RHSA-2021:1560: Moderate: Red Hat AMQ Streams 1.6.4 release and security update
Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 1.6.4 serves as a replacement for Red Hat AMQ Streams 1.6.2, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.Security Fix(es): jetty-server: jetty: Symlink directory exposes webapp directory contents (CVE-2021-28163) jetty-server: jetty: Ambiguous paths can access WEB-INF (CVE-2021-28164) jetty-server: jetty: Resource exhaustion when receiving an invalid large TLS frame (CVE-2021-28165) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2021:1560?
The severity of RHSA-2021:1560 is classified as important.
How do I fix RHSA-2021:1560?
To fix RHSA-2021:1560, you need to update to the latest version of Red Hat AMQ Streams provided in the advisory.
What components are affected by RHSA-2021:1560?
RHSA-2021:1560 affects the Red Hat AMQ Streams component based on the Apache Kafka project.
Is there a workaround for RHSA-2021:1560?
There are no official workarounds provided for the vulnerabilities addressed by RHSA-2021:1560.
When was RHSA-2021:1560 released?
RHSA-2021:1560 was released on June 28, 2021.