Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Red Hat AMQ Streams 2.6.0
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Red Hat AMQ Streams 2.6.0
ID: RHSA-2023:7678
Distribution: Red Hat
Plattformen: Red Hat AMQ Streams 2.6.0
Datum: Do, 7. Dezember 2023, 22:07
Referenzen: https://bugzilla.redhat.com/show_bug.cgi?id=2215465
https://access.redhat.com/security/cve/CVE-2023-33201
https://bugzilla.redhat.com/show_bug.cgi?id=2246370
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.streams&version=2.6.0
https://bugzilla.redhat.com/show_bug.cgi?id=2243436
https://access.redhat.com/security/cve/CVE-2023-41080
https://access.redhat.com/security/cve/CVE-2023-40167
https://access.redhat.com/security/cve/CVE-2023-44387
https://access.redhat.com/errata/RHSA-2023:7678
https://bugzilla.redhat.com/show_bug.cgi?id=2235370
https://bugzilla.redhat.com/show_bug.cgi?id=2242485
https://access.redhat.com/security/cve/CVE-2023-20873
https://access.redhat.com/security/cve/CVE-2022-46751
https://bugzilla.redhat.com/show_bug.cgi?id=2233112
https://bugzilla.redhat.com/show_bug.cgi?id=2239634
https://access.redhat.com/security/cve/CVE-2023-44981
https://access.redhat.com/security/cve/CVE-2023-5072
https://access.redhat.com/security/cve/CVE-2023-31582
https://bugzilla.redhat.com/show_bug.cgi?id=2246417
https://bugzilla.redhat.com/show_bug.cgi?id=2242538
https://bugzilla.redhat.com/show_bug.cgi?id=2215229
https://access.redhat.com/security/cve/CVE-2023-42445
https://bugzilla.redhat.com/show_bug.cgi?id=2231491
https://access.redhat.com/security/cve/CVE-2023-2976
Applikationen: Red Hat AMQ Streams 2.6.0

Originalnachricht

Red Hat AMQ Streams 2.6.0 is now available from the Red Hat Customer Portal.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed
backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency.

This release of Red Hat AMQ Streams 2.6.0 serves as a replacement for Red Hat
AMQ Streams 2.5.1, and includes security and bug fixes, and enhancements.

Security Fix(es):

* JSON-java: parser confusion leads to OOM (CVE-2023-5072)

* spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud Foundry
(CVE-2023-20873)

* zookeeper: Authorization Bypass in Apache ZooKeeper (CVE-2023-44981)

* apache-ivy: XML External Entity vulnerability (CVE-2022-46751)

* guava: insecure temporary directory creation (CVE-2023-2976)

* jose4j: Insecure iteration count setting (CVE-2023-31582)

* bouncycastle: potential blind LDAP injection attack using a self-signed
certificate (CVE-2023-33201)

* jetty: Improper validation of HTTP/1 content-length (CVE-2023-40167)

* tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)

* gradle: Possible local text file exfiltration by XML External entity
injection (CVE-2023-42445)

* gradle: Incorrect permission assignment for symlinked files used in copy or
archiving operations (CVE-2023-44387)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2022-46751: XML Injection (aka Blind XPath Injection) (CWE-91)
CVE-2023-2976: Files or Directories Accessible to External Parties (CWE-552)
CVE-2023-5072: Allocation of Resources Without Limits or Throttling (CWE-770)
CVE-2023-20873: Improper Access Control (CWE-284)
CVE-2023-31582: Insufficient Entropy (CWE-331)
CVE-2023-33201: Exposure of Sensitive Information to an Unauthorized Actor
(CWE-200)
CVE-2023-40167: Improper Handling of Length Parameter Inconsistency (CWE-130)
CVE-2023-41080: URL Redirection to Untrusted Site ('Open Redirect')
(CWE-601)
CVE-2023-42445: Improper Restriction of XML External Entity Reference (CWE-611)
CVE-2023-44387: Incorrect Permission Assignment for Critical Resource (CWE-732)
CVE-2023-44981: Authorization Bypass Through User-Controlled Key (CWE-639)
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung