RHSA-2022:0467: Important: Red Hat AMQ Streams 1.6.7 release and security update
Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 1.6.7 serves as a replacement for Red Hat AMQ Streams 1.6.6, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.Security Fix(es): log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305) log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307) kubernetes-client: Insecure deserialization in unmarshalYaml method (CVE-2021-4178) log4j-core: remote code execution via JDBC Appender (CVE-2021-44832) log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2022:0467?
The severity of RHSA-2022:0467 is considered moderate.
How do I fix RHSA-2022:0467?
To fix RHSA-2022:0467, users should update to the latest version of Red Hat AMQ Streams.
What software is affected by RHSA-2022:0467?
RHSA-2022:0467 affects Red Hat AMQ Streams version 1.6.7.
What vulnerabilities are addressed in RHSA-2022:0467?
RHSA-2022:0467 addresses multiple bugs that may impact performance and stability.
Is there a deadline to apply the patch for RHSA-2022:0467?
It is recommended to apply the patch for RHSA-2022:0467 as soon as possible to mitigate potential risks.