Important: Red Hat Build of Apache Camel for Quarkus 3.2.0 release (RHBQ 3.2.9.Final)

トピック

Red Hat Build of Apache Camel for Quarkus 3.2.0 is now available (updates to RHBQ 3.2.9.Final). The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products

説明

Red Hat Build of Apache Camel for Quarkus 3.2.0 is now available (updates to RHBQ 3.2.9.Final). The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products:

• CVE-2023-39410 avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK
• CVE-2023-5072 JSON-java: parser confusion leads to OOM

解決策

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

影響を受ける製品

• Red Hat Integration - Camel Extensions for Quarkus 1 x86_64

修正

• BZ - 2242521 - CVE-2023-39410 apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK
• BZ - 2246417 - CVE-2023-5072 JSON-java: parser confusion leads to OOM

CVE

• CVE-2023-5072
• CVE-2023-39410

参考資料

• https://access.redhat.com/security/updates/classification/#important
• https://access/redhat/com/security/cve/CVE-2023-5072