Red Hat Security Advisory 2022-6292-01

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256====================================================================                   Red Hat Security AdvisorySynopsis:          Important: Red Hat AMQ Broker 7.8.7 release and security updateAdvisory ID:       RHSA-2022:6292-01Product:           Red Hat JBoss AMQAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:6292Issue date:        2022-09-01CVE Names:         CVE-2022-35278====================================================================1. Summary:Red Hat AMQ Broker 7.8.7 is now available from the Red Hat Customer Portal.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.2. Description:AMQ Broker is a high-performance messaging implementation based on ActiveMQArtemis. It uses an asynchronous journal for fast message persistence, andsupports multiple languages, protocols, and platforms.This release of Red Hat AMQ Broker 7.8.7 serves as a replacement for RedHat AMQ Broker 7.8.6, and includes security and bug fixes, andenhancements. For further information, refer to the release notes linked toin the References section.Security Fix(es):* artemis-plugin: activemq-artemis: AMQ Broker web console HTML Injection(CVE-2022-35278)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVEpage(s) listed in the References section.3. Solution:Before applying the update, back up your existing installation, includingall applications, configuration files, databases and database settings, andso on.The References section of this erratum contains a download link (you mustlog in to download the update).4. Bugs fixed (https://bugzilla.redhat.com/):2109805 - CVE-2022-35278 activemq-artemis: AMQ Broker web console HTML Injection5. References:https://access.redhat.com/security/cve/CVE-2022-35278https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.8.7https://access.redhat.com/documentation/en-us/red_hat_amq/6. Contact:The Red Hat security contact is <[email protected]>. More contactdetails at https://access.redhat.com/security/team/contact/Copyright 2022 Red Hat, Inc.-----BEGIN PGP SIGNATURE-----Version: GnuPG v1iQIVAwUBYxCI3NzjgjWX9erEAQhXPQ//evF+wS+qIbMzTyHsDPwN9HUHkEsqe0ZfyS6InsjK8VPVDNx96Q0OthS6A/qCYaHFCPZCZvaBYuj8KT2odH1VqRTT9wLa9y/f0hFvqMtUDmCu7IBMhwmUkzRH/TlM6LAxzlvUhkuSEIXCIIaFE+Rif+zcF4qYbnZVAvXzSIP1f2HGOXgVgxgoYR0zI0wldCwq+29w4+BJGcjGd2mk5Fwsc2KeBY0PAYCHPFtkPnnV1LkFMzPHrFwYHC8GwtO5kUBpUlOb4Abd82hXIRH5zJVOLUWyjA4OdU6bhkbmkcyABoUzNRVfTt3TOwZ7F7eCAj9Kleke9S0+5H3a5rPY4pOOUXodRaAZjkhLh4twQIkvtgqeidA7cVbbCRDcIJDuJb+cWxrlxdAYh1OWBavlyGaIvK6vdL5dv57AT6diUX49udNsC77ncSmCySt1kt+tGNxEhmPYBSeqUsjaap8ikuABr7qoqoxKLcQSrq2O9sYMICg71C7CnKyyJJB6FUa7uh+kq670h/+aDGK8MExiGUEdMQeNSfWYd0MOPJ6TtyApkyR12EqP+DhBLpy4JM173DDNACpduMFp4pBtskpaWL0lRfa5N4tS3G8YKW2iR/MEQFKfPYy673S/bgMy3mW+cn84FrbAhXWVbOG9/4rKzAhJWE1/FiseOajUxb10bkQYL7E=Q4jI-----END PGP SIGNATURE-------RHSA-announce mailing [email protected]://listman.redhat.com/mailman/listinfo/rhsa-announce