exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2022-0083-03

Red Hat Security Advisory 2022-0083-03
Posted Jan 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0083-03 - This release of Red Hat build of Eclipse Vert.x 4.1.8 GA includes security updates. For more information, see the release notes listed in the References section. Issues addressed include code execution and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-44832, CVE-2021-45046, CVE-2021-45105
SHA-256 | 24d4e3d0f6f554caca41028699284d0f12ccf8d2788aba8df711c0ae434e4e18

Red Hat Security Advisory 2022-0083-03

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Red Hat build of Eclipse Vert.x 4.1.8 security update
Advisory ID: RHSA-2022:0083-01
Product: Red Hat OpenShift Application Runtimes
Advisory URL: https://access.redhat.com/errata/RHSA-2022:0083
Issue date: 2022-01-20
CVE Names: CVE-2021-44832 CVE-2021-45046 CVE-2021-45105
====================================================================
1. Summary:

An update is now available for Red Hat build of Eclipse Vert.x.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability. For
more information, see the CVE pages listed in the References section.

2. Description:

This release of Red Hat build of Eclipse Vert.x 4.1.8 GA includes security
updates. For more information, see the release notes listed in the
References section.

Security Fix(es):

* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)

* log4j-core: DoS in log4j 2.x with thread context message pattern and
context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)

* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data
contains a recursive lookup and context lookup pattern (CVE-2021-45105)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on.

The References section of this erratum contains a download link for the
update. You must be logged in to download the update.

4. Bugs fixed (https://bugzilla.redhat.com/):

2032580 - CVE-2021-45046 log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)
2034067 - CVE-2021-45105 log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern
2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender

5. References:

https://access.redhat.com/security/cve/CVE-2021-44832
https://access.redhat.com/security/cve/CVE-2021-45046
https://access.redhat.com/security/cve/CVE-2021-45105
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&productÊtRhoar.eclipse.vertx&version=4.1.8
https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/4.1/html/release_notes_for_eclipse_vert.x_4.1/index

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYemZRNzjgjWX9erEAQg3kg//TMRnMbFneaojfw2Cav3ewH7CQEqai/UQ
4nb5leVBZUlkoGk302d1Xlmjc8oYeyRHP2w95PuWfSqxpU5GhOabUjlJzul1Um34
Y0QaFhBI7xuAk28szn7JKoB6yZ6UAgB/vmYYo0YdlphtInAwnp3Vipb/3vgzXJUH
eaFAkTvEMc4h0gcyLO98Krr/4u87+YJyY2wbWSpRDoQpQUcnDzGNqessOp6NMSsS
mo0SHcFVYLXqsM9/cHaQyhIfTlF5JDApe0DO5y1zE60B1tYJyU34fgoRprFs5ybv
f4Enn/qVWfmx2PCdEwOdKvjf2jQzVplqbPQwxILMRN2f3+y7OBNNWPB16kTskP3u
jYUXZd6AN+YdJBzpBw23TFDmtSbGn9A3jTOWz1uACu3vYxNPSzDYIkOgD0hYfNIb
dZntht5p3WgkBQ0Xkgd0At2UXwc70eJ2uH51Ck/bosH46MuKzVSeCoAsCCEXRMTm
vGsfK5EV8Es5ltzsw1Im+3DZ8QcBNN7SUWidrJa9d6U9F0pzZVe1co4D12Xchapv
bxQp0QeWHIgFNBQA8vQk6SZsdJH3THzHi0GUzLvSMED02MsfAd7HQhyndu/b9vs6
s2OIgauHd09+Siw1twydZUg1eEbeNctFUW2pi2LRggCY4cqLA0j4l0q0zQnKCdw3
73/w3ORRBdI=mx2F
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close