Red Hat Security Advisory: Red Hat AMQ Streams 2.5.0 release and security update
🔗 CVE IDs covered (15)
📋 Description
CVE-2021-37136 — netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data CVE-2021-37137 — netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way CVE-2022-1471 — SnakeYaml: Constructor Deserialization Remote Code Execution CVE-2022-24823 — netty: world readable temporary file containing sensitive data CVE-2022-36944 — scala: deserialization gadget chain CVE-2023-0482 — RESTEasy: creation of insecure temp files CVE-2023-2976 — guava: insecure temporary directory creation CVE-2023-3635 — okio: GzipSource class improper exception handling CVE-2023-26048 — jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() CVE-2023-26049 — jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies CVE-2023-33201 — bouncycastle: potential blind LDAP injection attack using a self-signed certificate CVE-2023-34453 — snappy-java: Integer overflow in shuffle leads to DoS CVE-2023-34454 — snappy-java: Integer overflow in compress leads to DoS CVE-2023-34455 — snappy-java: Unchecked chunk length leads to DoS CVE-2023-34462 — netty: SniHandler 16MB allocation leads to OOM
🔗 References (21)
- selfhttps://access.redhat.com/errata/RHSA-2023:5165
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.streams&version=2.5.0
- externalhttps://access.redhat.com/documentation/en-us/red_hat_amq_streams/2.5
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2004133
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2004135
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2087186
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2129809
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2150009
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2166004
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2215229
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2215393
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2215394
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2215445
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2215465
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2216888
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2229295
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2236340
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2236341
- externalhttps://issues.redhat.com/browse/ENTMQST-5081
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5165.json