drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Red Hat AMQ Streams
Name: |
Mehrere Probleme in Red Hat AMQ Streams |
|
ID: |
RHSA-2023:0189-01 |
|
Distribution: |
Red Hat |
|
Plattformen: |
Red Hat JBoss AMQ |
|
Datum: |
Mi, 18. Januar 2023, 06:50 |
|
Referenzen: |
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.streams&version=2.3.0
https://access.redhat.com/security/cve/CVE-2022-2191
https://access.redhat.com/security/cve/CVE-2022-2048
https://access.redhat.com/security/cve/CVE-2022-38752
https://access.redhat.com/security/cve/CVE-2022-2047
https://access.redhat.com/security/cve/CVE-2022-42003
https://access.redhat.com/security/cve/CVE-2022-42004 |
|
Applikationen: |
Red Hat AMQ Streams |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: Red Hat AMQ Streams 2.3.0 release and security update Advisory ID: RHSA-2023:0189-01 Product: Red Hat JBoss AMQ Advisory URL: https://access.redhat.com/errata/RHSA-2023:0189 Issue date: 2023-01-17 CVE Names: CVE-2022-2047 CVE-2022-2048 CVE-2022-2191 CVE-2022-38752 CVE-2022-42003 CVE-2022-42004 =====================================================================
1. Summary:
Red Hat AMQ Streams 2.3.0 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
2. Description:
Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency.
This release of Red Hat AMQ Streams 2.3.0 serves as a replacement for Red Hat AMQ Streams 2.2.0, and includes security and bug fixes, and enhancements.
Security Fix(es):
* http2-server: Invalid HTTP/2 requests cause DoS (CVE-2022-2048)
* jetty-server: Improper release of ByteBuffers in SslConnections (CVE-2022-2191)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jetty-http: improver hostname input handling (CVE-2022-2047)
* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
3. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link (you must log in to download the update).
4. Bugs fixed (https://bugzilla.redhat.com/):
2116949 - CVE-2022-2047 jetty-http: improver hostname input handling 2116952 - CVE-2022-2048 http2-server: Invalid HTTP/2 requests cause DoS 2116953 - CVE-2022-2191 jetty-server: Improper release of ByteBuffers in SslConnections 2129710 - CVE-2022-38752 snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays
5. References:
https://access.redhat.com/security/cve/CVE-2022-2047 https://access.redhat.com/security/cve/CVE-2022-2048 https://access.redhat.com/security/cve/CVE-2022-2191 https://access.redhat.com/security/cve/CVE-2022-38752 https://access.redhat.com/security/cve/CVE-2022-42003 https://access.redhat.com/security/cve/CVE-2022-42004 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.streams&version=2.3.0 https://access.redhat.com/documentation/en-us/red_hat_amq_streams/2.3
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBY8bOFNzjgjWX9erEAQjLJRAAkV4o3td1Bgsn1KLPfwSv8lH5mzng45Fb fhIyg6g7sZW+Pb4+MpqUg9Ihg3VakFIxImVJgdwETuBelA+HFcurC301xLBW1Xl7 JS0ABRPn3JQtVCVutN5n7u0CrLtd02R8QqLGnA0YwZYM/AWVPoPEEHIfQlzFOFxn jzqRlAbZK3nxdEQGe4NxJmEBYaDAbkMfAcu+BR67mXYRJwpmcnFlwnLA+h94oTkh lZiK9mTFNIhX8XfmMvJtGo/dmtLdOdQiGA2wAeSa7B99MIe1GF8D7RytOEsTtiLF hi1/33ZeXbddj0C0pJPRkOy1EPs/I00MxIlK6hIXe08evrXzFIfBP/u13NpcFCUs O1Ic5Xwjj0DvZifoTksudT8alR88rdgrEaO8BK0SKznwdK6G1gmV0CLlex+cykFX 9BGg/3iCx4kvg3KtNhp12ss2kkeboZ0gvmG9RS4f7sRtvEFwpmPfSq9SZ2zDHeZ9 6KVLNaVIKmLWtLAl8vZStCOoXvMmzi+9iWyUAO+pCshPVwuF2omJhPEYf264nsEP s6lFl5MdiwOuNfMoE4ZWbjk4UeI6PaZsfC7qQOtgp44mOOXA3rXvhG26mlMU8JGV BZPaCSCXHfw89z1+tx3UcYXLiQnP4RWwBkB+i4/AcaYRjw8horImgZgn4OCRF3Ai 10CwjQ1Ic4I= =lcYE -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
|
|
|
|