(RHSA-2021:0986) Low: AMQ Online 1.7.0 release and security update

2021-03-25T13:39:47
ID RHSA-2021:0986
Type redhat
Reporter RedHat
Modified 2021-03-25T13:40:44

Description

The release of Red Hat AMQ Online 1.7.0 serves as a replacement for earlier AMQ Online releases, and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.

Security Fix(es):

  • fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise (CVE-2021-20218)

  • netty: Information disclosure via the local system temporary directory (CVE-2021-21290)

  • netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.