RHSA-2024:1706 - Security Advisory

Topic

An update for Red Hat Build of Apache Camel 4.0 for Quarkus 3.2 is now available (updates to RHBQ 3.2.11).
Red Hat Product Security has rated this update as having a security impact of
Important.
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products

Description

An update for Red Hat Build of Apache Camel 4.0 for Quarkus 3.2 is now available (updates to RHBQ 3.2.11).
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products:

• TRIAGE CVE-2024-25710 commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file
• TRIAGE CVE-2024-26308 commons-compress: OutOfMemoryError unpacking broken Pack200 file
• TRIAGE CVE-2024-1300 vertx-core: io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support
• TRIAGE CVE-2024-1023 vert.x: io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx

Solution

Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link (you must log in to download the update).

Affected Products

• Red Hat Build of Apache Camel 1 x86_64

Fixes

CVEs

• CVE-2024-1023
• CVE-2024-1300
• CVE-2024-25710
• CVE-2024-26308

References

• https://access.redhat.com/security/updates/classification/#important
• https://access/redhat/com/security/cve/CVE-2024-25710
• https://access/redhat/com/security/cve/CVE-2024-26308
• https://access/redhat/com/security/cve/CVE-2024-1300
• https://access/redhat/com/security/cve/CVE-2024-1023