exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2023-5396-01

Red Hat Security Advisory 2023-5396-01
Posted Sep 28, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5396-01 - Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 8.4.4 replaces Data Grid 8.4.3 and includes bug fixes and enhancements. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-45047, CVE-2023-34462, CVE-2023-35116, CVE-2023-35887, CVE-2023-3628, CVE-2023-3629, CVE-2023-5236
SHA-256 | 5388c15c1be8ba9a9c861d5cffb8e69e29258e619854a33049b6445639365da7

Red Hat Security Advisory 2023-5396-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Red Hat Data Grid 8.4.4 security update
Advisory ID: RHSA-2023:5396-01
Product: Red Hat JBoss Data Grid
Advisory URL: https://access.redhat.com/errata/RHSA-2023:5396
Issue date: 2023-09-28
CVE Names: CVE-2022-45047 CVE-2023-3628 CVE-2023-3629
CVE-2023-5236 CVE-2023-34462 CVE-2023-35116
CVE-2023-35887
=====================================================================

1. Summary:

An update for Red Hat Data Grid 8 is now available.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution.
It increases application response times and allows for dramatically
improving performance while providing availability, reliability, and
elastic scale.

Data Grid 8.4.4 replaces Data Grid 8.4.3 and includes bug fixes and
enhancements. Find out more about Data Grid 8.4.4 in the Release Notes[3].

Security Fix(es):

* infispan: REST bulk ops don't check permissions (CVE-2023-3628)

* infinispan: Non-admins should not be able to get cache config via REST
API (CVE-2023-3629)

* netty: SniHandler 16MB allocation leads to OOM (CVE-2023-34462)

* jackson-databind: denial of service via cylic dependencies
(CVE-2023-35116)

* apache-mina: information exposure in SFTP server implementations
(CVE-2023-35887)

* infinispan: circular reference on marshalling leads to DoS
(CVE-2023-5236)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2215214 - CVE-2023-35116 jackson-databind: denial of service via cylic dependencies
2216888 - CVE-2023-34462 netty: SniHandler 16MB allocation leads to OOM
2217924 - CVE-2023-3628 infispan: REST bulk ops don't check permissions
2217926 - CVE-2023-3629 infinispan: Non-admins should not be able to get cache config via REST API
2240036 - CVE-2023-35887 apache-mina-sshd: information exposure in SFTP server implementations
2240999 - CVE-2023-5236 infinispan: circular reference on marshalling leads to DoS

5. References:

https://access.redhat.com/security/cve/CVE-2022-45047
https://access.redhat.com/security/cve/CVE-2023-3628
https://access.redhat.com/security/cve/CVE-2023-3629
https://access.redhat.com/security/cve/CVE-2023-5236
https://access.redhat.com/security/cve/CVE-2023-34462
https://access.redhat.com/security/cve/CVE-2023-35116
https://access.redhat.com/security/cve/CVE-2023-35887
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=70381&product=data.grid&version=8.4&downloadType=patches
https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.4/html-single/red_hat_data_grid_8.4_release_notes/index

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJlFZssAAoJENzjgjWX9erEVBUP/juQ7FbyJjmSmND8oHqZnVVT
vUTePNV3l/ulRcemJxmCWaQzyxxVBa5vJ2euNZ46iMbesye80ar3g45FuMx8uqtV
9IWhOUZRQP7NNVkf83zrTLTqwP53Y/0+Q9jx3B4DWTfkB2dmAbrTIrZwCUt8H4nx
9rINfIgdjlD9R09uI5nYon61WQe5xmF4Qpfpcpwk53aCj3cWBIlI0yfPHikraK8/
l95618TFdlcMkEzTz/lf/5vNuiBA1jNxnVdAyLsM34i9GIk/mEvTemBOwj0kJPB2
ZRxY2VOppyMyq3aNefjNah9Uy6v5gw3ny7Wou4syRTjTO+WkuKQQO/+1h5iImdVq
qXmvnSXPZo0QsMZhpORz2Nt7IUy8K61au4qRR9NN0RuuyriU/ox+Z0e1d9OSFKTe
9yo8zhyS59/Ljj5Q6s95sv+8hpCCa97Rf7p5DFMmwI7d8Q8Dykc+JwU9nujGTAWE
vBQCZlj6yrMbyTN5yeCXvDpBM+Lmv6j11eH3lNvLH/6sp4L7yDtutMkXA8lNz4dS
9QOlHGI1uFqbjsM2jINVZypksJFeUVzhJ5cKmLZ77B9hB/F0cKnqKQtaJnIng2cI
qKXmWyjD3jZzryn+2mDEsYGMMmstaNXk2s9mJ/ZbxBrD1nUuy/gPpDCG94RJlSjt
4vHsWOHi6lXZ5+vNcG7h
=l76w
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close