-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   
Red Hat Security Advisory

Synopsis:          Important: Red Hat 3scale API Management 2.6.0 release and security update
Advisory ID:       RHSA-2019:2534-01
Product:           3scale API Management
Advisory URL:      https://access.redhat.com/errata/RHSA-2019:2534
Issue date:        2019-08-21
CVE Names:         CVE-2019-10216
====================================================================
1. Summary:

A security update for Red Hat 3scale API Management Platform is now
available from the Red Hat Container Catalog.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Description:

Red Hat 3scale API Management delivers centralized API management features
through a distributed, cloud-hosted layer. It includes built-in features to
help in building a more successful API program, including access control,
rate limits, payment gateway integration, and developer experience tools.

This release of Red Hat 3scale API Management 2.6.0 replaces Red Hat 3scale
API Management 2.5.1.

Security Fix(es):

* ghostscript: -dSAFER escape via .buildfont1 (CVE-2019-10216)

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management
/2.6/html-single/installing_3scale/#onpremises-installation

4. Bugs fixed (https://bugzilla.redhat.com/):

1737080 - CVE-2019-10216 ghostscript: -dSAFER escape via .buildfont1 (701394)

5. JIRA issues fixed (https://issues.jboss.org/):

THREESCALE-2852 - Release 3scale AMP 2.6 - Container Images

6. References:

https://access.redhat.com/security/cve/CVE-2019-10216
https://access.redhat.com/security/updates/classification/#important

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXV0vO9zjgjWX9erEAQjqdA/9Gy6SP3jYmCeiNKR0uwPOk4nphQCrVY1d
ZhaqnXPObfkl5+NebVTpXo5+0HbSnXShWXIH8LLU94Y2TRlfDgzuUL3243B8i6KM
fUNgDBPq9sT/DAjE2zAN5F2VI09lVUNfySvypMHRYf1xrsUQ1GR7wPJGukn28eUG
rC423rBLaSude8U0s55efkJhs+I/V/0cwCfOiL325JeAS5BqsbkDS5qlBVmtAZSH
fFD1HabE5xCeUK6vvGLIkjbdvywSKsVJtYeFzyZE0CdfofSn4z+LLDQQ0XvRicM+
FsRkOvtfXFca0k7xkglpyOzKSV7bwy1vZfyi78sleWi1vTZRGjd+s4bogdFY1sW1
6jA6Z9n2zHCsBv3knwjj4AoOwJ8Z6WQBBwN7g0vTTFOKRdpmfMf8rJGA/enLnZRe
R3lfNzG4jLg1L5aWHOCHbX3YcKvt9fMiNKgpNzKKqONwnAqC7hKuMEQ5mvc05UW+
MpbNsbmLTXVL3oYF5iQDJaUdAQJ7vN3hB1In/p5wIJ4bFleaf+57k0jhw3jVxayX
fuwH1EcAzenlBafHYnyzIFHrH27lkQ/jbxZ8cU6jAHqDNsayS7Vl/8056TV14tcv
uiK1Mfou0HnvDcNaUPW9EHbctEHLLLE9UzEGpGAxRfhF4CUSMQrvoEFIlOZQrbUC
C3xua/zoKbY=9v+4
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce