Headline
Red Hat Security Advisory 2023-1241-01
Red Hat Security Advisory 2023-1241-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 2.2.1 serves as a replacement for Red Hat AMQ Streams 2.2.0, and includes security and bug fixes, and enhancements. Issues addressed include an information leakage vulnerability.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256===================================================================== Red Hat Security AdvisorySynopsis: Moderate: Red Hat AMQ Streams 2.2.1 release and security updateAdvisory ID: RHSA-2023:1241-01Product: Red Hat JBoss AMQAdvisory URL: https://access.redhat.com/errata/RHSA-2023:1241Issue date: 2023-03-14CVE Names: CVE-2023-0833 =====================================================================1. Summary:Red Hat AMQ Streams 2.2.1 is now available from the Red Hat CustomerPortal.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.2. Description:Red Hat AMQ Streams, based on the Apache Kafka project, offers adistributed backbone that allows microservices and other applications toshare data with extremely high throughput and extremely low latency.This release of Red Hat AMQ Streams 2.2.1 serves as a replacement for RedHat AMQ Streams 2.2.0, and includes security and bug fixes, andenhancements.Security Fix(es):* Red Hat AMQ Streams: component version with information disclosure flaw(CVE-2023-0833)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVEpage(s) listed in the References section.3. Solution:For details on how to apply this update, which includes the changesdescribed in this advisory, refer to:https://access.redhat.com/articles/112584. Bugs fixed (https://bugzilla.redhat.com/):2169845 - CVE-2023-0833 Red Hat A-MQ Streams: component version with information disclosure flaw5. References:https://access.redhat.com/security/cve/CVE-2023-0833https://access.redhat.com/security/updates/classification/#moderate6. Contact:The Red Hat security contact is <[email protected]>. More contactdetails at https://access.redhat.com/security/team/contact/Copyright 2023 Red Hat, Inc.-----BEGIN PGP SIGNATURE-----Version: GnuPG v1iQIVAwUBZBDjytzjgjWX9erEAQhsABAAiLvOBT2ssPcLmlaGzKlH+EIEacu9nUIHitIjvCyrjKEAPsL3pnfCq7Y2QUMe2357IpTyX7korICb/pEF614IA5Al9lPuQdAfk/hvGtbLyD3TqQdCC+oNhy6B1LDaE6ZpuCofC03YKNkD3pCT+49YYjI8oLCGLhe57sia6FSTg3WGaXYbHek6vc++ZGKGDMo7O4/Jr5obwbSUdomkjn+v/79H8v0ILSJ4MiyMPgXETMM+cHAanrXjXzM9OtP8EEV+qx0rRUZJ4r9Fot5aGX7SYdtE6nXIlr/H9ReL1xCL1P7B05b5ld2R+72M2+OLvj2mW3tAJjUxKx0GxJ8g290LwTN0/15JThh/3FlUJ4tx0zuuTR53vjwISU3TF6hn1jSzj4vFzhtiSspeyd2ocim9nWTk4ajf5tPA05LBi0DaEriQ3fcf2lLDB7vFiRaFI8Vf6F+c9JWp+NATXsRCeDteQLM8TgXwZTHi0qL1/Uqlx+bVQ4wRBal8j2/70H007/a0o5OqcrNh4nzEJ5KrEAPY1gOA5JNgh+bCkjbhASSIZX1dxIQI4ntTYN139a7H+0eG/CECAQXofaHvpL85Ck9nPtR+RXduSmsVzMgUuWmOvUzX5p4HnEukncZT/89rodaMplZdEnNUZ4oWoNSYDZ/WvNIm6ux+eUjOspw2ZJ3rOFA==d5ad-----END PGP SIGNATURE-------RHSA-announce mailing [email protected]://listman.redhat.com/mailman/listinfo/rhsa-announceRelated news
A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.
Red Hat Security Advisory 2023-3223-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 2.4.0 serves as a replacement for Red Hat AMQ Streams 2.3.0, and includes security and bug fixes, and enhancements. Issues addressed include denial of service, deserialization, information leakage, memory exhaustion, and resource exhaustion vulnerabilities.
Red Hat AMQ Streams 2.4.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects. * CVE-2021-0341: In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used cryp...
Red Hat AMQ Streams 2.2.1 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0833: No description is available for this CVE.