-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Integration Camel-K 1.6.5 security update Advisory ID: RHSA-2022:1333-01 Product: Red Hat Integration Advisory URL: https://access.redhat.com/errata/RHSA-2022:1333 Issue date: 2022-04-12 CVE Names: CVE-2022-22965 ==================================================================== 1. Summary: A micro version update (from 1.6.4 to 1.6.5) is now available for Red Hat Integration Camel K. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: A micro version update (from 1.6.4 to 1.6.5) is now available for Red Hat Camel K that includes CVE fixes in the base images, which are documented in the Release Notes document linked in the References section. Security Fix(es): * spring-beans: spring-framework: RCE via Data Binding on JDK 9+ (CVE-2022-22965) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2070348 - CVE-2022-22965 spring-framework: RCE via Data Binding on JDK 9+ 5. References: https://access.redhat.com/security/cve/CVE-2022-22965 https://access.redhat.com/security/vulnerabilities/RHSB-2022-003 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version 22-Q2 https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q1 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYlX6IdzjgjWX9erEAQjfGQ//ff8/J2BxiGKD0zB6RGPrgwCaSvkVtV7y 8Lld/xKCQApjQzVXeM8pfkbhIn0+YwV41raVatrc7c8s8iKGcddyF4h7rQpk78eF +X+S/6oB63e78O/bCRRYsQFCYaAYt+JDVrG4WAwbDJ27sUGQ+99hC69Zv7cBvH5u oCAa9YjMZddlBZmYmSsfSx2VqPfRQNNEczL0DJYpwZtsNmgQxeQiU1e9advtr/wW 7Wfev8zuUy9UlbNjzFVi+ynvzeNOOYomAfpyRYMxfY6IeOvfDsfiAKhi/PfQIX3L oCGxfGzP58AAeeb4OGIhTY9Z+yXUwYjmgIiwIpOfbz4+ewos6it6XUXqdYMKYFSd QTs/tWDftxZquB0Zg4DkAHlNFfJPSN3M4HVsOOczIV6cR1G5DNLsOLACCjJOe9py 6bwgpB0E0yjkMAxokLyETwv8j9NskwMV9ns4nTge7HiGOybZXwXGXKn/gya63uUp NFvHdAuAqzP5Omh6DOTgHzc4sKv1SRVAwI3cokCcoKmzkLwXNGYZC3jh42xhBZDj m8OEmHOhtWdo6rBNN0lc1gjIdzHIQXFS+qhlicqD1JGvhSDCqSQOVP3Z1YwKJO6q R4r9nB+kN/u3yBMuuGD8WCB6w4y6TV3d5MoAi4l0gu6alHBsTrE0r5tLRNGTstI6 2e9xMQYImAM=JwkL -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce