what you don't know can hurt you

Red Hat Security Advisory 2021-0943-01

Red Hat Security Advisory 2021-0943-01
Posted Mar 31, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0943-01 - This release of Red Hat build of Eclipse Vert.x 4.0.3 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-21290, CVE-2021-21295
MD5 | 5bf88be24268af1389deac22cd4f2316

Red Hat Security Advisory 2021-0943-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Red Hat build of Eclipse Vert.x 4.0.3 security update
Advisory ID: RHSA-2021:0943-01
Product: Red Hat OpenShift Application Runtimes
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0943
Issue date: 2021-03-31
CVE Names: CVE-2021-21290 CVE-2021-21295
====================================================================
1. Summary:

An update is now available for Red Hat build of Eclipse Vert.x.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability. For
more information, see the CVE pages listed in the References section.

2. Description:

This release of Red Hat build of Eclipse Vert.x 4.0.3 includes security
updates, bug fixes, and enhancements. For more information, see the release
notes listed in the References section.

Security Fix(es):

* netty: Information disclosure via the local system temporary directory
(CVE-2021-21290)

* netty: possible request smuggling in HTTP/2 due missing validation
(CVE-2021-21295)

For more details about the security issues and their impact, the CVSS
score, acknowledgements, and other related information, see the CVE pages
listed in the References section.

3. Solution:

Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on.

The References section of this erratum contains a download link for the
update. You must be logged in to download the update.

4. Bugs fixed (https://bugzilla.redhat.com/):

1927028 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory
1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation

5. References:

https://access.redhat.com/security/cve/CVE-2021-21290
https://access.redhat.com/security/cve/CVE-2021-21295
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&productÊtRhoar.eclipse.vertx&version=4.0.3
https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/4.0/html/release_notes_for_eclipse_vert.x_4.0/index
https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/4.0/html/eclipse_vert.x_4.0_migration_guide/index

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYGRDR9zjgjWX9erEAQh9IQ//ZWUE0Mj0hVag/gdeQVTB7VGQFbPje2oB
Rl6J7IfOBLNRa/mUN6MP8NezNeNtW/FUk71TwkyoIO1gesFlCdbd02qFnac19JBs
PADuR1kWKQlL6CsS9bhl4c84m3bw8AYqa7FsoOKjeWLcR2T3twafw0+LrL/aaUrd
Kj3l68L5DIZWpQ/o8uCGHxmq5Gz1H6XvYsH6m9w3Jmvq6v5psm7rRofYsj3UgWS2
3Uvc0ICmVAkLK1mc2Fqby23mUt2zMDdDjb0yEOE7UyIYD8MMZmn74SOH0yl/ZRmD
LmcFv8Se6TDEMCBwzVCXKCfE38GIx5Y0PiWpQ6NOmEziDmUFmWaOrHNvs98cgkd+
BKlLo98iBi0878oJpSImV0e5h/MzNi2R0EHUpdI6zWiMV+cqcPLpLr1N5xQqE1Q7
EH169GmOBqvUJxKh07bP8jICeJ3u8GssHwqQL5lQAV97AwVFc3JipIG922QhThMP
acpi3dmOP9F+wIXyIhv61g7ZWohH0edwxVhN+2LxIcNMBGXQtOHvOecyDTTWEcVx
gUJq2D/z4Y6aJPI5XaXrj4c0mtNGBMYqjWsQQdGdqPaFoIXq2UfZiNFIvIC4L/A+
6DTfUy9IIaOcroSu20NVfH7vWi0RDHT8l7aml3zK84kieZAcAuYwo3i8W3U93ZB6
adeqT0ijyKI=aIC7
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

May 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    1 Files
  • 2
    May 2nd
    4 Files
  • 3
    May 3rd
    27 Files
  • 4
    May 4th
    17 Files
  • 5
    May 5th
    3 Files
  • 6
    May 6th
    20 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    0 Files
  • 10
    May 10th
    0 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close