RHSA-2021:1401: Red Hat Security Advisory: Red Hat Fuse 7.8.1 patch release and security update

A micro version update (from 7.8.0 to 7.8.1) is now available for Red Hat Fuse on Karaf and Red Hat Fuse on Spring Boot 2. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This release of Red Hat Fuse 7.8.1 serves as a patch to Red Hat Fuse on Karaf and Red Hat Fuse on Spring Boot 2 (7.8.0), and includes security fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es):

• bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible - Karaf (CVE-2020-28052)
• bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible - Spring Boot 2 (CVE-2020-28052) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs:
• CVE-2020-15522: bouncycastle: Timing issue within the EC math library
• CVE-2020-28052: bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible