RHSA-2021:0986: Red Hat Security Advisory: AMQ Online 1.7.0 release and security update

An update of the Red Hat OpenShift Container Platform 3.11 and 4.6/4.7 container images is now available for Red Hat AMQ Online. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The release of Red Hat AMQ Online 1.7.0 serves as a replacement for earlier AMQ Online releases, and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Security Fix(es):

• fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise (CVE-2021-20218)
• netty: Information disclosure via the local system temporary directory (CVE-2021-21290)
• netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs:
• CVE-2021-20218: fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise
• CVE-2021-21290: netty: Information disclosure via the local system temporary directory
• CVE-2021-21295: netty: possible request smuggling in HTTP/2 due missing validation