exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2021-3207-01

Red Hat Security Advisory 2021-3207-01
Posted Aug 18, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3207-01 - This release of Red Hat Integration - Camel Quarkus - 1.8.1 tech-preview 2 serves as a replacement for tech-preview 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, denial of service, information leakage, man-in-the-middle, and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-13920, CVE-2020-17518, CVE-2020-17521, CVE-2020-26238, CVE-2020-27222, CVE-2020-27782, CVE-2020-29582, CVE-2021-20218
SHA-256 | 45c967c8a201b1f39d4acd990e209ab0096988439ff4cec5216e3227f4f3dc4b

Red Hat Security Advisory 2021-3207-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Red Hat Integration Camel Quarkus Tech-Preview 2 security update
Advisory ID: RHSA-2021:3207-01
Product: Red Hat Integration
Advisory URL: https://access.redhat.com/errata/RHSA-2021:3207
Issue date: 2021-08-18
CVE Names: CVE-2020-13920 CVE-2020-17518 CVE-2020-17521
CVE-2020-26238 CVE-2020-27222 CVE-2020-27782
CVE-2020-29582 CVE-2021-20218
=====================================================================

1. Summary:

An update to the Red Hat Integration Camel Quarkus tech preview is now
available. The purpose of this text-only errata is to inform you about the
security issues fixed in this release.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

This release of Red Hat Integration - Camel Quarkus - 1.8.1 tech-preview 2
serves as a replacement for tech-preview 1, and includes bug fixes and
enhancements, which are documented in the Release Notes document linked to
in the References.

Security Fix(es):

* cron-utils: template injection allows attackers to inject arbitrary Java
EL expressions leading to remote code execution (CVE-2020-26238)

* californium-core: DTLS - DoS vulnerability for certificate based
handshakes (CVE-2020-27222)

* undertow: special character in query results in server errors
(CVE-2020-27782)

* activemq: improper authentication allows MITM attack (CVE-2020-13920)

* flink: apache-flink: directory traversal attack allows remote file
writing through the REST API (CVE-2020-17518)

* groovy: OS temporary directory leads to information disclosure
(CVE-2020-17521)

* kubernetes-client: fabric8-kubernetes-client: vulnerable to a path
traversal leading to integrity and availability compromise (CVE-2021-20218)

* kotlin-scripting-jvm: kotlin: vulnerable Java API was used for temporary
file and folder creation which could result in information disclosure
(CVE-2020-29582)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

1880101 - CVE-2020-13920 activemq: improper authentication allows MITM attack
1901304 - CVE-2020-27782 undertow: special character in query results in server errors
1901655 - CVE-2020-26238 cron-utils: template injection allows attackers to inject arbitrary Java EL expressions leading to remote code execution
1913312 - CVE-2020-17518 apache-flink: directory traversal attack allows remote file writing through the REST API
1922123 - CVE-2020-17521 groovy: OS temporary directory leads to information disclosure
1923405 - CVE-2021-20218 fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise
1930230 - CVE-2020-27222 californium-core: DTLS - DoS vulnerability for certificate based handshakes
1930291 - CVE-2020-29582 kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure

5. References:

https://access.redhat.com/security/cve/CVE-2020-13920
https://access.redhat.com/security/cve/CVE-2020-17518
https://access.redhat.com/security/cve/CVE-2020-17521
https://access.redhat.com/security/cve/CVE-2020-26238
https://access.redhat.com/security/cve/CVE-2020-27222
https://access.redhat.com/security/cve/CVE-2020-27782
https://access.redhat.com/security/cve/CVE-2020-29582
https://access.redhat.com/security/cve/CVE-2021-20218
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_integration/2021.q3/html-single/getting_started_with_camel_quarkus_extensions/
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2021-Q3

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYRzY99zjgjWX9erEAQgMhBAApCbodP6PTQTrPhyuwqnvBg/g+tUJj374
68yM9vDZCtUFhg4d8NQetIHLV8UB0VVToZOP20qdW13WL2zihJ2boB4ICA7EqzGF
IKyqYDwWgA2nWxs27L3tLAvjZzLdgyAvxvkP5+NdZZr14NU+Kh2jK6XrYNPSsSnd
EZL14HtXRUSScTZEx/hJbIBjF4tBqVIYj5PO56qXFHj0iyvWPWCIfDYAm690lOXs
7vX44B1saVkLg9aanxTXmpoai0eN8ABRUXWcpxVLdmJguKptr1cL70CRXdNadnk6
SYjZ1sqhJbW6QgyXI8HyywNpFicWH4+rPwd8QtIyFqdVysL5dp+KAdYhsRHT2No5
/RV0YLGDUM+dEpYxKzHAkrnIbencpuebUgfe/FG2PmcfS7lGzc4SCA2sgdbwcVpx
E2vFW5GHIPRy4//hZvMAF1NSYl3Sg0iHpkV26jd/6DO6knt3Jv1pox3iOnOj4Tdt
zHRvj0Lv8NzLlIffTXp6CbPqZfnoQln32vwUFqyOaRp7wygLTJTXoOzmkhkExo0Q
rOeQhFT/bXWBPRygRcPB5VueWGF2msV3g8tk0QjDWve8btYmX0NJz78QeqpEggLT
E5b74YktBGPgYeKG2LB62zJdGDtab8397HtpnRp5QLuAXBieemb4Dw+9F80warrd
BFInpl8U+m8=
=cI6f
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close