Red Hat Product Errata RHSA-2023:7617 - Security Advisory
Issued:
2023-11-30
Updated:
2023-11-30

RHSA-2023:7617 - Security Advisory

Synopsis

Important: Red Hat Build of Apache Camel for Quarkus 3.2.0 release (RHBQ 3.2.9.Final)

Type/Severity

Security Advisory: Important

Topic

Red Hat Build of Apache Camel for Quarkus 3.2.0 is now available (updates to RHBQ 3.2.9.Final). The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products

Description

Red Hat Build of Apache Camel for Quarkus 3.2.0 is now available (updates to RHBQ 3.2.9.Final). The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products:

  • CVE-2023-39410 avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK
  • CVE-2023-5072 JSON-java: parser confusion leads to OOM

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Build of Apache Camel 1 x86_64

Fixes

  • BZ - 2242521 - CVE-2023-39410 apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK
  • BZ - 2246417 - CVE-2023-5072 JSON-java: parser confusion leads to OOM

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.