exploit the possibilities

Red Hat Security Advisory 2021-1401-01

Red Hat Security Advisory 2021-1401-01
Posted Apr 27, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1401-01 - This release of Red Hat Fuse 7.8.1 serves as a patch to Red Hat Fuse on Karaf and Red Hat Fuse on Spring Boot 2, and includes security fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2020-28052
MD5 | e41b4b3198bba1c32ce115c98a402373

Red Hat Security Advisory 2021-1401-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Red Hat Fuse 7.8.1 patch release and security update
Advisory ID: RHSA-2021:1401-01
Product: Red Hat JBoss Fuse
Advisory URL: https://access.redhat.com/errata/RHSA-2021:1401
Issue date: 2021-04-27
CVE Names: CVE-2020-28052
=====================================================================

1. Summary:

A micro version update (from 7.8.0 to 7.8.1) is now available for Red Hat
Fuse on Karaf and Red Hat Fuse on Spring Boot 2. The purpose of this
text-only errata is to inform you about the security issues fixed in this
release.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

This release of Red Hat Fuse 7.8.1 serves as a patch to Red Hat Fuse on
Karaf and Red Hat Fuse on Spring Boot 2 (7.8.0), and includes security
fixes, which are documented in the Release Notes document linked to in the
References.

Security Fix(es):

* bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility
possible - Karaf (CVE-2020-28052)

* bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility
possible - Spring Boot 2 (CVE-2020-28052)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on.

Installation instructions are available from the Fuse 7.8.0 product
documentation page:

https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/install
ing_on_apache_karaf/apply-hotfix-patch

https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/deployi
ng_into_spring_boot/patch-red-hat-fuse-applications

4. Bugs fixed (https://bugzilla.redhat.com/):

1912881 - CVE-2020-28052 bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible

5. References:

https://access.redhat.com/security/cve/CVE-2020-28052
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/installing_on_apache_karaf/apply-hotfix-patch
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/deploying_into_spring_boot/patch-red-hat-fuse-applications
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=distributions&version=7.8.0

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYIfQDtzjgjWX9erEAQgs8g/8D1JzNDrU9s8NIDGecM17U83tb62pdeHi
2WzKUFsG5cebZV1UpvIF0oeoIwAzwSROw9/TRzi5tzeibPEPVdW94DO9qApRNSsS
TdNxAAuPxkQkx6DoUOPxqw/vDC9oI0jGILL/wGKRX39kKEhtknghSq/5nZrjkP9v
3Y+6c+eKwgEJWQRn93NPaKa3kc18laFSmGp+gKppzafAh6h3LYZwFtCJs9sn0Lbx
pEEujMp1hibg9uAE7EWzw0dbyjNgg3befA56V5DtusvkE+MrbyDtbm4rGxyEUTUg
CrXxcl93ErngWgscIVcjDOPU2KKuvaamjisk0UvcYLDNXlL7aMjqobyPBgi4BO8F
iPLuWcJLjkfEbLatNuz48tWjhUkk3httU3521AIt4SUgW2daR0lyEqx6aHY5K2hX
apW0wsfnpaTSDOn+PFCnBI6lvhxR9YUgiAphcmhNUJWDrOu1t8wesP4iBsfwj3mf
rZFZlWAF02PV09I448NhDQwxnoSopj5S9MH+KQeipGeH1mpxP+HJSqTAABHm+sxO
bowQGVUdq/b1q8Dl2AU6/f9uyKygWNzWnYRJsQNb5POjauZVdVylF4mv0wcZiD1y
slOPltC+Qg7aJTInhJfwvQURDZON3A3qVk57dM+wOFNxnqEEVbCbvKT2Pi5S4ZW7
kMEDdFVBaGc=
=1BzY
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

May 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    1 Files
  • 2
    May 2nd
    4 Files
  • 3
    May 3rd
    27 Files
  • 4
    May 4th
    17 Files
  • 5
    May 5th
    3 Files
  • 6
    May 6th
    32 Files
  • 7
    May 7th
    11 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    0 Files
  • 10
    May 10th
    0 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close