what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2024-9571-03

Red Hat Security Advisory 2024-9571-03
Posted Nov 14, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-9571-03 - Streams for Apache Kafka 2.8.0 is now available from the Red Hat Customer Portal. Issues addressed include denial of service and man-in-the-middle vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2024-7254
SHA-256 | 6ec7ebcb8c72e1758d3d8172c33021e5842d8d74c7fd352dcc4cc4dae4cafaa3
Download | Favorite | View

Red Hat Security Advisory 2024-9571-03

Change Mirror Download


The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9571.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff




====================================================================
Red Hat Security Advisory

Synopsis:           Moderate: Streams for Apache Kafka 2.8.0 release and security update
Advisory ID:        RHSA-2024:9571-03
Product:            Streams for Apache Kafka
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:9571
Issue date:         2024-11-13
Revision:           03
CVE Names:          CVE-2024-7254
====================================================================

Summary: 

Streams for Apache Kafka 2.8.0 is now available from the Red Hat Customer Portal.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.




Description:

Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributed
backbone that allows microservices and other applications to share data with
extremely high throughput and extremely low latency.

This release of Red Hat AMQ Streams 2.8.0 serves as a replacement for Red Hat
AMQ Streams 2.7.0, and includes security and bug fixes, and enhancements.

Security Fix(es):
* Zookeeper, Kafka, Cruise Control: org.eclipse.jetty/jetty-server: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks [amq-st-2] 
\"(CVE-2024-8184)\"

* Zookeeper, Kafka : org.eclipse.jetty/jetty-servlets: Jetty DOS vulnerability on DosFilter [amq-st-2] \"(CVE-2024-9823)\"

* Zookeeper, Kafka, Drain Cleaner, Cruise Control: Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader \"(CVE-2024-47554)\"

* Kafka: (com.google.protobuf:protobuf-java@3.23.4). Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users \"(CVE-2024-7254)\"

\"Drain Cleaner: Awaiting Analysis(CVE-2024-29025)\"

* Kroxylicoius: When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perform a Man-in-the-Middle attack or compromise any external systems, such as DNS or network routing configuration. \"(CVE-2024-8285)\"


Solution:

https://access.redhat.com/articles/11258



CVEs:

CVE-2024-7254

References:

https://access.redhat.com/security/updates/classification/#moderate
https://bugzilla.redhat.com/show_bug.cgi?id=2272907
https://bugzilla.redhat.com/show_bug.cgi?id=2308606
https://bugzilla.redhat.com/show_bug.cgi?id=2313454
https://bugzilla.redhat.com/show_bug.cgi?id=2316271
https://bugzilla.redhat.com/show_bug.cgi?id=2318564
https://bugzilla.redhat.com/show_bug.cgi?id=2318565
https://issues.redhat.com/browse/ASUI-91
https://issues.redhat.com/browse/ENTMQST-2632
https://issues.redhat.com/browse/ENTMQST-3288
https://issues.redhat.com/browse/ENTMQST-4019
https://issues.redhat.com/browse/ENTMQST-5199
https://issues.redhat.com/browse/ENTMQST-5669
https://issues.redhat.com/browse/ENTMQST-5674
https://issues.redhat.com/browse/ENTMQST-5740
https://issues.redhat.com/browse/ENTMQST-5789
https://issues.redhat.com/browse/ENTMQST-5843
https://issues.redhat.com/browse/ENTMQST-5850
https://issues.redhat.com/browse/ENTMQST-5863
https://issues.redhat.com/browse/ENTMQST-5865
https://issues.redhat.com/browse/ENTMQST-5915
https://issues.redhat.com/browse/ENTMQST-6028
https://issues.redhat.com/browse/ENTMQST-6032
https://issues.redhat.com/browse/ENTMQST-6129
https://issues.redhat.com/browse/ENTMQST-6183
https://issues.redhat.com/browse/ENTMQST-6205
https://issues.redhat.com/browse/ENTMQST-6225
https://issues.redhat.com/browse/ENTMQST-6341
https://issues.redhat.com/browse/ENTMQST-6421
https://issues.redhat.com/browse/ENTMQST-6422
https://issues.redhat.com/browse/ENTMQSTPR-43

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close