RHSA-2022:6819: Important: Red Hat AMQ Streams 2.2.0 release and security update
Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 2.2.0 serves as a replacement for Red Hat AMQ Streams 2.1.0, and includes security and bug fixes, and enhancements.Security Fix(es): kafka: Unauthenticated clients may cause OutOfMemoryError on brokers (CVE-2022-34917) jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518) netty: world readable temporary file containing sensitive data (CVE-2022-24823) com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2022:6819?
The severity of RHSA-2022:6819 is classified as important.
How do I fix RHSA-2022:6819?
To fix RHSA-2022:6819, update Red Hat AMQ Streams to the latest version as recommended in the advisory.
What vulnerabilities are addressed by RHSA-2022:6819?
RHSA-2022:6819 addresses several vulnerabilities affecting Red Hat AMQ Streams that could impact security and functionality.
Which versions of Red Hat AMQ Streams are affected by RHSA-2022:6819?
RHSA-2022:6819 affects Red Hat AMQ Streams versions prior to 2.2.0.
Is a reboot required after applying the fix for RHSA-2022:6819?
A reboot is not required after applying the fix for RHSA-2022:6819.