-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat build of Eclipse Vert.x 4.1.8 security update Advisory ID: RHSA-2022:0083-01 Product: Red Hat OpenShift Application Runtimes Advisory URL: https://access.redhat.com/errata/RHSA-2022:0083 Issue date: 2022-01-20 CVE Names: CVE-2021-44832 CVE-2021-45046 CVE-2021-45105 ==================================================================== 1. Summary: An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE pages listed in the References section. 2. Description: This release of Red Hat build of Eclipse Vert.x 4.1.8 GA includes security updates. For more information, see the release notes listed in the References section. Security Fix(es): * log4j-core: remote code execution via JDBC Appender (CVE-2021-44832) * log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046) * log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. 4. Bugs fixed (https://bugzilla.redhat.com/): 2032580 - CVE-2021-45046 log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) 2034067 - CVE-2021-45105 log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern 2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender 5. References: https://access.redhat.com/security/cve/CVE-2021-44832 https://access.redhat.com/security/cve/CVE-2021-45046 https://access.redhat.com/security/cve/CVE-2021-45105 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&productÊtRhoar.eclipse.vertx&version=4.1.8 https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/4.1/html/release_notes_for_eclipse_vert.x_4.1/index 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYemZRNzjgjWX9erEAQg3kg//TMRnMbFneaojfw2Cav3ewH7CQEqai/UQ 4nb5leVBZUlkoGk302d1Xlmjc8oYeyRHP2w95PuWfSqxpU5GhOabUjlJzul1Um34 Y0QaFhBI7xuAk28szn7JKoB6yZ6UAgB/vmYYo0YdlphtInAwnp3Vipb/3vgzXJUH eaFAkTvEMc4h0gcyLO98Krr/4u87+YJyY2wbWSpRDoQpQUcnDzGNqessOp6NMSsS mo0SHcFVYLXqsM9/cHaQyhIfTlF5JDApe0DO5y1zE60B1tYJyU34fgoRprFs5ybv f4Enn/qVWfmx2PCdEwOdKvjf2jQzVplqbPQwxILMRN2f3+y7OBNNWPB16kTskP3u jYUXZd6AN+YdJBzpBw23TFDmtSbGn9A3jTOWz1uACu3vYxNPSzDYIkOgD0hYfNIb dZntht5p3WgkBQ0Xkgd0At2UXwc70eJ2uH51Ck/bosH46MuKzVSeCoAsCCEXRMTm vGsfK5EV8Es5ltzsw1Im+3DZ8QcBNN7SUWidrJa9d6U9F0pzZVe1co4D12Xchapv bxQp0QeWHIgFNBQA8vQk6SZsdJH3THzHi0GUzLvSMED02MsfAd7HQhyndu/b9vs6 s2OIgauHd09+Siw1twydZUg1eEbeNctFUW2pi2LRggCY4cqLA0j4l0q0zQnKCdw3 73/w3ORRBdI=mx2F -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce