RedHat: RHSA-2023-1177:01 Important: Red Hat Integration Camel Extension
Summary
A security update for Red Hat Integration Camel Extensions for Quarkus
2.7-1 is now available.
Security Fix(es):
* xstream: Denial of Service by injecting recursive collections or maps
based on element's hash values raising a stack overflow (CVE-2022-41966)
* postgresql-jdbc: Information leak of prepared statement data due to
insecure temporary file permissions (CVE-2022-41946)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Summary
Solution
Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on.
The References section of this erratum contains a download link (you must
log in to download the update).
References
https://access.redhat.com/security/cve/CVE-2022-41946 https://access.redhat.com/security/cve/CVE-2022-41966 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q1 https://access.redhat.com/documentation/en-us/red_hat_integration/2023.q1
Package List
Topic
Red Hat Integration Camel Extensions for Quarkus 2.7-1 release and securityupdate is now available. The purpose of this text-only errata is to informyou about the security issues fixed.Red Hat Product Security has rated this update as having an impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Bugs Fixed
2153399 - CVE-2022-41946 postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions
2170431 - CVE-2022-41966 xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow