what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2023-4720-01

Red Hat Security Advisory 2023-4720-01
Posted Aug 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4720-01 - Red Hat Middleware for OpenShift provides images for many of the Red Hat Middleware products for use within the OpenShift Container Platform cloud computing Platform-as-a-Service for on-premise or private cloud deployments. This release of the AMQ Broker 7.11.1 aligned Operator includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2023-1667, CVE-2023-2283, CVE-2023-2602, CVE-2023-2603, CVE-2023-26604, CVE-2023-27536, CVE-2023-28321, CVE-2023-28484, CVE-2023-29469, CVE-2023-32681, CVE-2023-34969, CVE-2023-4065, CVE-2023-4066
SHA-256 | a606711b915ef5f8c331cf3b871618a55263fd81b6c844ce00cf23539efaae0a

Red Hat Security Advisory 2023-4720-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: AMQ Broker 7.11.1.OPR.2.GA Container Images Release
Advisory ID: RHSA-2023:4720-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2023:4720
Issue date: 2023-08-23
CVE Names: CVE-2020-24736 CVE-2023-1667 CVE-2023-2283
CVE-2023-2602 CVE-2023-2603 CVE-2023-4065
CVE-2023-4066 CVE-2023-26604 CVE-2023-27536
CVE-2023-28321 CVE-2023-28484 CVE-2023-29469
CVE-2023-32681 CVE-2023-34969
====================================================================
1. Summary:

This is the multiarch release of the AMQ Broker 7.11.1 aligned Operator and
associated container images on Red Hat Enterprise Linux 8 for the OpenShift
Container Platform.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Red Hat Middleware for OpenShift provides images for many of the Red Hat
Middleware products for use within the OpenShift Container Platform cloud
computing Platform-as-a-Service (PaaS) for on-premise or private cloud
deployments.

This release of the AMQ Broker 7.11.1 aligned Operator includes security
and bug fixes, and enhancements. For further information, refer to the
release notes linked to in the References section.

Security Fix(es):

* amq-broker-operator-container: Red Hat AMQ Broker Operator: plaintext
password in operator log (CVE-2023-4065)

* activemq-broker-operator: Red Hat AMQ Broker Operator: Passwords defined
in secrets shown in StatefulSet yaml (CVE-2023-4066)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

For information on supported configurations, see Red Hat AMQ Broker 7
Supported Configurations at https://access.redhat.com/articles/2791941

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2224630 - CVE-2023-4065 Red Hat AMQ Broker Operator: plaintext password in operator log
2224677 - CVE-2023-4066 Red Hat AMQ Broker Operator: Passwords defined in secrets shown in StatefulSet yaml

5. JIRA issues fixed (https://issues.redhat.com/):

ENTMQBR-7804 - Move json dumps for Openshift objects into Debug from INFO loglevel

6. References:

https://access.redhat.com/security/cve/CVE-2020-24736
https://access.redhat.com/security/cve/CVE-2023-1667
https://access.redhat.com/security/cve/CVE-2023-2283
https://access.redhat.com/security/cve/CVE-2023-2602
https://access.redhat.com/security/cve/CVE-2023-2603
https://access.redhat.com/security/cve/CVE-2023-4065
https://access.redhat.com/security/cve/CVE-2023-4066
https://access.redhat.com/security/cve/CVE-2023-26604
https://access.redhat.com/security/cve/CVE-2023-27536
https://access.redhat.com/security/cve/CVE-2023-28321
https://access.redhat.com/security/cve/CVE-2023-28484
https://access.redhat.com/security/cve/CVE-2023-29469
https://access.redhat.com/security/cve/CVE-2023-32681
https://access.redhat.com/security/cve/CVE-2023-34969
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_amq_broker/

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJk5nCIAAoJENzjgjWX9erEpDoP/3aD3YllQ8QZQtrzg0PUfOql
ElVQW456eRzOAuD44axM2ShM2WbkXOxl9z3HcxqpO9iyOvAFTXBnWib6Rjc/OVuZ
5cj/v0AaZ0xJbHzKELpLZqHAMh24B4cVd0PZ41QM9i4bTomSihX+W035U/gnnJuT
CjQvaNY1MoZVUK7J5eIhCurSQtH7jLYi7VXCtkViaTifu0fw63NKKvm3hwm7mmSG
ADWCoyZFl+6VsPmjbFfOCLEjs3/yjsPctFfmAFTEwKZTHZONLzIQCLA0BR3czwU7
9fGD+UNzJ4nobelP7Tjd3IIv+G2WM+u97Da0vS7/3DBSeETYABcpM74ftyoOG1pg
B+wcMxzAid0iWrIbiFZkxg5xatjTs8I3hw3n1/n4hgTbz7vauy5cLJ4963RBAQEh
VQW2A+xh0XUOY9kY/6kHPjx5b6CqfhS9JG2fxRCFPuJGl0uNEzGEztc1yCjt0Yw8
eeLhI6XCkwzcPLiHMpx/7uMMzlk2Kh74DHg4x1h3pYreUbf7ppjY2YoSWuGJlddu
5ehMmtfV+8310htygdIfnt3HyP+nBqir9ptwXf4L5afeNdkIzZCLuy0A6/AaKOUJ
8rfRSmBc+JTessL5+BOMCccQFdf7HDCD4CckGaKjDRWAXUzzpEtXV9/0wryh7mmf
7TDWMk48Klzq3qHxZN7A
=eJ9v
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close