Published on September 15th, 2023 📆 | 4198 Views ⚑0
Red Hat Security Advisory 2023-5147-01 – Torchsec
Red Hat Security Advisory
Synopsis: Important: Red Hat Integration Camel for Spring Boot 18.104.22.168 release and security update
Advisory ID: RHSA-2023:5147-01
Product: Red Hat Integration
Advisory URL: https://access.redhat.com/errata/RHSA-2023:5147
Issue date: 2023-09-13
CVE Names: CVE-2021-46877 CVE-2023-20873 CVE-2023-33201
Red Hat Integration Camel for Spring Boot 22.214.171.124 release and security
update is now available. The purpose of this text-only errata is to inform
you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having an impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
A security update for Camel for Spring Boot 126.96.36.199 is now available. The
purpose of this text-only errata is to inform you about the security issues
fixed in this release.
* spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud
* jackson-databind: Possible DoS if using JDK serialization to serialize
* bouncycastle: potential blind LDAP injection attack using a self-signed
* snappy-java: Unchecked chunk length leads to DoS (CVE-2023-34455)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
4. Bugs fixed (https://bugzilla.redhat.com/):
2185707 - CVE-2021-46877 jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode
2215445 - CVE-2023-34455 snappy-java: Unchecked chunk length leads to DoS
2215465 - CVE-2023-33201 bouncycastle: potential blind LDAP injection attack using a self-signed certificate
2231491 - CVE-2023-20873 spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud Foundry
The Red Hat security contact is
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----
RHSA-announce mailing list