Lucene search

K
redhatRedHatRHSA-2023:0189
HistoryJan 17, 2023 - 11:45 a.m.

(RHSA-2023:0189) Moderate: Red Hat AMQ Streams 2.3.0 release and security update

2023-01-1711:45:43
access.redhat.com
44
red hat amq streams
apache kafka
security update
cve-2022-2048
cve-2022-2191
cve-2022-42003
cve-2022-42004
cve-2022-2047
cve-2022-38752
distributed backbone
microservices
data sharing

0.003 Low

EPSS

Percentile

71.7%

Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency.

This release of Red Hat AMQ Streams 2.3.0 serves as a replacement for Red Hat AMQ Streams 2.2.0, and includes security and bug fixes, and enhancements.

Security Fix(es):

  • http2-server: Invalid HTTP/2 requests cause DoS (CVE-2022-2048)

  • jetty-server: Improper release of ByteBuffers in SslConnections (CVE-2022-2191)

  • jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)

  • jackson-databind: use of deeply nested arrays (CVE-2022-42004)

  • jetty-http: improver hostname input handling (CVE-2022-2047)

  • snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.