RHSA-2021:0811: Low: Red Hat Integration Tech-Preview 3 Camel K security update
This release of Red Hat Integration - Camel K - Tech-Preview 3 serves as a replacement for tech-preview 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.Security Fix(es): jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) (CVE-2020-25649) cassandra: allows manipulation of the RMI registry to perform a MITM attack and capture user names and passwords used to access the JMX interface (CVE-2020-13946) apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2021:0811?
The severity of RHSA-2021:0811 is classified as important.
How do I fix RHSA-2021:0811?
To fix RHSA-2021:0811, update the affected packages to the latest version as specified in the advisory.
What vulnerabilities are addressed in RHSA-2021:0811?
RHSA-2021:0811 addresses vulnerabilities in the jackson-databind library, which may allow for potential code execution.
Is RHSA-2021:0811 applicable to all users?
RHSA-2021:0811 impacts users of Red Hat Integration - Camel K - Tech-Preview 3, particularly those utilizing the affected libraries.
What are the enhancements included in RHSA-2021:0811?
RHSA-2021:0811 includes bug fixes and performance enhancements as detailed in the release notes.