RHSA-2022:1345: Moderate: Red Hat AMQ Streams 2.1.0 release and security update
Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. <br>This release of Red Hat AMQ Streams 2.1.0 serves as a replacement for Red Hat AMQ Streams 2.0.1, and includes security and bug fixes, and enhancements.<br>Security Fix(es):<br><li> lz4: memory corruption due to an integer overflow bug caused by memmove argument [amq-st-1] (CVE-2021-3520)</li> <li> netty: control chars in header names may lead to HTTP request smuggling [amq-st-1] (CVE-2021-43797)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2022:1345?
The severity of RHSA-2022:1345 is classified as important.
How do I fix RHSA-2022:1345?
To fix RHSA-2022:1345, users should upgrade to the latest version of Red Hat AMQ Streams as recommended in the advisory.
What are the risks associated with RHSA-2022:1345?
The risks associated with RHSA-2022:1345 include potential security vulnerabilities that could be exploited to compromise system integrity.
What versions are affected by RHSA-2022:1345?
RHSA-2022:1345 affects specific versions of Red Hat AMQ Streams, which are detailed in the advisory.
Is there a workaround for RHSA-2022:1345?
There are no official workarounds for RHSA-2022:1345; upgrading to the patched version is recommended.