-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Integration Camel Extension For Quarkus 2.7-1 security update Advisory ID: RHSA-2023:1177-01 Product: Red Hat Integration Advisory URL: https://access.redhat.com/errata/RHSA-2023:1177 Issue date: 2023-03-09 CVE Names: CVE-2022-41946 CVE-2022-41966 ===================================================================== 1. Summary: Red Hat Integration Camel Extensions for Quarkus 2.7-1 release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: A security update for Red Hat Integration Camel Extensions for Quarkus 2.7-1 is now available. Security Fix(es): * xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966) * postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions (CVE-2022-41946) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 2153399 - CVE-2022-41946 postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions 2170431 - CVE-2022-41966 xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow 5. References: https://access.redhat.com/security/cve/CVE-2022-41946 https://access.redhat.com/security/cve/CVE-2022-41966 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q1 https://access.redhat.com/documentation/en-us/red_hat_integration/2023.q1 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZAnondzjgjWX9erEAQgryw//Rj/rVnMZGy3ShNXGHva3NUyqYDBmx79A IitaDTPn4cEZkvBPI7Os7EwMnW0ubuz7ank3XETz7IIWPYE6ju/BfTEdZ3BQMYwn rU+K/zU6pV2bobJAv6UlfzV6cheWyg6YdpY0klERhGoUgAjwH4E/7De9cqUEypFq tronlhMkW14KDJIdeH5LFybsOSb9AdFY+41orv3hKMvzlT5E9mfVc1hOCW97nQEC Dwx3rdkDQpOosRcUlp9A7YjP5IJZMIB2RmdKJWJfRT+GJ0PXI6NiBjBCmCFoAat/ SJEtEgE83qUnJgzNYDoDHV+sRg2M8vcLO/s466qp349TyGXOdQT+3uS9Hfk4yb71 8kMz1/tI6F1Q3RjU2ZbJzvJUaqM3FTMQccar97PmvR83ag5wJ5ZyZDPNA2gnN5hX 1wj+bnc3i8AiWt8EyB4fBg2PoeJaKjgcTtmy85kEzR7hh4ifLIEjcIqLge7y7Q7o B20ods2RMvry8hpyZ8FWa6YgxB7bQgxCYhaSs/yt53VeSUzmiLE1/FTffMs3Wp3X Xh8Q9yNquJ3NKMzj0tgaPwtclGKcoszAcVfA/aSjzb+ZrSCgUjTUA5sXX9G3Rawt O4W3sB+Xhfip3fra8mhnjmAP3BdQYIBnKMKOze+hBJxN08X0l12RoPjwzqqzj9gz vw3QINP2jYc= =z22e -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce