Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 4 articles for you...
98
security advisorymoderate severityxml external entityRed Hat: RHSA-2023-5441-01 Moderate: Security Update for Camel
Red Hat Integration Camel for Spring Boot 4.0.0 release and security update is now available. Red Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Integration Camel for Spring Boot 4.0.0 release and security update Advisory ID: RHSA-2023:5441-01 Product: Red Hat Integration Advisory URL: https://access.redhat.com/errata/RHSA-2023:5441 Issue date: 2023-10-04 CVE Names: CVE-2022-44729 CVE-2022-44730 CVE-2022-46751 CVE-2023-26048 CVE-2023-26049 CVE-2023-33008 CVE-2023-34462 CVE-2023-40167 ===================================================================== 1. Summary: Red Hat Integration Camel for Spring Boot 4.0.0 release and security update is now available. Red Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Integration Camel for Spring Boot 4.0.0 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. * batik: Server-Side Request Forgery vulnerability (CVE-2022-44729) * batik: Server-Side Request Forgery vulnerability (CVE-2022-44730) * apache-ivy: XML External Entity vulnerability (CVE-2022-46751) * jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048) * jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049) * apache-johnzon: Prevent inefficient internal conversion from BigDecimal at large scale (CVE-2023-33008) * netty: io.netty:netty-handler:SniHandler 16MB allocation (CVE-2023-34462) * jetty-http: jetty: Improper validation of HTTP/1 content-length (CVE-2023-40167) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 2216888 - CVE-2023-34462 netty: SniHandler 16MB allocation leads to OOM 2221135 - CVE-2023-33008 apache-johnzon: Prevent inefficient internal conversion from BigDecimal at large scale 2233112 - CVE-2022-46751 apache-ivy: XML External Entity vulnerability 2233889 - CVE-2022-44729 batik: Server-Side Request Forgery vulnerability 2233899 - CVE-2022-44730 batik: Server-Side Request Forgery vulnerability 2236340 - CVE-2023-26048 jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() 2236341 - CVE-2023-26049 jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies 2239634 - CVE-2023-40167 jetty: Improper validation of HTTP/1 content-length 5. References: https://access.redhat.com/security/cve/CVE-2022-44729 https://access.redhat.com/security/cve/CVE-2022-44730 https://access.redhat.com/security/cve/CVE-2022-46751 https://access.redhat.com/security/cve/CVE-2023-26048 https://access.redhat.com/security/cve/CVE-2023-26049 https://access.redhat.com/security/cve/CVE-2023-33008 https://access.redhat.com/security/cve/CVE-2023-34462 https://access.redhat.com/security/cve/CVE-2023-40167 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q4 6. Contact: The Red Hatsecurity contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJlHYSlAAoJENzjgjWX9erEY5sP/2dMIE7R17o8VqlZdqqId2PD m7WiE/9WiEgtKr7540nykn3dMB8wt5IrAan7UhCQ60S2Q+xtlXKRsTxKWxmOtp/F cyOUufeXQsnl0hF68sBrTKgUKYzmOnsUSQXOnF8Hq9jgRPcDhq288F3T60cJZk3o mkibHlqe+1Gbr7rzeDtmdCiqDhlWSoTRgy9Q1xGVubica8sXhelc430Fm11pLms1 CzY6VXxD6t1WRnJ7k//pPVguqGsZytLBPlLclsFXa9CG4fNaN/m2jCncLEuaOZxN K5Ap6IGTqUow2dzY4N4k0v6V24srZtSFt+dFknwrjSaUeEl0p8H6wl11UJrW3DL5 1IizSST8NXrd783a1pqNTKD5iwgJ/94jpm673kzDxDZCoueFbc1ER/YOtQg5bCAd nzdormAVtnOBIzwVUi4l0l5bk0BMtfD0E8xHZeN502DJfAABZH27D3r7LnOgyXkj MjoMmMRtAl4xKeH3GlM1fyIYu3jHSsrId9ykTEZwvlegtFIKSTUF0/Znz7pSfO/w eMIvqinTX/rZ6Wjy4ENntMFvpFDkTastJLrsKmeSm+/mV44l9v76m/Oylsro/ui2 b9IuKcyJW2WGEosT++VUpgMrdJ8BWhBfirGpa1rh4fRQDh4NlB7VjiXwccHbEH2A lVwPfcWEn2MqKPtlx/vU =0Oie -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 04, 2023
Red Hat
98
security advisorydos attackimportant updateRed Hat: RHSA-2023-5148-01 Important: Spring Boot Security Fix
Red Hat Integration Camel for Spring Boot 3.20.2 release and security update is now available. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Integration Camel for Spring Boot 3.20.2 release and security update Advisory ID: RHSA-2023:5148-01 Product: Red Hat Integration Advisory URL: https://access.redhat.com/errata/RHSA-2023:5148 Issue date: 2023-09-13 CVE Names: CVE-2023-20873 CVE-2023-34455 ===================================================================== 1. Summary: Red Hat Integration Camel for Spring Boot 3.20.2 release and security update is now available. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Integration Camel for Spring Boot 3.20.2 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Security Fix(es): * spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud Foundry (CVE-2023-20873) * snappy-java: Unchecked chunk length leads to DoS (CVE-2023-34455) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2215445 - CVE-2023-34455 snappy-java: Uncheckedchunk length leads to DoS 2231491 - CVE-2023-20873 spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud Foundry 5. References: https://access.redhat.com/security/cve/CVE-2023-20873 https://access.redhat.com/security/cve/CVE-2023-34455 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q3 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJlAikfAAoJENzjgjWX9erE99YP/i5C3Va6yTCslqiNPOj8cOhy OC1tdof6RVbOxWysA+u4mOSHLQGCO3WJC5ujoTjBLwnyiW0jsQNZywc6MxvFZVi2 cpd6ZUc6GcOEgXppKmB6kOKckTjK9x2J1Pp99sBaUu1JjjsPHKtiIU7UpxDfbj0x l8LKCbFnjvzEc9iLiORTMrR0x+Di72v1g+pDppkF6cLPISQjmaoy2fFPGOk+QNir OyR6ftdOUwouMpwoeBYA9LNUtj4L4LIwNo7/XUAM37KpgsDjrIugI03BW55WZetu U4fJ2iiCnNRNi7RbQgBoBsAk84wDvZ3CUlsObuJzUnbZO8AHwtTKNLDCXBDXV39N qDhN6Qsf+ODX4XRy92Q7e734bLyKBCdo0JoOq6b3bVP0AxDNnM+vf+1WAD2dnU0F mVEswKVJ3pex7jgw7tsVeGG7QtDLUD3JC1Sg9/wxXZfjmYxr//5e+BPqb0DY3CQ1 VK+Ctx/ovR0sHqmTUFMTgupaVqn/6h9nl16QUpDBY3BiP6QOcgBIAMdZoWDzkdOv Tg/GiEeofpISrxAVtxJXMAcnJA7XmyfaEa6Ks4kqFM5Jd5q+z8tKsePB+SYprL0K 9DLXWQpud7FydFnjzS2HtE85md/LCxBiuGhX8LTqAd0S/n/snKTU3vf7rbDs0uYq +au4fOPXeWAsGf5whih/ =jfNi -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 13, 2023
•Important
Red Hat
98
security advisorysecurity issueDoSRed Hat: RHSA-2023-5147-01 Important: Spring Boot DoS Threat
Red Hat Integration Camel for Spring Boot 3.18.3.2 release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having an impact of. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Integration Camel for Spring Boot 3.18.3.2 release and security update Advisory ID: RHSA-2023:5147-01 Product: Red Hat Integration Advisory URL: https://access.redhat.com/errata/RHSA-2023:5147 Issue date: 2023-09-13 CVE Names: CVE-2021-46877 CVE-2023-20873 CVE-2023-33201 CVE-2023-34455 ===================================================================== 1. Summary: Red Hat Integration Camel for Spring Boot 3.18.3.2 release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: A security update for Camel for Spring Boot 3.18.3.2 is now available. The purpose of this text-only errata is to inform you about the security issues fixed in this release. * spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud Foundry (CVE-2023-20873) * jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877) * bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201) * snappy-java: Unchecked chunk length leads to DoS (CVE-2023-34455) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other relatedinformation, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2185707 - CVE-2021-46877 jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode 2215445 - CVE-2023-34455 snappy-java: Unchecked chunk length leads to DoS 2215465 - CVE-2023-33201 bouncycastle: potential blind LDAP injection attack using a self-signed certificate 2231491 - CVE-2023-20873 spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud Foundry 5. References: https://access.redhat.com/security/cve/CVE-2021-46877 https://access.redhat.com/security/cve/CVE-2023-20873 https://access.redhat.com/security/cve/CVE-2023-33201 https://access.redhat.com/security/cve/CVE-2023-34455 https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q3 https://access.redhat.com/security/updates/classification#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJlAikdAAoJENzjgjWX9erEY04P/iSm4Sumuu8ke2lI2WqpIdvO GDOr9DgtoWEhuJTTGaIYTO5qO2DBfuP8VwqL4Px12zmcQrq1j0txFOEVSWGGSgT1 KddBmIG9ERwkbKH+t5styPYwWtu5T5jQImVLjHOVNWIsQ0PL2dgZuOaGjLMGY4DL jvTViXGGLnjomR9jf9EIj59KRGklKp9hFwE4SGarH3RSQchu+94uPeYXVK7ifbx+ SWWHthI6+XsO3MKaXiX60OpgPODS7gtvVnlk/9ZqeYOa4TLLBjxNGskw2H8m+fGD wVThEvVFOL0Co5tPlXH785wguzcDI/77wp9FKNKdudfkNyE4rt0uIns8HZ5F71yv YzhD/Z4bi/oHlwCN9WuDYCMEuI2YDf5oB1m4hL10nr9j48izi316ru4HvU7pSd/3 JtNzIdWyMtKFMrNas8P6GrlJueXhpv1QFc9S4t42bGoZvdfYfvPeOttsjbnoN93H fN+O1guY+9ngVc6/UP2z1S2p4YZNUVganHLR/P9rmWMhamX7qAMpqJmBiu8xtb5u pssgpr0PPrYI9LZsVofeXK2H/l7OvhaoL8WdA3YFZe2uNknDPrINNKsHBaqI/d5W YAI5cnNzwQSUGyK+oeDl4O04Frj3ntrlhfGRA971kfTkweZnjOB8ComPOpHKiCsf FVJiEkqhQ7jUG3NbQ5TP =HZ7/ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 13, 2023
•Important
Red Hat
98
security advisoryinformation leakdirectory traversalRed Hat: RHSA-2023-3906-01 Important Update for Camel K 1.10.1
Red Hat Integration Camel K 1.10.1 release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Important.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Integration Camel K 1.10.1 release security update Advisory ID: RHSA-2023:3906-01 Product: Red Hat Integration Advisory URL: https://access.redhat.com/errata/RHSA-2023:3906 Issue date: 2023-06-28 CVE Names: CVE-2022-4244 CVE-2022-4245 CVE-2022-39368 CVE-2022-41946 CVE-2022-46363 CVE-2023-1370 ==================================================================== 1. Summary: Red Hat Integration Camel K 1.10.1 release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Important. 2. Description: A security update for Camel K 1.10.1 is now available. The purpose of this text-only errata is to inform you about the security issues fixed with this release. * json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)(CVE-2023-1370) * codehaus-plexus: Directory Traversal (CVE-2022-4244) * codehaus-plexus: XML External Entity (XXE) Injection (CVE-2022-4245) * scandium: Failing DTLS handshakes may cause throttling to block processing of records (CVE-2022-39368) * jdbc-postgresql: postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions (CVE-2022-41946) * Apache CXF: directory listing / code exfiltration (CVE-2022-46363) A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the Referencessection. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2145205 - CVE-2022-39368 scandium: Failing DTLS handshakes may cause throttling to block processing of records 2149841 - CVE-2022-4244 codehaus-plexus: Directory Traversal 2149843 - CVE-2022-4245 codehaus-plexus: XML External Entity (XXE) Injection 2153399 - CVE-2022-41946 postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions 2155681 - CVE-2022-46363 Apache CXF: directory listing / code exfiltration 2188542 - CVE-2023-1370 json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) 5. References: https://access.redhat.com/security/cve/CVE-2022-4244 https://access.redhat.com/security/cve/CVE-2022-4245 https://access.redhat.com/security/cve/CVE-2022-39368 https://access.redhat.com/security/cve/CVE-2022-41946 https://access.redhat.com/security/cve/CVE-2022-46363 https://access.redhat.com/security/cve/CVE-2023-1370 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q2 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZJyrNNzjgjWX9erEAQhkyRAAjRx+GyCSXRyQt/8rYWKuJj5DN/eTaiZe 8t2QARLdMpf7/wzCV14C76C0GFrXp18LsfAmT5GaIF6qdHVAi9byV3GhkOiAF6sY pebvIaJcCVPDuFsQFYUd64jbauFQjaFKBIB3E1f5Vkagd8+pS0YBBPCO945cy/jy KVVS38GpC1YAL8nefyEs9XHwH9dn92UdKun20DwkVKBE38knTVcybLFyLQNGmwH5 K+2Vvl55R8cQvFlE0izXH8OOn1jHF0y4nb3kskn91JuvPKyc79aIFhdHqq3xzmqi vxMov4cCdqLg+IUdDbapS9o/VsZdOTBV+ncf/dSGHY5CrkG7lmZ2zGBpG/JogTsF Ng+F6UgjTrYqp5HEAv7g07LcS0YcCpPnRrX1VapF7C2+J6EcM3rr7Hbm0zrSYyK0 dy++aGsyi3KX88TlNvPGk2gjk3+e4AnqQbUDNQB78XwDulsg66fMwhpF9uSEm6v5 sTsPGLP9Y9cTwtzJn39OE50HUdAfB21RpzwkQRePUJLh6vSKmE1RbmY7F7knuq89 wQ37fAhUn3CRGSqJv2C5JBQ6Rr+7S37ClrNdP7WygbjxikNwSAU18W0DP7nuui0p 0bZK/hrWpnGOV4K3T15gyJVn/So8LG0onEp5pq666HE+QFDKsbGKbrSUZpLERxsk m4WnM/PhcOY=1Kio -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 28, 2023
•Important
Red Hat
98
security advisorydenial of serviceimportantRed Hat: RHSA-2023-3740-01 Important Spring Boot Security Update
Red Hat Integration Camel for Spring Boot 3.20.1 Patch 1 release and security update is now available. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Integration Camel for Spring Boot 3.20.1 Patch 1 release security update Advisory ID: RHSA-2023:3740-01 Product: Red Hat Integration Advisory URL: https://access.redhat.com/errata/RHSA-2023:3740 Issue date: 2023-06-21 CVE Names: CVE-2023-20883 CVE-2023-24815 ==================================================================== 1. Summary: Red Hat Integration Camel for Spring Boot 3.20.1 Patch 1 release and security update is now available. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: This release of Camel for Spring Boot 3.20.1.P1 serves as a replacement for Camel for Spring Boot 3.20.1 and includes bug fixes and enhancements, which are documented in the Release Notes linked in the References. The purpose of this text-only errata is to inform you about the security issues fixed. Security Fix(es): * vertx-web: StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route (CVE-2023-24815) * spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have beenapplied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2209342 - CVE-2023-20883 spring-boot: Spring Boot Welcome Page DoS Vulnerability 2209400 - CVE-2023-24815 vertx-web: StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route 5. References: https://access.redhat.com/security/cve/CVE-2023-20883 https://access.redhat.com/security/cve/CVE-2023-24815 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q2 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZJNxFdzjgjWX9erEAQjgyg/8DIsEGsp2KcG+EMZiGqVlBaafePfT3gP6 tVOVD4jqsxQYLNa05/IZQtW5Do+0q1vF+ElMq073BgiTXzx6dvD2gppr+Z4DJfAt