RHSA-2019:1545: Important: Red Hat Fuse 7.3.1 security update
This release of Red Hat Fuse 7.3.1 serves as a replacement for Red Hat Fuse 7.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.<br>Security Fix(es):<br><li> bsh2: remote code execution via deserialization (CVE-2016-2510)</li> <li> log4j: Socket receiver deserialization vulnerability (CVE-2017-5645)</li> <li> uima: XML external entity expansion (XXE) can allow attackers to execute arbitrary code (CVE-2017-15691)</li> <li> mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018) (CVE-2018-3258)</li> <li> thrift: Improper Access Control grants access to files outside the webservers docroot path (CVE-2018-11798)</li> For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2019:1545?
The severity of RHSA-2019:1545 is classified as important due to the potential for remote code execution.
How do I fix RHSA-2019:1545?
To fix RHSA-2019:1545, update to Red Hat Fuse version 7.3.1 or later.
What vulnerability is addressed in RHSA-2019:1545?
RHSA-2019:1545 addresses a remote code execution vulnerability via deserialization in bsh2.
Which software is affected by RHSA-2019:1545?
RHSA-2019:1545 affects the Red Hat Fuse 7.3 and earlier versions.
Is there a workaround for the issues in RHSA-2019:1545?
There are no specific workarounds mentioned for the issues in RHSA-2019:1545; upgrading is recommended.