RHSA-2022:0469: Important: Red Hat AMQ Streams 2.0.1 release and security update
Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 2.0.1 serves as a replacement for Red Hat AMQ Streams 2.0.0, and includes security and bug fixes, and enhancements.Security Fix(es): log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305) log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307) kubernetes-client: Insecure deserialization in unmarshalYaml method (CVE-2021-4178) log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2022:0469?
The severity of RHSA-2022:0469 is classified as moderate.
How do I fix RHSA-2022:0469?
To fix RHSA-2022:0469, apply the available updates for Red Hat AMQ Streams version 2.0.1.
What vulnerabilities does RHSA-2022:0469 address?
RHSA-2022:0469 addresses several bugs identified in Red Hat AMQ Streams that could affect functionality and performance.
Is RHSA-2022:0469 a critical update?
No, RHSA-2022:0469 is not considered a critical update, but it is important for stability.
Which versions of Red Hat AMQ Streams are affected by RHSA-2022:0469?
RHSA-2022:0469 affects specific versions of Red Hat AMQ Streams that are mentioned in the advisory.