tvigw2uRofa+ycyL7LxtguxuwUEOrroEiCSqV5itQ/VKiPGoWbQ9WW7LJqPoL/l3 bOywYNbjQ9DIruTwaWt5YbdzYeCPiyh1lW+pG5wzci7m2DZoRu4mR+cV+XsY0XRS cGS5UtE60bXpid5CUFVKno26ArmY1twpb3hB8cX2xrjwa9xOpfteffdqp6bLM9Fv CfnjBSJLRiOIucR2d3jgWaMFsQlfpxRGfp/1fT9bI3RJ5RO2p0BHUS4ECAeCXCNW PhrmMfHKthHeQKSNpWPTKt+XgO1jE8qMATic5/hB3PL6w2KqFs8mSWePrhD3Vo1J SktXfBa3Sd1V3TbOz2otcifMCzg7ry95+sSR72Zpu/nQfP+keOsian98FdRlGzV5 Hh2l98+YgdtmNFp4rwrVCcOLluv/rzt7oG1UBYVM9ATV50fXqtU8KR7YRS3ooNj3 kaHBDTsUpqdl+iN25jpeDooLZkCKPcGsm7Pg6bUFjYkIHavxFwve9hVxXp9yiVL6 446ILywCJFF2/hsD7o0Pe4r6Gc9le6zh7C/6kqa+hb1k9aGtcwFnMaNK1H2Y3zni 4j/W1dDwivU=xseK -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 21, 2023
•Important
Red Hat
98
security advisorysecurity updateRed HatRed Hat Integration: RHSA-2022-7896-01 Moderate: Debezium DoS Fix
A security update for Debezium is now available for Red Hat Integration. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Integration Debezium 1.9.7 security update Advisory ID: RHSA-2022:7896-01 Product: Red Hat Integration Advisory URL: https://access.redhat.com/errata/RHSA-2022:7896 Issue date: 2022-11-09 CVE Names: CVE-2021-22569 CVE-2022-3171 ==================================================================== 1. Summary: A security update for Debezium is now available for Red Hat Integration. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Debezium is a distributed platform that turns your existing databases into event streams, so applications can see and respond immediately to each row-level change in the databases. Debezium is built on top of Apache Kafka and provides Kafka Connect compatible connectors that monitor specific database management systems. Debezium records the history of data changes in Kafka logs, from where your application consumes them. This makes it possible for your application to easily consume all of the events correctly and completely. Even if your application stops unexpectedly, it will not miss anything: when the application restarts, it will resume consuming the events where it left off. Security Fix(es): * protobuf-java: potential DoS in the parsing procedure for binary data (CVE-2021-22569) * protobuf-java: timeout in parserleads to DoS (CVE-2022-3171) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: To apply this update just follow standard installation procedure https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q4/html/installing_debezium_on_openshift/index https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q4/html/installing_debezium_on_rhel/index 4. Bugs fixed (https://bugzilla.redhat.com/): 2039903 - CVE-2021-22569 protobuf-java: potential DoS in the parsing procedure for binary data 2137645 - CVE-2022-3171 protobuf-java: timeout in parser leads to DoS 5. References: https://access.redhat.com/security/cve/CVE-2021-22569 https://access.redhat.com/security/cve/CVE-2022-3171 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2022-Q4 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY2v3otzjgjWX9erEAQhmmw/+NujxA03qhV4k8/pvL88Dazs3bt6ZH8ar ELY1Ueri1EgfWROfGB2+SKK2hbFNN+ft4iY2YWHhDX6PUAmVMPiaB0M8NCQkj7GW 17Bo/muRWOti78J03+2314VxLwNHn+s2qCtAR3/Ks4bfcEDUMwsy/u3YTs+wtbK5 tvO5s6uUPB2evIlliJuYKVfUFB9R900tZv44JZ2d+PC3R4S+dUcVTASRX8lDQMhx lOSxVePvV1rNTBJ0e7GaPCWNHR2eNSewpwI/XLhfBOh7ojIgNDUNCi69aEYyVLHW R7uh5R3+PFZvQX+mJ74qcQV2aYVQ4MnhKZrWqbkGyhMqHVRuF7d6DzXd2yMWVDWk vjgnu2NHR0SG/uRdA2Iykm0MGCq9/69KTo3C+nFEoDNg2vVdH155IInpAdpiw/zn iKOXcdQkrLyvClNz/giifooNm9/8HSYhI26ayOj/t+H0AGQfAGLfVHGbNQJ7y00W tSU1OfNPU53KCvbIk/l/3H4SOeXPbOb5pgXaEOM+8ssPk48aBSkQ5Ru7HrJOZwYY fU3652+qceb/IAWoHsGfW2UKOOLeyipD9i4rxhKaAQYtOsETGAoeqxF43e78VFBy y47unTuLhi0DyhZw+ZPKzit3j4VLTUTrB79JxyZQ+WZYXOU/ZUpwSkRwMqwjMm9Q +d4cGdgfQ7Y=3CJ6 -----END PGPSIGNATURE----- -- RHSA-announce mailing list
