XML External Entity-Verarbeitung in postgresql-jdbc
ID: | RHSA-2021:0110-01 |
Distribution: | Red Hat |
Plattformen: | Red Hat Integration |
Datum: | Do, 14. Januar 2021, 08:12 |
Referenzen: | https://access.redhat.com/security/cve/CVE-2020-13692 |
Applikationen: | postgresql-jdbc |
Originalnachricht |
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Integration Tech-Preview 2 Camel K security update Advisory ID: RHSA-2021:0110-01 Product: Red Hat Integration Advisory URL: https://access.redhat.com/errata/RHSA-2021:0110 Issue date: 2021-01-13 Keywords: fuse CVE Names: CVE-2020-13692 ===================================================================== 1. Summary: An update to the Camel K operator image for Red Hat Integration tech-preview is now available. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: This release of Red Hat Integration - Camel K - Tech-Preview 2 serves as a replacement for tech-preview 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML (CVE-2020-13692) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1852985 - CVE-2020-13692 postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML 5. References: https://access.redhat.com/security/cve/CVE-2020-13692 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_integration/2020-q4/html/release_notes_for_red_hat_integration_2020-q4/index 6. Contact: The Red Hat security contact is |