Red Hat Security Advisory: Fuse 7.1 security update
🔗 CVE IDs covered (23)
📋 Description
CVE-2014-0114 — 1: Class Loader manipulation via request parameters CVE-2016-5397 — thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands CVE-2016-1000338 — bouncycastle: DSA does not fully validate ASN.1 encoding during signature verification allowing for injection of unsigned data CVE-2016-1000339 — bouncycastle: Information leak in AESFastEngine class CVE-2016-1000340 — bouncycastle: Carry propagation bug in math.raw.Nat??? class CVE-2016-1000341 — bouncycastle: Information exposure in DSA signature generation via timing attack CVE-2016-1000342 — bouncycastle: ECDSA improper validation of ASN.1 encoding of signature CVE-2016-1000343 — bouncycastle: DSA key pair generator generates a weak private key by default CVE-2016-1000344 — bouncycastle: DHIES implementation allowed the use of ECB mode CVE-2016-1000345 — bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle attack CVE-2016-1000346 — bouncycastle: Other party DH public keys are not fully validated CVE-2016-1000352 — bouncycastle: ECIES implementation allowed the use of ECB mode CVE-2017-14063 — async-http-client: Invalid URL parsing with '?' CVE-2018-1114 — undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service CVE-2018-1271 — spring-framework: Directory traversal vulnerability with static resources on Windows filesystems CVE-2018-1272 — spring-framework: Multipart content pollution CVE-2018-1338 — tika: Infinite loop in BPGParser can allow remote attacker to cause a denial of service CVE-2018-1339 — tika: Infinite loop in ChmParser can allow remote attacker to cause a denial of service CVE-2018-8036 — pdfbox: Infinite loop in AFMParser.java allows for out of memory erros via crafted PDF CVE-2018-8088 — slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution CVE-2018-1000129 — jolokia: Cross site scripting in the HTTP servlet CVE-2018-1000130 — jolokia: JMX proxy mode vulnerable to remote code execution CVE-2018-1000180 — bouncycastle: flaw in the low-level interface to RSA key pair generator
🔗 References (29)
- selfhttps://access.redhat.com/errata/RHSA-2018:2669
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=distributions&version=7.1.0
- externalhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.1/
- externalhttps://access.redhat.com/articles/2939351
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1091938
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1487563
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1544620
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1548909
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1559316
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1559317
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1564408
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1571050
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1572421
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1572424
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1573045
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1588306
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1588313
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1588314
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1588323
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1588327
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1588330
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1588688
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1588695
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1588708
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1588715
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1588721
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1597490
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2669.json