Nov 09, 2022
Red Hat
98
security advisorysecurity issuemoderate severityRed Hat Integration 2.7 RHSA-2022:5606-01 Moderate: Multiple Threat Fixes
Red Hat Integration Camel Extensions for Quarkus 2.7 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Integration Camel Extensions for Quarkus 2.7 security update Advisory ID: RHSA-2022:5606-01 Product: Red Hat Integration Advisory URL: https://access.redhat.com/errata/RHSA-2022:5606 Issue date: 2022-07-19 CVE Names: CVE-2020-9492 CVE-2021-3520 CVE-2021-22132 CVE-2021-22135 CVE-2021-22137 CVE-2021-37714 CVE-2021-38153 CVE-2021-43859 CVE-2022-0981 ==================================================================== 1. Summary: Red Hat Integration Camel Extensions for Quarkus 2.7 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Integration - Camel Extensions for Quarkus 2.7 serves as a replacement for 2.2.1 and includes the following security Fix(es): Security Fix(es): * hadoop: WebHDFS client might send SPNEGO authorization header (CVE-2020-9492) * lz4: memory corruption due to an integer overflow bug caused by memmove argument (CVE-2021-3520) * elasticsearch: executing async search improperly stores HTTP headersleading to information disclosure (CVE-2021-22132) * jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck (CVE-2021-37714) * Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients (CVE-2021-38153) * xstream: Injecting highlyrecursive collections or maps can cause a DoS (CVE-2021-43859) * quarkus: privilege escalation vulnerability with RestEasy Reactive scope leakage in Quarkus (CVE-2022-0981) * elasticsearch: Document disclosure flaw in the Elasticsearch suggester (CVE-2021-22135) * elasticsearch: Document disclosure flaw when Document or Field Level Security is used (CVE-2021-22137) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1923181 - CVE-2021-22132 elasticsearch: executing async search improperly stores HTTP headers leading to information disclosure 1925237 - CVE-2020-9492 hadoop: WebHDFS client might send SPNEGO authorization header 1943184 - CVE-2021-22135 elasticsearch: Document disclosure flaw in the Elasticsearch suggester 1943189 - CVE-2021-22137 elasticsearch: Document disclosure flaw when Document or Field Level Security is used 1954559 - CVE-2021-3520 lz4: memory corruption due to an integer overflow bug caused by memmove argument 1995259 - CVE-2021-37714 jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck 2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients 2049783 - CVE-2021-43859 xstream: Injecting highly recursive collections or maps can cause a DoS 2062520 - CVE-2022-0981 quarkus: privilege escalation vulnerability with RestEasy Reactive scope leakage in Quarkus 5.References: https://access.redhat.com/security/cve/CVE-2020-9492 https://access.redhat.com/security/cve/CVE-2021-3520 https://access.redhat.com/security/cve/CVE-2021-22132 https://access.redhat.com/security/cve/CVE-2021-22135 https://access.redhat.com/security/cve/CVE-2021-22137 https://access.redhat.com/security/cve/CVE-2021-37714 https://access.redhat.com/security/cve/CVE-2021-38153 https://access.redhat.com/security/cve/CVE-2021-43859 https://access.redhat.com/security/cve/CVE-2022-0981 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2022-Q3 