Return-Path:
Delivered-To: csiway@dedi-4568888.klamss.com.br
Received: from dedi-4568888.klamss.com.br
by dedi-4568888.klamss.com.br with LMTP
id WLovE17XmWMYPQAA56lGvA
(envelope-from )
for ; Wed, 14 Dec 2022 11:02:06 -0300
Return-path:
Envelope-to: douglas.doring@csiway.com.br
Delivery-date: Wed, 14 Dec 2022 11:02:06 -0300
Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:20390)
by dedi-4568888.klamss.com.br with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95)
(envelope-from )
id 1p5SKY-0004lr-2M
for douglas.doring@csiway.com.br;
Wed, 14 Dec 2022 11:02:06 -0300
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
s=mimecast20190719; t=1671026468;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:mime-version:mime-version:content-type:content-type:
content-transfer-encoding:content-transfer-encoding;
bh=N28PhSqmHBaINxcLHBFHltng4x6Wem68tOwixF0LXTM=;
b=fi1TRRXJs4v2LYUAN1z/zH9reuMkbvnqBa1RJxfUaIXlCK8BWmJ2HDK0Iq4zLdOJZA9nEw
yReIFwVj7UahsIziMKD2T8Ian2FKY3RWnLtnUb+UJgLTwn/CCrFwn//6iKy/dqMvxKQ3yS
LZ9EsCpy6HloxmzFQLYcwFM8UfHNFKk=
Received: from mx-prod-util-04.mail-002.prod.us-west-2.aws.redhat.com
(ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by
relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
cipher=TLS_AES_256_GCM_SHA384) id us-mta-278-tFSA-_zvO2q9GIlmjnNhmg-1; Wed,
14 Dec 2022 09:01:02 -0500
X-MC-Unique: tFSA-_zvO2q9GIlmjnNhmg-1
Received: from errata-notifications-prod-e1-general-98-jq8jw (unknown [10.30.45.122])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
(No client certificate requested)
by mx-prod-util-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPSA id 0F0341965417
for ; Wed, 14 Dec 2022 14:00:45 +0000 (UTC)
From: Red Hat Errata Notifications
To: douglas.doring@csiway.com.br
Message-ID: <851684271.123731671026446160.JavaMail.1001510000@mx-util.corp.redhat.com>
Subject: [Security Advisory] RHSA-2022:8761 Moderate: Red Hat support for
Spring Boot 2.7.2 update
MIME-Version: 1.0
Date: Wed, 14 Dec 2022 14:00:45 +0000 (UTC)
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=0.6
X-Spam-Score: 6
X-Spam-Bar: /
X-Ham-Report: Spam detection software, running on the system "dedi-4568888.klamss.com.br",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: The following Red Hat Security Advisory has been published
which may affect subscriptions which you have purchased. RHSA-2022:8761 Moderate:
Red Hat support for Spring Boot 2.7.2 update Summary:
Content analysis details: (0.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
0.8 KAM_ASCII_DIVIDERS Spam that uses ascii formatting tricks
-0.0 DKIMWL_WL_HIGH DKIMwl.org - High trust sender
X-Spam-Flag: NO
The following Red Hat Security Advisory has been published which may affect
subscriptions which you have purchased.
RHSA-2022:8761 Moderate: Red Hat support for Spring Boot 2.7.2 update
Summary:
An update is now available for Red Hat OpenShift Application Runtimes.
Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.
This release of Red Hat support for Spring Boot 2.7.2 serves as a replacement for Red Hat support for Spring Boot 2.5.12, and includes security, bug fixes and enhancements. For more information, see the release notes listed in the References section.
Security Fix(es):
* reactor-netty: specific redirect configuration allows for a credentials leak (CVE-2020-5404)
* kubernetes-client: Insecure deserialization in unmarshalYaml method (CVE-2021-4178)
* protobuf-java: potential DoS in the parsing procedure for binary data (CVE-2021-22569)
* undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629) (CVE-2022-1259)
* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)
* spring-expression: Denial of service via specially crafted SpEL expression (CVE-2022-22950)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details and references:
https://access.redhat.com/errata/RHSA-2022:8761?sc_cid=701600000006NHXAA2
CVE Names:
CVE-2020-5404 CVE-2021-4178 CVE-2021-22569 CVE-2022-1259 CVE-2022-1319 CVE-2022-22950
Revision History:
Issue Date: 2022-12-14
Updated: 2022-12-14
----------------------------------------------------------------------------------------------
Manage Errata Notifications
----------------------------------------------------------------------------------------------
You are receiving this email because you have elected to receive errata notifications
from Red Hat. This message is being sent to:
Red Hat login: douglasdoring
Email address on file:
Update your preferences at https://www.redhat.com/wapps/ugc/protected/notif.html
----------------------------------------------------------------------------------------------
Contact
----------------------------------------------------------------------------------------------
The Red Hat security contact is secalert@redhat.com. More contact
details at https://access.redhat.com/security/team/contact/
This is an automated message. Please do not reply. If you have further questions or concerns,
please contact Red Hat Technical Support https://access.redhat.com/support/contact/technicalSupport/
or open a support case via the Red Hat Customer Portal https://access.redhat.com/support/cases/#/case/new/
Copyright 2022 Red Hat, Inc.