First published: Mon Feb 08 2021(Updated: )
Red Hat Data Grid is a distributed, in-memory data store.<br>This release of Red Hat Data Grid 8.1.1 serves as a replacement for Red Hat Data Grid 8.1.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.<br>Security Fix(es):<br><li> wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL (CVE-2020-25644)</li> <li> XStream: remote code execution due to insecure XML deserialization when relying on blocklists (CVE-2020-26217)</li> <li> infinispan: authorization check missing for server management operations (CVE-2020-25711)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software | Affected Version | How to fix |
---|---|---|
Red Hat JBoss Data Grid |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity is classified as important, indicating a medium level of risk.
You can resolve RHSA-2021:0433 by upgrading to Red Hat Data Grid version 8.1.1.
RHSA-2021:0433 addresses multiple bugs and enhancements from the prior version.
RHSA-2021:0433 affects Red Hat Data Grid version 8.1.0.
No, RHSA-2021:0433 is categorized as an important update, not critical.