RHSA-2022:0138: Moderate: Red Hat AMQ Streams 2.0.0 release and security update
Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 2.0.0 serves as a replacement for Red Hat AMQ Streams 1.8.4, and includes security and bug fixes, and enhancements.Security Fix(es): jetty: crafted URIs allow bypassing security constraints (CVE-2021-34429) netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136) netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137) Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients (CVE-2021-38153) log4j-core: remote code execution via JDBC Appender (CVE-2021-44832) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2022:0138?
The severity of RHSA-2022:0138 is classified as important.
How do I fix RHSA-2022:0138?
To fix RHSA-2022:0138, update Red Hat AMQ Streams to the latest version recommended in the advisory.
What software is affected by RHSA-2022:0138?
RHSA-2022:0138 affects Red Hat AMQ Streams and potentially relies on specific versions of Apache Kafka.
What vulnerabilities are addressed by RHSA-2022:0138?
RHSA-2022:0138 addresses multiple vulnerabilities that can impact the performance and security of the AMQ Streams.
When was RHSA-2022:0138 released?
RHSA-2022:0138 was released in February 2022.