RHSA-2018:2938: Moderate: Red Hat OpenShift Application Runtimes Thorntail 2.2.0 security & bug fix update
Red Hat OpenShift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.This release of RHOAR Thorntail 2.2.0 serves as a replacement for RHOAR WildFly Swarm 7.1.0, and includes security and bug fixes and enhancements. For further information, refer to the release notes linked to in the References section.Security Fix(es): undertow: Path traversal in ServletResourceManager class (CVE-2018-1047) jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries (CVE-2018-7489) For more details about the security issue(s), including the impact, a CVSSscore, and other related information, refer to the CVE page(s) listed inthe References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2018:2938?
The severity of RHSA-2018:2938 is classified as moderate.
How do I fix RHSA-2018:2938?
To fix RHSA-2018:2938, you should update the affected packages to the latest version provided by Red Hat.
Which versions are affected by RHSA-2018:2938?
RHSA-2018:2938 affects specific versions of Red Hat OpenShift Application Runtimes prior to the update.
What are the risks of not addressing RHSA-2018:2938?
Not addressing RHSA-2018:2938 may expose your applications to potential vulnerabilities and operational issues.
Is there a workaround for RHSA-2018:2938?
There are no known workarounds for RHSA-2018:2938; updating is the recommended course of action.