https://docs.redhat.com/en/documentation/red_hat_integration/2022.q3 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYuFkGtzjgjWX9erEAQg+hQ//Wee1BsmMMfrPXtV4V+HuBI/Do2QWTg3+ 3ueJ8c0X2YdIpEwcMKR+wgpaPUv79+zHDlRu8X2J0YhIFN+FYFT0jEjb0T4d85SU 3pN2rqwQwM4fcDcVd/88iH6HJxg9u6ii51/CK2p2EnDLTgb/MuLuq3RYoLdWpiJt hoK0XR7g2e8B1U7AiFQO+X4lo/+yH5fEK9sk76KU3KjL40dmkypx5YfSFDH0hB1V 93vv5JonX90AiS/Gr7vCaRzjgw/j86fl+pizJSaHuM87JghrdS6MC1Ij6afgBEM2 DSSXBl3z5mtNfLQ+Np0zCrLG/zkLrM1b4sfm72URdL+XDaMM2wce2gGMYtEjQKF9 rLPvror86VhJkpEJo8J/7pua/mmviI3cUWe9QFY7txrBDpQcv0IgDtylucOp1k/1 yphA41dYJYMIk2eD06R+qr+4ItTJbCO0Q/OCbhqd3m2eT9iXfbclxtkJvUTebjSt /kTJ4kkCALUdZv6MbkrhrBIEFxBbF0hl8F/OevgVcP+6F6MZ7mSGRFrrX3cEVg3O uXiNHrjHp5mAzn8e0IMfitgXYlgnkX68A8E+WT6c4pszeZaow+6j/ny5ePEqj5VN cVJETyagr0mVydi6UyaclyAQ1rrwtR0+WefEUnib9OAio5tKFZywphiSYgSJf7YC NTP5FhJoQ2g=O0fk -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jul 27, 2022
Red Hat
98
security advisorymoderateDoSRed Hat Integration: RHSA-2022-0222-02 Moderate: log4j DoS and RCE Fix
A security update to Red Hat Integration Camel Extensions for Quarkus 2.2 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Integration Camel Extensions for Quarkus 2.2 security update Advisory ID: RHSA-2022:0222-01 Product: Red Hat Integration Advisory URL: https://access.redhat.com/errata/RHSA-2022:0222 Issue date: 2022-01-20 CVE Names: CVE-2021-44832 CVE-2021-45046 CVE-2021-45105 ==================================================================== 1. Summary: A security update to Red Hat Integration Camel Extensions for Quarkus 2.2 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: This update of Red Hat Integration - Camel Extensions for Quarkus serves as a replacement for 2.2 GA and includes the following security Fix(es): Security Fix(es): * log4j-core: remote code execution via JDBC Appender (CVE-2021-44832) * log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046) * log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying thisupdate, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2032580 - CVE-2021-45046 log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) 2034067 - CVE-2021-45105 log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern 2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender 5. References: https://access.redhat.com/security/cve/CVE-2021-44832 https://access.redhat.com/security/cve/CVE-2021-45046 https://access.redhat.com/security/cve/CVE-2021-45105 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2022-Q1 https://docs.redhat.com/en/documentation/red_hat_integration/2022.q1 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYentr9zjgjWX9erEAQh+3Q/+LQWMqJ01XS7Fj4x/VLJ3QMumLEKmu2nL Y7YfCO1pPtjLlDnEjCkfMABfkJpzV9oHcRMyGZoaIgGSzc3Y82fPxPkMx5s3FPB5 rp9pzYDBMQAQ5Gq+UJl5XDF1VCDgE2mY+z743WKevuSoVk4gyLewpB4yS8RZb41G y8JLZrlbSyDfw29wqrHpbBNSp8KozClNmA4/cURk+8y8nxYZTCb9SVSiyO4bfs6E 3mSfAJNby/XfvmGbOepKZIIwtZSDrTuSLnZtbc/IqmUvNUisBZrcid8YfYuUS+7a Sn9VB96KuCyxdGuOtW2B6HZ/5yhKDRdg9hucUWb3p9I2wy8X5ldQmYvOCEZ84twZ bJpEt43J2RjqP8EuCTzl0vWlpvPg8bXTY4Jny47sJq1CVSxUAKxGdSU6XtdeCGdt RsjjpJ/S2rBzAi31N4mVEKw2rWeFuZXMqo6xm1IQKH/ZlEIFbNKYFFFgO9tTYJne aGoLLIwJqrWQ+LvdfWMwj/Xo/i0SYKmOoJ+llHO4s2qRsTiW+h7zw/QwJF6YYM2e ibrG408f+DeAPfVQYEsTN5n62HuSL8F00AO4KYM6ve/JAXlyKCwJrUT2KNot5rtv q52XqMzTNIvbj516Z4BLaMyqqJkInFFJZZj5eymxknFyEg6gKT2afOo4LZA1qavy dPm9N6YMOsk=bJEp -----END PGP SIGNATURE----- -- RHSA-announcemailing list
Jan 20, 2022
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!