Red Hat 제품 에라타 RHSA-2025:18028 - Security Advisory
발행된 날짜:
2025-10-14
업데이트된 날짜:
2025-10-14

RHSA-2025:18028 - Security Advisory

요약

Important: Red Hat Build of Apache Camel 4.10.7 for Spring Boot release.

유형/심각도

Security Advisory: Important

주제

Red Hat build of Apache Camel 4.10.7 for Spring Boot patch release and security update is now available.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

설명

Red Hat build of Apache Camel 4.10.7 for Spring Boot patch release and security update is now available.

The purpose of this text-only errata is to inform you about the security issues
fixed.

Security Fix(es):

  • spring-security-core: Spring Security authorization bypass (CVE-2025-41248)
  • spring-core: Spring Framework Annotation Detection Vulnerability (CVE-2025-41249)
  • spring-core-test: Spring Framework Annotation Detection Vulnerability (CVE-2025-41249)
  • org.springframework/spring-core: Spring Framework Annotation Detection Vulnerability (CVE-2025-41249)
  • org.eclipse.jgit: XXE vulnerability in Eclipse JGit (CVE-2025-4949)
  • netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions (CVE-2025-58056)
  • netty-codec-http2: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions (CVE-2025-58056)
  • minio: minio-java Client XML Tag is Vulnerable to Value Substitution (CVE-2025-59952)
  • io.minio/minio: minio-java Client XML Tag is Vulnerable to Value Substitution (CVE-2025-59952)

솔루션

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

영향을 받는 제품

  • Red Hat Integration - Camel for Spring Boot 1 x86_64

수정

  • BZ - 2367730 - CVE-2025-4949 org.eclipse.jgit: XXE vulnerability in Eclipse JGit
  • BZ - 2392996 - CVE-2025-58056 netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions
  • BZ - 2395723 - CVE-2025-41248 org.springframework.security/spring-security-core: Spring Security authorization bypass
  • BZ - 2395725 - CVE-2025-41249 org.springframework/spring-core: Spring Framework Annotation Detection Vulnerability
  • BZ - 2400380 - CVE-2025-59952 io.minio/minio: minio-java Client XML Tag is Vulnerable to Value Substitution

Red Hat 제품 보안팀 연락처는 secalert@redhat.com입니다. https://access.redhat.com/security/team/contact/에 더 많은 연락처 정보가 있습니다.