RHSA-2022:0294: Important: parfait:0.5 security update
Parfait is a Java performance monitoring library that collects metrics and exposes them through a variety of outputs. It provides APIs for extracting performance metrics from the JVM and other sources. It interfaces to Performance Co-Pilot (PCP) using the Memory Mapped Value (MMV) machinery for extremely lightweight instrumentation.Security Fix(es): log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305) log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307) log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104) log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2022:0294?
The security severity level of RHSA-2022:0294 can be categorized as moderate.
How do I fix RHSA-2022:0294?
To fix RHSA-2022:0294, upgrade to the latest versions of the affected packages listed in the advisory.
Which packages are affected by RHSA-2022:0294?
RHSA-2022:0294 affects multiple packages, including parfait, si-units, unit-api, and uom-lib among others.
Is RHSA-2022:0294 applicable to all Red Hat environments?
RHSA-2022:0294 is specifically applicable to Red Hat Enterprise Linux 8 environments.
What is Parfait in the context of RHSA-2022:0294?
Parfait is a Java performance monitoring library that collects metrics from the JVM and other sources, which is affected by RHSA-2022:0294.