-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Critical: Red Hat build of Eclipse Vert.x 4.1.5 SP1 security update
Advisory ID:       RHSA-2021:5093-01
Product:           Red Hat OpenShift Application Runtimes
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:5093
Issue date:        2021-12-14
CVE Names:         CVE-2021-44228 
====================================================================
1. Summary:

An update is now available for Red Hat build of Eclipse Vert.x.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability. For
more information, see the CVE pages listed in the References section.

2. Description:

This release of Red Hat build of Eclipse Vert.x 4.1.5 SP1 includes security
updates. For more information, see the release notes listed in the
References section.

Security Fix(es):

* log4j-core: Remote code execution in Log4j 2.x when logs contain an
attacker-controlled string value (CVE-2021-44228)

For more details about the security issues and their impact, the CVSS
score, acknowledgements, and other related information, see the CVE pages
listed in the References section.

3. Solution:

Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on.

The References section of this erratum contains a download link for the
update. You must be logged in to download the update.

4. Bugs fixed (https://bugzilla.redhat.com/):

2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value

5. References:

https://access.redhat.com/security/cve/CVE-2021-44228
https://access.redhat.com/security/updates/classification/#critical
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=catRhoar.eclipse.vertx&version=4.1.5.SP1
https://access.redhat.com/security/vulnerabilities/RHSB-2021-009
https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/4.1/html/release_notes_for_eclipse_vert.x_4.1/index

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYbj1DdzjgjWX9erEAQhxyA/8DjakF9qQUEpnpBiM22WJ7YmI0NTZ0pwh
6pIex/TSODetn5yq5CWBV0Y5jm7UiIkpECSiSakJHprnLZyXZ522bmtyRVnagnfk
7V+hUbVr9J/PbQ4PJEpLH6mrcNTgwW29itCuQAdBJ7a3oD/cm4MOcP3QpJffVtwR
t0/Ke01AHRY6A+C3r711hTn0qtVFVXrV8qxL2+poWZZC6eVuJXb8MNgI0D2vbrWb
OLYDYDjppSAi4LO9bHW1CNENywCFHQbaPPoMeq4tyHeiwM83UmiARHzRjRXu6twI
A9KBktWwqXR5DB2UL1ei967y0rcNLDcAGml9J5quqy9ibHkgpVPuSLT3PXuSbC+A
OGof+p3wjqjbdxRIslxaQOT/xnRCFpHetMtEIfC5335i+8gDsWMiIJxH9AyrlTxF
nXasFv9NIjewmU1F6QnRBLcZi7Zq7PUWQ4knFBoNOWRnew2F8R464RzR5VS/oliy
m0UUoRFHQaLkXD7G6vKha68tIDPsk2cHaZG66gplHyvKBc3gNPDIOsk+zinQTBx/
yoBiqyDnSAAYUGUU4g7+/Hrqmv490k3/z+aaxpU8LIXeNdrlDkecpa5IFKHwDXD/
+TFJHH93Q8zJ8XiFGR8IjLjtz6HcHNwW3MqJW25u6S7gq8qGZCIvlAmsLJfcX5V9
Vms+hKYLCSU=nW2M
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com

RedHat: RHSA-2021-5093:03 Critical: Red Hat build of Eclipse Vert.x 4.1.5

An update is now available for Red Hat build of Eclipse Vert.x

Summary

This release of Red Hat build of Eclipse Vert.x 4.1.5 SP1 includes security updates. For more information, see the release notes listed in the References section.
Security Fix(es):
* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)
For more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section.



Summary


Solution

Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.

References

https://access.redhat.com/security/cve/CVE-2021-44228 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=catRhoar.eclipse.vertx&version=4.1.5.SP1 https://access.redhat.com/security/vulnerabilities/RHSB-2021-009 https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/4.1/html/release_notes_for_eclipse_vert.x_4.1/index

Package List


Severity
Advisory ID: RHSA-2021:5093-01
Product: Red Hat OpenShift Application Runtimes
Advisory URL: https://access.redhat.com/errata/RHSA-2021:5093
Issued Date: : 2021-12-14
CVE Names: CVE-2021-44228

Topic

An update is now available for Red Hat build of Eclipse Vert.x.Red Hat Product Security has rated this update as having a security impactof Critical. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability. Formore information, see the CVE pages listed in the References section.


Topic


 

Relevant Releases Architectures


Bugs Fixed

2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value


Related News

Parrot OS 6.3: Elevating Security with Enhanced Features & Tools
3 - 5 min read
Parrot OS 6.3 has just arrived , bringing crucial updates that security admins should note. This latest version of the popular secure Linux
Linux Kernel 6.14 Released: Top Security Features You Need to Know
3 - 6 min read
With the release of Linux kernel 6.14 , admins and Linux users have many new features and enhancements to look forward to - especially in the realm
Don
2 - 4 min read
Google recently issued a crucial Chrome update that those using a version of the browser prior to version 132.0.6834.110 should implement
Intel Brings Next-Level Security to Linux with Partner Security Engine
3 - 6 min read
Intel recently introduced a game-changer in hardware security with its new Partner Security Engine integrated into the Core Ultra Series 2. This
A Tiny Linux Kernel Tweak with Massive Implications for Datacenter Efficiency
3 - 6 min read
In a groundbreaking development, security researchers have introduced a small but mighty tweak to the Linux kernel that promises to cut data center
Best Practices for Securing Linux Systems Against Malicious Bots
3 - 6 min read
Linux systems have long been an indispensable asset to businesses and individuals alike. From running servers and cloud infrastructure to powering
Securing Open-Source Projects with Automated Testing on Linux
4 - 7 min read
Open-source project security testing focuses on many components, ensuring there are no safety vulnerabilities. These components include physical
KaOS Linux 2025.01: Merging Security with Practicality
3 - 6 min read
As the realm of Linux distribution expands, security admins find themselves faced with choosing a system that fits operational needs and upholds

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved