RHSA-2026:4285 - Security Advisory

标题

Red Hat build of Debezium connectors in version 3.2.7 are now available for Red Hat Application Foundations.

描述

Debezium is a distributed platform that turns your existing databases into event streams, so applications can see and respond immediately to each row-level change in the databases.

Debezium is built on top of Apache Kafka and provides Kafka Connect compatible connectors that monitor specific database management systems. Debezium records the history of data changes in Kafka logs, from where your application consumes them. This makes it possible for your application to easily consume all of the events correctly and completely. Even if your application stops unexpectedly, it will not miss anything: when the application restarts, it will resume consuming the events where it left off.

In addition this errata fixes two security issues

mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects (CVE-2026-27727)
c3p0: Arbitrary Code Execution via deserialization of crafted objects (CVE-2026-27830)

解决方案

To apply this update, follow the standard installation procedure for your platform:

• https://docs.redhat.com/en/documentation/red_hat_build_of_debezium/3.2.7/html-single/installing_debezium_on_openshift/index

https://docs.redhat.com/en/documentation/red_hat_build_of_debezium/3.2.7/html-single/installing_debezium_on_rhel/index

受影响的产品

• Red Hat Integration Text-Only Advisories x86_64
• Red Hat Integration 1 x86_64

修复

CVE

• CVE-2026-27727
• CVE-2026-27830

参考

• https://access.redhat.com/security/updates/classification/#important