- Vulnerability/
- RHSA-2022:0203
RHSA-2022:0203: Critical: Red Hat Fuse 7.8-7.10 security update
First published: Thu Jan 20 2022(Updated: )
The releases of Red Hat Fuse 7.8.2, 7.9.1 and 7.10.1 serve as a patch to Red Hat Fuse on Karaf and Red Hat Fuse on Spring Boot and includes security fixes, which are documented in the Release Notes document linked to in the References.<br>Security Fix(es):<br><li> log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)</li> <li> log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)</li> <li> log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)</li> <li> log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fuse | >=7.8.2<=7.10.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=2030932
- https://bugzilla.redhat.com/show_bug.cgi?id=2032580
- https://bugzilla.redhat.com/show_bug.cgi?id=2034067
- https://bugzilla.redhat.com/show_bug.cgi?id=2035951
- https://access.redhat.com/security/updates/classification/#critical
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=jboss.fuse&version=7.08.0
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=jboss.fuse&version=7.09.0
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=jboss.fuse&version=7.10.0
- https://access.redhat.com/security/vulnerabilities/RHSB-2021-009
- https://access.redhat.com/errata/RHSA-2022:0203 (Advisory)
Frequently Asked Questions
What is the severity of RHSA-2022:0203?
The severity of RHSA-2022:0203 is classified as critical due to the impact of the log4j-core vulnerability.
How do I fix RHSA-2022:0203?
To fix RHSA-2022:0203, update your Red Hat Fuse installations to versions 7.8.2, 7.9.1, or 7.10.1.
What products are affected by RHSA-2022:0203?
RHSA-2022:0203 affects Red Hat Fuse on Karaf and Red Hat Fuse on Spring Boot.
When was RHSA-2022:0203 released?
RHSA-2022:0203 was released on February 23, 2022.
What security vulnerabilities are addressed in RHSA-2022:0203?
RHSA-2022:0203 addresses vulnerabilities related to log4j-core that could allow remote code execution.
- agent/references
- agent/type
- agent/event
- agent/severity
- agent/last-modified-date
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2022:0203
- agent/first-publish-date
- agent/trending
- agent/title
- agent/remedy
- agent/description
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/red hat
- canonical/fuse