RHSA-2023:1661: Important: Red Hat AMQ Broker 7.11.0 release and security update
AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.This release of Red Hat AMQ Broker 7.11.0 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.Security Fix(es): keycloak: path traversal via double URL encoding (CVE-2022-3782) springframework: DoS via data binding to multipartFile or servlet part (CVE-2022-22970) springframework: DoS with STOMP over WebSocket (CVE-2022-22971) WildFly: possible information disclosure (CVE-2022-1278) jetty-http: improver hostname input handling (CVE-2022-2047) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2023:1661?
The severity of RHSA-2023:1661 is classified as important.
What vulnerabilities are addressed in RHSA-2023:1661?
RHSA-2023:1661 addresses security and bug fixes for AMQ Broker 7.11.0.
How do I fix RHSA-2023:1661?
To fix RHSA-2023:1661, update your Red Hat AMQ Broker to the latest version as recommended.
Which versions are affected by RHSA-2023:1661?
RHSA-2023:1661 affects Red Hat AMQ Broker 7.11.0 and potentially earlier versions.
Is there a workaround for RHSA-2023:1661?
There are no specific workarounds announced for RHSA-2023:1661; applying the fix is recommended.