-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: rh-maven36-bcel security update Advisory ID: RHSA-2022:8959-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2022:8959 Issue date: 2022-12-13 CVE Names: CVE-2022-42920 ==================================================================== 1. Summary: An update for rh-maven36-bcel is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: The Byte Code Engineering Library (Apache Commons BCEL) is intended to give users a convenient way to analyze, create, and manipulate (binary) Java class files (those ending with .class). Security Fix(es): * Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2142707 - CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-maven36-bcel-6.3.1-2.3.el7.src.rpm noarch: rh-maven36-bcel-6.3.1-2.3.el7.noarch.rpm rh-maven36-bcel-javadoc-6.3.1-2.3.el7.noarch.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-maven36-bcel-6.3.1-2.3.el7.src.rpm noarch: rh-maven36-bcel-6.3.1-2.3.el7.noarch.rpm rh-maven36-bcel-javadoc-6.3.1-2.3.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-42920 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY5ipktzjgjWX9erEAQhnTQ//XLvsdlV/NZd4o/fceImEOfM6rv/Xz9OH r/8TywiqGBMf0MZgtwr/dxg9jrV3DG8jhSIO36CsBEh5pplw8dEtgwA39aNSN5KA va+PTC1tw1WBL26iQB99HH35vNGojubadHXLyGrB4sb11Gr/lDUi93AAkD85YCvp gIx2NKIijqIbWf7XTCZTVxSKGq1feFcY+RpqfM0W/nGw7ZoBc+MVBrvMPIuKTeZY vnYt4lczddxbmz2SJZ+kOzo3ulOkTDn8hH33LwnCA/niPiJH0OWbThD5Eeu3VdUg npuBN6dzoU+dF5z5Zl2qh2aXg7FtzFFtqjy+GZ29JUJOWocYHTFWEaPUIBuHvetf bahHJJ/sl+JIXAvnkYSQAAAJYoLifyR8OIkUItT8J99Yz8c0QKn3X4o2sl2mZvRk 0UuEOj93pXEs7sy0gtp+kn9cLhxPpEhL/wB6PL896JEzLrQ8adYPWidTwVDGkcZj Z/RC6Fu2qCWS0ta5pbdl2SubG2ndKolX8r5yhvNy2FROBnuMJby+mI4qEoVh2P+e FjwUjzW2UJq+/vhQ0deZ4DDAeCs9Cv/tIwKNEeTF9PdrvHNyFbN4sWzsfN0RI5O2 w2rmfQJk1DrPOLShpSIoDF8/yKDYrlUIvJ2yzmfJy9h5sQzwCYpyPPDMPmE1dMwa HZK+lpuikNk=lFDR -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce