RHSA-2022:7896: Moderate: Red Hat Integration Debezium 1.9.7 security update
Debezium is a distributed platform that turns your existing databases into event streams, so applications can see and respond immediately to each row-level change in the databases.Debezium is built on top of Apache Kafka and provides Kafka Connect compatible connectors that monitor specific database management systems. Debezium records the history of data changes in Kafka logs, from where your application consumes them. This makes it possible for your application to easily consume all of the events correctly and completely. Even if your application stops unexpectedly, it will not miss anything: when the application restarts, it will resume consuming the events where it left off.Security Fix(es): protobuf-java: potential DoS in the parsing procedure for binary data (CVE-2021-22569) protobuf-java: timeout in parser leads to DoS (CVE-2022-3171) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2022:7896?
The severity of RHSA-2022:7896 is classified as moderate.
How do I fix RHSA-2022:7896?
To fix RHSA-2022:7896, update the affected Debezium packages to the latest version released by Red Hat.
What software is affected by RHSA-2022:7896?
RHSA-2022:7896 affects the Debezium platform that integrates with Apache Kafka.
What are the potential impacts of RHSA-2022:7896?
The potential impacts of RHSA-2022:7896 include compromised security and unauthorized access to database event streams.
When was RHSA-2022:7896 released?
RHSA-2022:7896 was released as part of Red Hat's security advisories in 2022.