RHSA-2022:6916: Important: Red Hat AMQ Broker 7.10.1 release and security update
AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.This release of Red Hat AMQ Broker 7.10.1 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.Security Fix(es): (CVE-2021-3121) gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2022-35278) activemq-artemis: AMQ Broker web console HTML Injection (CVE-2022-24823) netty: world readable temporary file containing sensitive data (CVE-2022-33980) apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2022:6916?
The severity of RHSA-2022:6916 is classified as important due to potential security vulnerabilities.
How do I fix RHSA-2022:6916?
To fix RHSA-2022:6916, you should update to the latest version of Red Hat AMQ Broker 7.10.1 or later.
What vulnerabilities are addressed in RHSA-2022:6916?
RHSA-2022:6916 addresses multiple security vulnerabilities that could affect the functionality of AMQ Broker.
Is RHSA-2022:6916 applicable to my system?
RHSA-2022:6916 is applicable if you are using Red Hat AMQ Broker versions prior to 7.10.1.
When was RHSA-2022:6916 released?
RHSA-2022:6916 was released in December 2022 as part of a regular security update.