- Issued:
- 2023-11-30
- Updated:
- 2023-11-30
RHSA-2023:7617 - Important: Red Hat Build of Apache Camel for Quarkus 3.2.0 release RHBQ 3.2.9.Final -
Synopsis
Important: Red Hat Build of Apache Camel for Quarkus 3.2.0 release (RHBQ 3.2.9.Final)
Type/Severity
Security Advisory Important
Topic
Red Hat Build of Apache Camel for Quarkus 3.2.0 is now available (updates to RHBQ 3.2.9.Final). The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products
Description
Red Hat Build of Apache Camel for Quarkus 3.2.0 is now available (updates to RHBQ 3.2.9.Final). The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products:
- CVE-2023-39410 avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK
- CVE-2023-5072 JSON-java: parser confusion leads to OOM
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Build of Apache Camel | 1 | x86_64 |
Fixes
CVEs
References
- https://access.redhat.com/security/updates/classification/#important
- Content from access is not included.Content from access is not included.https://access/redhat/com/security/cve/CVE-2023-5072
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.