drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in Red Hat Integration
Name: |
Ausführen beliebiger Kommandos in Red Hat Integration |
|
ID: |
RHSA-2022:1333-01 |
|
Distribution: |
Red Hat |
|
Plattformen: |
Red Hat Integration |
|
Datum: |
Mi, 13. April 2022, 06:58 |
|
Referenzen: |
https://access.redhat.com/security/vulnerabilities/RHSB-2022-003
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2022-Q2
https://access.redhat.com/security/cve/CVE-2022-22965 |
|
Applikationen: |
Red Hat Integration |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Low: Red Hat Integration Camel-K 1.6.5 security update Advisory ID: RHSA-2022:1333-01 Product: Red Hat Integration Advisory URL: https://access.redhat.com/errata/RHSA-2022:1333 Issue date: 2022-04-12 CVE Names: CVE-2022-22965 =====================================================================
1. Summary:
A micro version update (from 1.6.4 to 1.6.5) is now available for Red Hat Integration Camel K. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
2. Description:
A micro version update (from 1.6.4 to 1.6.5) is now available for Red Hat Camel K that includes CVE fixes in the base images, which are documented in the Release Notes document linked in the References section.
Security Fix(es):
* spring-beans: spring-framework: RCE via Data Binding on JDK 9+ (CVE-2022-22965)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
3. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
4. Bugs fixed (https://bugzilla.redhat.com/):
2070348 - CVE-2022-22965 spring-framework: RCE via Data Binding on JDK 9+
5. References:
https://access.redhat.com/security/cve/CVE-2022-22965 https://access.redhat.com/security/vulnerabilities/RHSB-2022-003 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2022-Q2 https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q1
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYlX6IdzjgjWX9erEAQjfGQ//ff8/J2BxiGKD0zB6RGPrgwCaSvkVtV7y 8Lld/xKCQApjQzVXeM8pfkbhIn0+YwV41raVatrc7c8s8iKGcddyF4h7rQpk78eF +X+S/6oB63e78O/bCRRYsQFCYaAYt+JDVrG4WAwbDJ27sUGQ+99hC69Zv7cBvH5u oCAa9YjMZddlBZmYmSsfSx2VqPfRQNNEczL0DJYpwZtsNmgQxeQiU1e9advtr/wW 7Wfev8zuUy9UlbNjzFVi+ynvzeNOOYomAfpyRYMxfY6IeOvfDsfiAKhi/PfQIX3L oCGxfGzP58AAeeb4OGIhTY9Z+yXUwYjmgIiwIpOfbz4+ewos6it6XUXqdYMKYFSd QTs/tWDftxZquB0Zg4DkAHlNFfJPSN3M4HVsOOczIV6cR1G5DNLsOLACCjJOe9py 6bwgpB0E0yjkMAxokLyETwv8j9NskwMV9ns4nTge7HiGOybZXwXGXKn/gya63uUp NFvHdAuAqzP5Omh6DOTgHzc4sKv1SRVAwI3cokCcoKmzkLwXNGYZC3jh42xhBZDj m8OEmHOhtWdo6rBNN0lc1gjIdzHIQXFS+qhlicqD1JGvhSDCqSQOVP3Z1YwKJO6q R4r9nB+kN/u3yBMuuGD8WCB6w4y6TV3d5MoAi4l0gu6alHBsTrE0r5tLRNGTstI6 2e9xMQYImAM= =JwkL -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
|
|
|
|