Lucene search

RedHatRHSA-2022:5532

HistoryJul 07, 2022 - 2:16 p.m.

(RHSA-2022:5532) Important: Red Hat Fuse 7.11.0 release and security update

2022-07-0714:16:35

access.redhat.com

122

red hat fuse 7.11.0

security updates

bug fixes

fastjson

jackson-databind

mysql-connector-java

undertow

wildfly-elytron

nodejs-ansi-regex

kubernetes-client

spring-security

protobuf-java

google-oauth-client

xstream

jdom

apache-commons-compress

kafka

xml-security

logback

netty

xnio

jdbc-postgresql

spring-expression

springframework

junrar

artemis-commons

elasticsearch

tomcat

junit4

wildfly-core

kotlin

karaf

metadata-extractor

poi-scratchpad

postgresql-jdbc

tika-core

cve-2022-26520

cve-2022-30126

cve-2022-26336

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.922

Percentile

99.0%

JSON

This release of Red Hat Fuse 7.11.0 serves as a replacement for Red Hat Fuse 7.10 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.

Security Fix(es):

fastjson (CVE-2022-25845)
jackson-databind (CVE-2020-36518)
mysql-connector-java (CVE-2021-2471, CVE-2022-21363)
undertow (CVE-2022-1259, CVE-2021-3629, CVE-2022-1319)
wildfly-elytron (CVE-2021-3642)
nodejs-ansi-regex (CVE-2021-3807, CVE-2021-3807)
3 qt (CVE-2021-3859)
kubernetes-client (CVE-2021-4178)
spring-security (CVE-2021-22119)
protobuf-java (CVE-2021-22569)
google-oauth-client (CVE-2021-22573)
XStream (CVE-2021-29505, CVE-2021-43859)
jdom (CVE-2021-33813, CVE-2021-33813)
apache-commons-compress (CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090)
Kafka (CVE-2021-38153)
xml-security (CVE-2021-40690)
logback (CVE-2021-42550)
netty (CVE-2021-43797)
xnio (CVE-2022-0084)
jdbc-postgresql (CVE-2022-21724)
spring-expression (CVE-2022-22950)
springframework (CVE-2021-22096, CVE-2021-22060, CVE-2021-22096, CVE-2022-22976, CVE-2022-22970, CVE-2022-22971, CVE-2022-22978)
h2 (CVE-2022-23221)
junrar (CVE-2022-23596)
artemis-commons (CVE-2022-23913)
elasticsearch (CVE-2020-7020)
tomcat (CVE-2021-24122, CVE-2021-25329, CVE-2020-9484, CVE-2021-25122, CVE-2021-33037, CVE-2021-30640, CVE-2021-41079, CVE-2021-42340, CVE-2022-23181)
junit4 (CVE-2020-15250)
wildfly-core (CVE-2020-25689, CVE-2021-3644)
kotlin (CVE-2020-29582)
karaf (CVE-2021-41766, CVE-2022-22932)
Spring Framework (CVE-2022-22968)
metadata-extractor (CVE-2022-24614)
poi-scratchpad (CVE-2022-26336)
postgresql-jdbc (CVE-2022-26520)
tika-core (CVE-2022-30126)

For more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.