drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Red Hat Build of Apache Camel 4.8.5 for Spring Boot
| Name: |
Mehrere Probleme in Red Hat Build of Apache Camel 4.8.5 for Spring Boot |
|
| ID: |
RHSA-2025:3543 |
|
| Distribution: |
Red Hat |
|
| Plattformen: |
Red Hat build of Apache Camel 4.8.5 for Spring Boot |
|
| Datum: |
Do, 3. April 2025, 06:42 |
|
| Referenzen: |
https://access.redhat.com/security/cve/CVE-2025-2240
https://access.redhat.com/security/cve/CVE-2025-24970
https://bugzilla.redhat.com/show_bug.cgi?id=2344787
https://access.redhat.com/errata/RHSA-2025:3543
https://bugzilla.redhat.com/show_bug.cgi?id=2350682
https://access.redhat.com/security/cve/CVE-2025-27636
https://bugzilla.redhat.com/show_bug.cgi?id=2351452
https://bugzilla.redhat.com/show_bug.cgi?id=2353507
https://access.redhat.com/security/cve/CVE-2024-57699
https://access.redhat.com/security/cve/CVE-2025-22228
https://bugzilla.redhat.com/show_bug.cgi?id=2344073 |
|
| Applikationen: |
Red Hat Build of Apache Camel 4.8.5 for Spring Boot |
|
Originalnachricht |
Red Hat build of Apache Camel 4.8.5 for Spring Boot release and security update
is now available.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Red Hat build of Apache Camel 4.8.5 for Spring Boot release and security update
is now available.
The purpose of this text-only errata is to inform you about the security issues
fixed.
Security Fix(es):
* json-smart: Potential DoS via stack exhaustion (incomplete fix for
CVE-2023-1370) (CVE-2024-57699)
* io.smallrye/smallrye-fault-tolerance-core: SmallRye Fault Tolerance
(CVE-2025-2240)
* spring-security-core: CVE-2025-22228: Spring Security BCryptPasswordEncoder
does not enforce maximum password length (CVE-2025-22228)
* io.netty/netty-handler: SslHandler doesn't correctly validate packets
which can lead to native crash when using native SSLEngine (CVE-2025-24970)
* org.apache.camel/camel-http: bypass of header filters via specially crafted response (CVE-2025-27636)
* org.apache.camel/camel-http-base: bypass of header filters via specially
crafted response (CVE-2025-27636)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
CVE-2024-57699: Uncontrolled Recursion (CWE-674)
CVE-2025-2240: Improperly Controlled Sequential Memory Allocation (CWE-1325)
CVE-2025-22228: Incorrect Authorization (CWE-863)
CVE-2025-24970: Improper Input Validation (CWE-20)
CVE-2025-27636: Improper Neutralization of HTTP Headers for Scripting Syntax
(CWE-644)
|
|
|
|
