Red Hat Security Data

An update for exiv2 is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Exiv2 is a C++ library to access image metadata, supporting read and write access to the Exif, IPTC and XMP metadata, Exif MakerNote support, extract and delete methods for Exif thumbnails, classes to access Ifd, and support for various image formats. Security Fix(es): * exiv2: Heap-based buffer overflow vulnerability in jp2image.cpp (CVE-2021-31291) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs: * CVE-2021-31291: exiv2: Heap-based buffer overflow vulnerability in jp2image.cp...

An update for exiv2 is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Exiv2 is a C++ library to access image metadata, supporting read and write access to the Exif, IPTC and XMP metadata, Exif MakerNote support, extract and delete methods for Exif thumbnails, classes to access Ifd, and support for various image formats. Security Fix(es): * exiv2: Heap-based buffer overflow vulnerability in jp2image.cpp (CVE-2021-31291) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs: * CVE-2021-31291: exiv2: Heap-based buffer overflow vulnerability in jp2image.cp...

An update is now available for Red Hat OpenShift Jaeger 1.20. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Red Hat OpenShift Jaeger is Red Hat's distribution of the Jaeger project, tailored for installation into an on-premise OpenShift Container Platform installation. Security Fix(es): * golang: net: lookup functions may return invalid host names (CVE-2021-33195) * golang: archive/zip: Malformed archive may cause panic or memory exhaustion (CVE-2021-33196) * golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197) * golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198) * golang: crypto/tls: certificate of wrong type is causing TLS client to ...

Red Hat AMQ Streams 1.8.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 1.8.0 serves as a replacement for Red Hat AMQ Streams 1.7.0, and includes security and bug fixes, and enhancements. Security Fix(es): * snakeyaml: Billion laughs attack via alias feature (CVE-2017-18640) * netty: Information disclosure via the local system temporary directory (CVE-2021-21290) * netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295) * netty: Request smuggling via ...

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7 and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7 and 8. Security Fix(es): * undertow: buffer leak on incoming websocket PONG message may lead to DoS (CVE-2021-3690) For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section. Related CVEs: * CVE-2021-3690: undertow: buffer leak on incoming ...

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6, 7, and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6, 7, and 8. Security Fix(es): * undertow: buffer leak on incoming websocket PONG message may lead to DoS (CVE-2021-3690) For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section. Related CVEs: * CVE-2021-3690: undertow: buffer leak on i...

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4. Security Fix(es): * undertow: buffer leak on incoming websocket PONG message may lead to DoS (CVE-2021-3690) For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section. Related CVEs: * CVE-2021-3690: undertow: buffer leak on incoming websocket PONG message may lead to DoS

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3. Security Fix(es): * undertow: buffer leak on incoming websocket PONG message may lead to DoS (CVE-2021-3690) For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section. Related CVEs: * CVE-2021-3690: undertow: buffer leak on incoming websocket PONG message may lead to DoS

An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE pages listed in the References section.This release of Red Hat build of Eclipse Vert.x 4.1.2 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section. Security Fix(es): * jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491) For more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section. Related CVEs: * CVE-2020-28491: jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryE...

An update to the Red Hat Integration Camel Quarkus tech preview is now available. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This release of Red Hat Integration - Camel Quarkus - 1.8.1 tech-preview 2 serves as a replacement for tech-preview 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * cron-utils: template injection allows attackers to inject arbitrary Java EL expressions leading to remote code execution (CVE-2020-26238) * californium-core: DTLS - DoS vulnerability for certificate based handshakes (CVE-2020-27222) * undertow: special character in query results in serv...