 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2066009 - CVE-2021-44906 minimist: prototype pollution 2067387 - CVE-2022-24771 node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery 2067458 - CVE-2022-24772 node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery 2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale 2076133 - CVE-2022-1365 cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor 2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information 2096966 - CVE-2020-7746 chart.js: prototype pollution 2103584 - CVE-2022-0722 parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repositoryionicabizau/parse-url 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2107994 - CVE-2022-2458 Business-central: Possible XML External Entity Injection attack 5. References: https://access.redhat.com/security/cve/CVE-2020-7746 https://access.redhat.com/security/cve/CVE-2020-36518 https://access.redhat.com/security/cve/CVE-2021-23436 https://access.redhat.com/security/cve/CVE-2021-44906 https://access.redhat.com/security/cve/CVE-2022-0235 https://access.redhat.com/security/cve/CVE-2022-0722 https://access.redhat.com/security/cve/CVE-2022-1365 https://access.redhat.com/security/cve/CVE-2022-1650 https://access.redhat.com/security/cve/CVE-2022-2458 https://access.redhat.com/security/cve/CVE-2022-21363 https://access.redhat.com/security/cve/CVE-2022-21724 https://access.redhat.com/security/cve/CVE-2022-23437 https://access.redhat.com/security/cve/CVE-2022-23913 https://access.redhat.com/security/cve/CVE-2022-24771 https://access.redhat.com/security/cve/CVE-2022-24772 https://access.redhat.com/security/cve/CVE-2022-24785 https://access.redhat.com/security/cve/CVE-2022-26520 https://access.redhat.com/security/cve/CVE-2022-31129 https://access.redhat.com/security/updates/classification/#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYz2bItzjgjWX9erEAQjghg/+IWxIByKM9Jd9SF+3RuzMy9vdHDNJnw64 eJBHE2op5F2IXv8Iqq5zYyTtv8zk6kKzsGjH/fGy3Ha8/4zn1vCCzMImsYIts0qt WI6WR3p/4OM9P++HVqoNd9ZfvXEw4l7+noj+2hDfWqtmu0TGfIcmgHpNGnqqisix Lbaw7H+s6QruFiTF6cpols+zT/7PsbSoeK3RcBhgVwJHyYz4hqwFS6g0/jyaOYKp pEM0AMJF6TrFRNWs/KVSYKPWAkC7XYCGN47DG6ac7jCSyOWaJi50ANcSXL8ITEdS 74PPhsicA/nhGjHf/QVBeqLiWPuBiPTaYBqkKP5YCduGLP+aJxXYeGCd9JOX1FZd KIk/B0XDHN4Pv4Puaim5x8WjZL4z6zSjnK60nXs2idbEmiBY+la6Dw1TYV2tA27G GWh+BaecKar1Crp8BTKuidFinDrN9FldfhRv7zS8gY8gLeTKyqaNFPdemzaGK7mD 5pGUVxwuB8mqu4ZsrCdfekXyikQ6NAXp69S1NQMIkNY6NVlBcSElj9hu5G++T3LR a0fDTTeTVtLcW9m9JNpKlRwfUrc2r3/ODuQJk0pIPfw3DTscNllqnHPWTUnPH4Gq 9CEEltjCrL/JLnpxHdYjxMWTB9XnnMi+yMziJnGRWA1v4NiYSPdjPkqZSsSBTFqC +TymeZzewhE=Nji7 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 05, 2022
•Important
Red Hat
98
security advisorymoderatesecurity issueRed Hat Process Automation Manager 7.12.1 Moderate Security Advisory
An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Process Automation Manager 7.12.1 security update Advisory ID: RHSA-2022:1108-01 Product: Red Hat Process Automation Manager Advisory URL: https://access.redhat.com/errata/RHSA-2022:1108 Issue date: 2022-03-29 CVE Names: CVE-2021-21290 CVE-2021-22096 CVE-2021-29425 CVE-2021-33813 CVE-2021-42550 ==================================================================== 1. Summary: An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.12.1 serves as an update to Red Hat Process Automation Manager 7.12.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * commons-io: apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 (CVE-2021-29425) * jdom: XXE allows attackers to cause a DoS via a crafted HTTP request (CVE-2021-33813) * logback-classic: logback:remote code execution through JNDI call from within its configuration file (CVE-2021-42550) * netty: Information disclosure via the local system temporary directory (CVE-2021-21290) * springframework: malicious input leads to insertion of additional log entries (CVE-2021-22096) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1927028 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory 1948752 - CVE-2021-29425 apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 1973413 - CVE-2021-33813 jdom: XXE allows attackers to cause a DoS via a crafted HTTP request 2033560 - CVE-2021-42550 logback: remote code execution through JNDI call from within its configuration file 2034584 - CVE-2021-22096 springframework: malicious input leads to insertion of additional log entries 5. References: https://access.redhat.com/security/cve/CVE-2021-21290 https://access.redhat.com/security/cve/CVE-2021-22096 https://access.redhat.com/security/cve/CVE-2021-29425 https://access.redhat.com/security/cve/CVE-2021-33813 https://access.redhat.com/security/cve/CVE-2021-42550 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat,Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYkMmBtzjgjWX9erEAQiqFRAAiHmbDj3smL+A/kRP05EbNVl97N+ixK4k Vj5Xa7UzrZ0dN3+o8+XNAhfoIDoZFAcTF1HFzJPus98Kj86yBib2z+tL0Kjrr9a9 G9f+jt3zGK85EcyC0MTEP4nuEHJpOpjQ8wdJF78DyrWaWJKi4M/k+g7t5fe65sOV jNpoil1gzBuh7yYF/40uBkSeaDAi1ZH3Tjh9eRCyDOZWaR6bTY/NeJqiz53vNQft Lg11Q6wvQsgleGlZZYs9WJ/dQgJaMP0OIjwnMnXSHmlCs41alb3PmAsXMeekT7I1 iyA8O3RXLI3ZXJV19vaFrCuJvQT+7Y3xXKVRC/zfuO2uWdPWACef8hT0IUBwKEly 55hZJVIGO1El0/d5FDORYFK4KHOxPyN0IuiOH1wfYUJL0pZOIib8nYwnVN/5YetB d7oqWI9t5N8trv82nmJ7DIdsrSraWkL+HL7m4pl1fKVpI0jyJVUmynXBkR1pSh6U forw5ptxyAgFNt+Mwgs8YlOxszZNkBEvb8AeZalhVEjXsWrHEoGhA4S/+3lEiBwW Ec41VZ/1XrkMv43vbDKOMvK8WQdqPHasA2VHkfqIl1cgCabj3mgnerx2Iq1i4G8r laGzvfTfB3fuyKcsDO4trUZMASEmcSXzbxCYlJO2AMKOMY5i0pjpq1uQAnrF64vt +YS8ctogUYM=n/kb -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 29, 2022
Red Hat
98
security advisoryRed Hatremote code executionRed Hat: RHSA-2022:0082-01 Critical: Process Automation Manager Remote Exec
An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: Red Hat Process Automation Manager 7.11.1 security update Advisory ID: RHSA-2022:0082-01 Product: Red Hat Process Automation Manager Advisory URL: https://access.redhat.com/errata/RHSA-2022:0082 Issue date: 2022-01-11 CVE Names: CVE-2021-44228 ==================================================================== 1. Summary: An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.11.1 serves as an update to Red Hat Process Automation Manager 7.11.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228) 3. Solution: For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and databasesettings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value 5. References: https://access.redhat.com/security/cve/CVE-2021-44228 https://access.redhat.com/security/updates/classification/#critical 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYd37j9zjgjWX9erEAQjn5g/+II2LUyaDfuB2wLF33DVr9TK/TTMdXELx DtWHDQIAby/XDC6/ZPpfBrkY9lyQ2cwNuk6QcRFa0LxXFSDBR6aICP3+dXU6gjux WCLdn9VHctLGdmVR+kWbpuMU/1zO/FYxW5GDqx26ZbA5JaJeuDS8fsQewBo1yeOJ kkcSHB2QJInYE/hXLR7JkESCopQ7ddyFwXNSdow95FkThnzBxwfFj+Q9pbmpv2cE AXBJofaW8/t7Ed65OmDWD+t/8jgSIaHONqdVN7h7m6cMCrqHmgA+ZUtC30h5y9Ln /QVOmBW0CQbTGWQJtPIfoawdwH7thZm7wcxfGSxjT/Qym+7UsV40E65+hD4UcGJi MgxXTteUF61gyU4p89KxUgVXQzFvvzLH4h9R9b39R0V53ObuzGRZfYO7FXhnmSfl 0Vvhyt5cr723G/s5u2a86GWEOhobfLf6MT37Le8plSQ46s9X0bLbkGaIIM+JSqCq l5eT+MGLaeUDxvcFZXfsiiuHtwNdG13/dTA5mHh2xHZ+jZrR1NLP7QoP2zsqN2I/ OGb3gfY41o9+j/2Fk55zfL1L8AcxBdO/ltrsyHy+C6it6SB8iKHHxQV9RZYEqoKT gAkoxazAplNNql1Ze/RTwr1pn7/uNbTjN7OQoJH/OYdTJxD9o7MkTm17SXhIN4sQ eUggGwuUu4I=/NnU -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jan 11, 2022
•Critical
Red Hat
98
security advisorymoderatesecurity updateRed Hat: RHSA-2021-1044-01 Moderate Security Update for Process Manager
An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Process Automation Manager 7.10.1 security update Advisory ID: RHSA-2021:1044-01 Product: Red Hat Process Automation Manager Advisory URL: https://access.redhat.com/errata/RHSA-2021:1044 Issue date: 2021-03-30 CVE Names: CVE-2020-9488 CVE-2020-13956 ==================================================================== 1. Summary: An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management, and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.10.1 serves as an update to Red Hat Process Automation Manager 7.10.0, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es): * httpclient: apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956) * log4j-core: log4j: improper validation of certificate with host mismatch in SMTP appender (CVE-2020-9488) For more details about the security issue(s), including the impact, aCVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender 1886587 - CVE-2020-13956 apache-httpclient: incorrect handling of malformed authority component in request URIs 5. References: https://access.redhat.com/security/cve/CVE-2020-9488 https://access.redhat.com/security/cve/CVE-2020-13956 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=rhpam&version=7.10.1 https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.10/ 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYGNSktzjgjWX9erEAQjycRAApXPWNp3it5gnvQ+RXZ0slm1kf3kbu9Ka /xaVfJmCnR30mYfYGovaPRKQfjrnRIsfMhEMVQyeLLyK+rdrRyqttK6BHY2cbMcV bcVEtZyCcyBGh8RWtNxJmpQ15T/aW8LMIFYfEtzenqWMWq8rIbtmDq1a6tiTRlvO FUQtvLM4QHm6NUKyLIHESVFUNZsFGnJhItLbNaI+sJl5avNRc5EhWcTFMjxXdrHX XbT6Na4uSt3K5kTkrv+pSQE29R/nJeOzK/pQmo6MwhcnJLESSk3Z02JA6ZJLuFW8 mSRTz8zUfd6FA3dgdxYuJOSjJoe79vTFaiEjWsbTT1T1ptAS0mGfRyPBI9e8BxP2 QpURmpXKldmma8XZCMzN9Ct+o0Gji3P/5gaEqx78i88CFtxtyNfZGMTReeIcVxSc HhsqrER5F4OnEDuMbguy2bqqSVWSaI6stC5s5NZocE+FO7IHKzPNHqeHRgJYFLnQ iXEhGE1Gyff6n19+73C528KbOayb5NKr9/08oKrfPfQseG19zpVaezc535mVq6GD rFEkNoyKFnp+c6cwUakKjTu1EFD/Xnw1N7FsR8C0G7vY2A60rv/4eorE1u/N0NOG GmcyUaR1IIBLcGWEoQRvVaaHLVnV/4IyqxmdEO0p8194BYDfvmkxMBJlfnynpEDl FiItLEFY8rs=WZ/3 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 30, 2021
Red Hat
98
security advisoryRed Hatred hatRed Hat: 7.10.0 RHSA-2021-0600 Critical: Automation Manager Security Fix
An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability . -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Process Automation Manager 7.10.0 security update Advisory ID: RHSA-2021:0600-01 Product: Red Hat Process Automation Manager Advisory URL: https://access.redhat.com/errata/RHSA-2021:0600 Issue date: 2021-02-17 CVE Names: CVE-2020-14338 CVE-2020-25638 ==================================================================== 1. Summary: An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.10.0 serves as an update to Red Hat Process Automation Manager 7.9.