{"id":34577,"date":"2022-12-09T20:08:19","date_gmt":"2022-12-09T17:08:19","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/170170\/RHSA-2022-8902-01.txt"},"modified":"2022-12-11T09:50:25","modified_gmt":"2022-12-11T06:20:25","slug":"red-hat-security-advisory-2022-8902-01","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/red-hat-security-advisory-2022-8902-01\/","title":{"rendered":"Red Hat Security Advisory 2022-8902-01"},"content":{"rendered":"<p>&#8212;&#8211;BEGIN PGP SIGNED MESSAGE&#8212;&#8211;<br \/>\nHash: SHA256<\/p>\n<p>====================================================================<br \/>\nRed Hat Security Advisory<\/p>\n<p>Synopsis: Moderate: Red Hat Camel for Spring Boot 3.18.3 release and security update<br \/>\nAdvisory ID: RHSA-2022:8902-01<br \/>\nProduct: Red Hat Integration<br \/>\nAdvisory URL: https:\/\/access.redhat.com\/errata\/RHSA-2022:8902<br \/>\nIssue date: 2022-12-08<br \/>\nCVE Names: CVE-2022-25897 CVE-2022-31684 CVE-2022-42889<br \/>\n====================================================================<br \/>\n1. Summary:<\/p>\n<p>A minor version update (from 3.14.5 to 3.18.3) is now available for Camel<br \/>\nfor Spring Boot. The purpose of this text-only errata is to inform you<br \/>\nabout the security issues fixed in this release.<\/p>\n<p>Red Hat Product Security has rated this update as having a security impact<br \/>\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which<br \/>\ngives a detailed severity rating, is available for each vulnerability from<br \/>\nthe CVE link(s) in the References section.<\/p>\n<p>2. Description:<\/p>\n<p>This release of Camel for Spring Boot 3.18.3 serves as a replacement for<br \/>\nCamel for Spring Boot 3.14.2 and includes bug fixes and enhancements, which<br \/>\nare documented in the Release Notes document linked in the References.<\/p>\n<p>Security Fix(es):<\/p>\n<p>* commons-text: apache-commons-text: variable interpolation<br \/>\n(CVE-2022-42889)<\/p>\n<p>* org.eclipse.milo-sdk-server: sdk-server: Denial of Service<br \/>\n(CVE-2022-25897)<\/p>\n<p>* reactor-netty-http: Log request headers in some cases of invalid HTTP<br \/>\nrequests (CVE-2022-31684)<\/p>\n<p>For more details about the security issues, including the impact, CVSS<br \/>\nscore, acknowledgments, and other related information, refer to the CVE<br \/>\npage(s) listed in the References section.<\/p>\n<p>3. Solution:<\/p>\n<p>Before applying this update, make sure all previously released errata<br \/>\nrelevant to your system have been applied.<\/p>\n<p>Installation instructions are available from the Camel for Spring Boot<br \/>\n3.18.3 product documentation page.<\/p>\n<p>https:\/\/access.redhat.com\/documentation\/en-us\/red_hat_integration\/2022.q4\/html\/getting_started_with_camel_spring_boot\/index<\/p>\n<p>https:\/\/access.redhat.com\/documentation\/en-us\/red_hat_integration\/2022.q4\/html\/camel_spring_boot_reference\/index<\/p>\n<p>4. Bugs fixed (https:\/\/bugzilla.redhat.com\/):<\/p>\n<p>2135435 &#8211; CVE-2022-42889 apache-commons-text: variable interpolation RCE<br \/>\n2136188 &#8211; CVE-2022-25897 sdk-server: Denial of Service<br \/>\n2141353 &#8211; CVE-2022-31684 reactor-netty-http: Log request headers in some cases of invalid HTTP requests<\/p>\n<p>5. References:<\/p>\n<p>https:\/\/access.redhat.com\/security\/cve\/CVE-2022-25897<br \/>\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-31684<br \/>\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-42889<br \/>\nhttps:\/\/access.redhat.com\/security\/updates\/classification\/#moderate<br \/>\nhttps:\/\/access.redhat.com\/jbossnetwork\/restricted\/listSoftware.html?downloadType=distributions&amp;product=red.hat.integration&amp;version 22-Q4<\/p>\n<p>6. Contact:<\/p>\n<p>The Red Hat security contact is &lt;secalert@redhat.com&gt;. More contact<br \/>\ndetails at https:\/\/access.redhat.com\/security\/team\/contact\/<\/p>\n<p>Copyright 2022 Red Hat, Inc.<br \/>\n&#8212;&#8211;BEGIN PGP SIGNATURE&#8212;&#8211;<br \/>\nVersion: GnuPG v1<\/p>\n<p>iQIVAwUBY5ISGtzjgjWX9erEAQgUiw\/\/Vbl2hAiOE9ePsLSMh2w9RJ0guS6iSayB<br \/>\njpOaib0SMTQCJ6jeohGoNuMSSTrWZuYHlaI4B37U1t1EJajgYYquouqjB+plFElD<br \/>\nKj4VvoisjqIg98uUZJi6Z1cRw25w7rfFkKhiTt9niQ+35WmrYiDXWLYZlhu6cjGW<br \/>\n+oF4yRn36OVKysUYyDyAywgD9K+Ioovk51OmFRcNa+7iQTZwf2q1Pa4OPtkcm2D4<br \/>\nqY4d1JJdHiXDVon3Pq0kkyNiJJBqScavZCmGjv+je78kvElkmi1t0IcXPM\/iI2gQ<br \/>\nreTbrocj9ObjvcnfV40pm48fgFJ30XNl6f5auwz8wbNCgQFQlN0w6GCQElsW4Ng6<br \/>\nP0lPjdGO11GIdgfZHYAJngmrg6L1uhhAVmfGYFo4V1v4zkUoMVjrv0R\/WHVutvVa<br \/>\n8zSF4Meky3J9hwgwV85O7MZEcKw4sBrnA4jkxUHDcyX\/X5RHv9Qv\/7ljrumn5srh<br \/>\nT+XhDhBTf+jJVfwqjcMTKineiROsfgp1xGggDBABHl\/XU\/ywN3WcDHarXcrhcmTp<br \/>\nLZX1xIajFJAaxRNE8KmLSRizSspCWHjGfEa0TuieIkfjg038p1LiofIgCLwbh2kZ<br \/>\nNkWX7t1PmCpU\/Z2Q5\/JYqJMzfLUvLnuktbxK2wA3y5ycq14qB5BpVsoK+lX2mnHy<br \/>\nQEI4OplCv\/A=diKm<br \/>\n&#8212;&#8211;END PGP SIGNATURE&#8212;&#8211;<br \/>\n&#8212;<br \/>\nRHSA-announce mailing list<br \/>\nRHSA-announce@redhat.com<br \/>\nhttps:\/\/listman.redhat.com\/mailman\/listinfo\/rhsa-announce<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8212;&#8211;BEGIN PGP SIGNED MESSAGE&#8212;&#8211; Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Camel for Spring Boot 3.18.3 release and security update Advisory ID: RHSA-2022:8902-01 Product: Red Hat Integration Advisory URL: https:\/\/access.redhat.com\/errata\/RHSA-2022:8902 Issue date: 2022-12-08 CVE Names: CVE-2022-25897 CVE-2022-31684 CVE-2022-42889 ==================================================================== 1. Summary: A minor version update (from 3.14.5 to 3.18.3) is now &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-34577","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/34577","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=34577"}],"version-history":[{"count":1,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/34577\/revisions"}],"predecessor-version":[{"id":34631,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/34577\/revisions\/34631"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=34577"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=34577"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=34577"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}