Red Hat Security Advisory 2024-1662-03 ≈ Packet Storm

Home^[1] Files^[2] News^[3] &[SERVICES_TAB] Contact^[4] Add New^[5]

Change Mirror^[15] Download^[16]

        
The following advisory data is extracted from:
https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1662.json
Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.
- Packet Storm Staff
====================================================================
Red Hat Security Advisory
Synopsis:           Important: Red Hat build of Quarkus 3.2.11 release and security update
Advisory ID:        RHSA-2024:1662-03
Product:            Red Hat build of Quarkus
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1662
Issue date:         2024-04-03
Revision:           03
CVE Names:          CVE-2024-1023
====================================================================
Summary: 
An update is now available for Red Hat build of Quarkus.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a
detailed severity rating, is available for each vulnerability. For more
information, see the CVE links in the References section.
Description:
This release of Red Hat build of Quarkus 3.2.11 includes security updates,
bug fixes, and enhancements. For more information, see the release notes page
listed in the References section.
Security Fix(es):
* CVE-2024-1597 org.postgresql/postgresql: pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE [quarkus-3.2]
* CVE-2024-1979 io.quarkus/quarkus-kubernetes-deployment: quarkus: information leak in annotation [quarkus-3.2]
* CVE-2024-1726 io.quarkus.resteasy.reactive/resteasy-reactive: quarkus: security checks for some inherited endpoints performed after serialization in RESTEasy Reactive may trigger a denial of service [quarkus-3.2]
* CVE-2024-25710 org.apache.commons/commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file [quarkus-3.2]
* CVE-2024-26308 org.apache.commons/commons-compress: OutOfMemoryError unpacking broken Pack200 file [quarkus-3.2]
* CVE-2024-1300 io.vertx/vertx-core: io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support [quarkus-3.2]
* CVE-2024-1023 io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx [quarkus-3.2]
Solution:
https://access.redhat.com/articles/11258
CVEs:
CVE-2024-1023
References:
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_build_of_quarkus/3.2/
https://access.redhat.com/articles/4966181
https://bugzilla.redhat.com/show_bug.cgi?id=2260840
https://bugzilla.redhat.com/show_bug.cgi?id=2263139
https://bugzilla.redhat.com/show_bug.cgi?id=2264988
https://bugzilla.redhat.com/show_bug.cgi?id=2264989
https://bugzilla.redhat.com/show_bug.cgi?id=2265158
https://bugzilla.redhat.com/show_bug.cgi?id=2266523
https://bugzilla.redhat.com/show_bug.cgi?id=2266690
https://issues.redhat.com/browse/QUARKUS-4022
https://issues.redhat.com/browse/QUARKUS-4036
https://issues.redhat.com/browse/QUARKUS-4097
https://issues.redhat.com/browse/QUARKUS-4103
https://issues.redhat.com/browse/QUARKUS-4104
https://issues.redhat.com/browse/QUARKUS-4106

• Follow us on Twitter^[19]
• Follow us on Facebook^[20]
• Subscribe to an RSS Feed^[21]

File Tags

• ActiveX^[22] (933)
• Advisory^[23] (84,704)
• Arbitrary^[24] (16,634)
• BBS^[25] (2,859)
• Bypass^[26] (1,826)
• CGI^[27] (1,032)
• Code Execution^[28] (7,628)
• Conference^[29] (688)
• Cracker^[30] (844)
• CSRF^[31] (3,373)
• DoS^[32] (24,511)
• Encryption^[33] (2,383)
• Exploit^[34] (52,752)
• File Inclusion^[35] (4,251)
• File Upload^[36] (984)
• Firewall^[37] (822)
• Info Disclosure^[38] (2,844)
• Intrusion Detection^[39] (906)
• Java^[40] (3,118)
• JavaScript^[41] (889)
• Kernel^[42] (6,998)
• Local^[43] (14,705)
• Magazine^[44] (586)
• Overflow^[45] (13,033)
• Perl^[46] (1,430)
• PHP^[47] (5,187)
• Proof of Concept^[48] (2,367)
• Protocol^[49] (3,694)
• Python^[50] (1,599)
• Remote^[51] (31,381)
• Root^[52] (3,617)
• Rootkit^[53] (521)
• Ruby^[54] (619)
• Scanner^[55] (1,650)
• Security Tool^[56] (7,974)
• Shell^[57] (3,246)
• Shellcode^[58] (1,217)
• Sniffer^[59] (900)
• Spoof^[60] (2,257)
• SQL Injection^[61] (16,520)
• TCP^[62] (2,423)
• Trojan^[63] (688)
• UDP^[64] (897)
• Virus^[65] (668)
• Vulnerability^[66] (32,560)
• Web^[67] (9,863)
• Whitepaper^[68] (3,772)
• x86^[69] (967)
• XSS^[70] (18,156)
• Other^[71]

File Archives

• April 2024^[72]
• March 2024^[73]
• February 2024^[74]
• January 2024^[75]
• December 2023^[76]
• November 2023^[77]
• October 2023^[78]
• September 2023^[79]
• August 2023^[80]
• July 2023^[81]
• June 2023^[82]
• May 2023^[83]
• Older^[84]

Systems

• AIX^[85] (429)
• Apple^[86] (2,078)
• BSD^[87] (376)
• CentOS^[88] (58)
• Cisco^[89] (1,927)
• Debian^[90] (7,001)
• Fedora^[91] (1,693)
• FreeBSD^[92] (1,246)
• Gentoo^[93] (4,467)
• HPUX^[94] (880)
• iOS^[95] (373)
• iPhone^[96] (108)
• IRIX^[97] (220)
• Juniper^[98] (69)
• Linux^[99] (49,103)
• Mac OS X^[100] (691)
• Mandriva^[101] (3,105)
• NetBSD^[102] (256)
• OpenBSD^[103] (488)
• RedHat^[104] (15,421)
• Slackware^[105] (941)
• Solaris^[106] (1,611)
• SUSE^[107] (1,444)
• Ubuntu^[108] (9,411)
• UNIX^[109] (9,384)
• UnixWare^[110] (187)
• Windows^[111] (6,645)
• Other^[112]

© 2022 Packet Storm. All rights reserved.

Read more https://packetstormsecurity.com/files/177933/RHSA-2024-1662-03.txt