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * hibernate-core-kie-server-ee8: hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used (CVE-2020-25638) * xercesimpl: wildfly: XML validation manipulation due to incomplete application ofuse-grammar-pool-only in xercesImpl (CVE-2020-14338) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1860054 - CVE-2020-14338 wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl 1881353 - CVE-2020-25638 hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used 5. References: https://access.redhat.com/security/cve/CVE-2020-14338 https://access.redhat.com/security/cve/CVE-2020-25638 https://access.redhat.com/security/updates/classification#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE-----Version: GnuPGv1 iQIVAwUBYC0HdtzjgjWX9erEAQglJA//ch7CvOBr7drJ1da8iCCCoIUfW/WZOl8X KqqeEDIxCY1P39yiM6bDSp59qEc6FcAL1ri3EoCc3Sug2ccestxV5n3MXNFyqLsw HI7eX0AajtYJxn0CMPCqGVNLsbeF8sCZLt9b2wcXtF7vCZlzFWTSI77Dy135oLD9 JNMT+BGgTA1n+oJjEwI8Lb/2yzHyEx/N7Ojq5qxTvfzQ2vILuTegTAnM0FEBPgB1 AMltoJeyRuuMxIfaKb0vuse4I03eM99000yJ2ib/l8s+BmU9+qjPUkHzqx7tOPv7 rjcNRfweiI845kOvT0nXRYkEnlpASxiNOWO14F0H2+Hb1H9SsUaAWxs5ik+VL/LE k2V/awhtKYMKD4rrH7ypF4i+QwsPofbuci1V43hlGd5vriit46C23fZIJl96l73c i+jOgleoaqB+E0tkzenKnzD7fkC2KM3pYp27mRr98HJV/Imi7dEgykgdAIHIptMq 5STtoMvGFpK5ZTj9uV+WT7RjYUpjX7Ng6Kd1CU7Fh8Uyn8Xh8SpnyZ0NIWH0I+03 KOxOm4CakpFQQXAEvDy0E0cyBpF3SY2wzuaMM5c1lgu79XjGyeemx/GCbPnWwHpI B7TBCeKI2m491skGQJtYQmD4BlHUpgfwHVkWkmOJolcLlX9lsO+03FyDZrY8jxXL 1MvwIjRJsg0=M0Cj -----END PGP SIGNATURE-------RHSA-announce mailing list
Feb 17, 2021
•Important
Red Hat
98
security advisoryRed HatupdateRed Hat: RHSA-2021:0105-01 Important: Remote Code Execution Issue
An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Process Automation Manager 7.9.1 security update Advisory ID: RHSA-2021:0105-01 Product: Red Hat Process Automation Manager Advisory URL: https://access.redhat.com/errata/RHSA-2021:0105 Issue date: 2021-01-13 CVE Names: CVE-2020-26217 ==================================================================== 1. Summary: An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.9.1 serves as an update to Red Hat Process Automation Manager 7.9.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * xstream: remote code execution due to insecure XML deserialization when relying on blocklists (CVE-2020-26217) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3.Solution: For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1898907 - CVE-2020-26217 XStream: remote code execution due to insecure XML deserialization when relying on blocklists 5. References: https://access.redhat.com/security/cve/CVE-2020-26217 https://access.redhat.com/security/updates/classification#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX/8mh9zjgjWX9erEAQjZYQ/9Eym8m5YxLU16crhfZ1fW58O06xxw6YUP b0v6iiRggOL12v3kqdkU2fOThEKwTV1xH1sIX3BEsI5LXzJjfeTUQek3xFU5E7l6 wEYc74cg/a7CzQsecvo+mMi6V/riNbA2YDEcdcOYDLnvqYMkBcdpDju6gyeBnd1m 0JqsnDRgzzLMB8oSYt2VgDr2bXWjlwatTg0mtZxv15jnMil7+sSsE6D5TTESfTX4 Z6fgm5EX/gvO3ZmM0OwTu45+Xfm831ezh9nys0YlamSPyGQgm4aoBLX7ZxyrqgrS NBXPpsDtSnMOlfpliaUZjVwYZFnYcFPaaxruiJot5Hx4zacgerAuYiRbVxgv+tQ8 W0jXpNYQqYMBbuwQpvfseZiofzrH6txi/i5IvQYppAPi5pRG6KVRdsif2xpFRZD3 JMDMvthBm8b7s3py+h+6UXlYNA4hSRzbIrQ+XsGrWhL/e3hcPY7d3K8k/oEfWiEN olosJv3Sn/oBtPw/ZogVNe0QTTHkUYVzjEeyHOFIRAVNIEHoIi19rYj9OuPJKVhS mI2eaLhyBRkMl31uJbyrQUkvBZG2eoJpdixh9i+TY9/RK+7wVDYfyQHg3JFZiUun MbgmXDgZyx9JwIygY0HO/ICibUOnFxNGjb55eQ2G4bHD6U8YIhF+0Sv+FTFGRIzf tu+Epsojsv8=8ugv -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jan 13, 2021
•Important
Red Hat
98
security advisorymoderateRed HatRed Hat: RHSA-2020:4961-01 Moderate: Process Automation Manager Update
An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Process Automation Manager 7.9.0 security update Advisory ID: RHSA-2020:4961-01 Product: Red Hat Process Automation Manager Advisory URL: https://access.redhat.com/errata/RHSA-2020:4961 Issue date: 2020-11-05 CVE Names: CVE-2019-14900 CVE-2019-17566 CVE-2020-1748 CVE-2020-1945 CVE-2020-1954 CVE-2020-2875 CVE-2020-2933 CVE-2020-2934 CVE-2020-10683 CVE-2020-10693 CVE-2020-10714 ==================================================================== 1. Summary: An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.9.0 serves as an update to Red Hat Process Automation Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900) * batik: SSRF via "xlink:href"(CVE-2019-17566) * Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748) * ant: insecure temporary file vulnerability (CVE-2020-1945) * dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683) * hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693) * wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714) * cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954) * mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2875) * mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS (CVE-2020-2933) * mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2934) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM 1694235 - CVE-2020-10683 dom4j: XML ExternalEntity vulnerability in default SAX parser 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1824301 - CVE-2020-1954 cxf: JMX integration is vulnerable to a MITM attack 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability 1848617 - CVE-2019-17566 batik: SSRF via "xlink:href" 1851014 - CVE-2020-2934 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete 1851019 - CVE-2020-2875 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete 1851022 - CVE-2020-2933 mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS 5.References: https://access.redhat.com/security/cve/CVE-2019-14900 https://access.redhat.com/security/cve/CVE-2019-17566 https://access.redhat.com/security/cve/CVE-2020-1748 https://access.redhat.com/security/cve/CVE-2020-1945 https://access.redhat.com/security/cve/CVE-2020-1954 https://access.redhat.com/security/cve/CVE-2020-2875 https://access.redhat.com/security/cve/CVE-2020-2933 https://access.redhat.com/security/cve/CVE-2020-2934 https://access.redhat.com/security/cve/CVE-2020-10683 https://access.redhat.com/security/cve/CVE-2020-10693 https://access.redhat.com/security/cve/CVE-2020-10714 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=rhpam&version=7.9.0 https://docs.redhat.com/en/documentation/red_hat_process_automation_manager/7.9 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX6RJLtzjgjWX9erEAQiwMQ//di/NzXr/bUczHDyBxR8c0iGnFnEWAaFP 1QSjLOEW9M11MG1eQveSHIWB9g2eGxF5eg2x55rfQ70d9uxCNUiit7V7L4g3/Rlp X7mMVqHiunPnWv3a4hEWjHpXMirtQ+k68L0HPal+8hXBQwtJ5/brD4zxt5A9paSo EN7Q51UzuM2iwjZ5DMa8d6hTlvtFiOyU6x+lqmaOU/Jcetc045Ir7h/AIsF+ntia /v3vz9j7NLqVSbgx3sIZEqdwJwDVAbBJC5iWS1mZ8PjCwcKFjNj24515lKoqWGmd 2krNjlUxYPlzOmpz5Dx1sJc5VePfloalxa0M/q8jQEcSJ8E36SsP8mIY21njZ0gj mcVV4dvdY9yPS7AnYs/8oxfAKGNe/Kd+CVtU6SZCEVuqhodSQkUojz8i/6Zyc0hm KT372TzBLQc/MubujSRnquu9R3wyBYBT8oMKh5T0+f6wVnA+9/BIY7LD6LSzRuvO E82Pf5efQTV01yO998qHEcPKZ1gT9KVQiJzekJY7g227ZLzFRzTbcp6l52mki/sZ UfmbeoESNBdffxBONbxt+HRDLGKE1zaqTx440RsIB2+bI64m5uIpIhX4LAZv5X2t ivwtoU9KNyl/NkYYoq3yfUnMnMpS/NVFYoMW6CqRLbAgK3eM9VTz0ffVoslj4CvB U8aCtoU/GQ8=Nw/k -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 05, 2020
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!