RHSA-2022:8524: Important: Red Hat Data Grid 8.4.0 security update
First published: Thu Nov 17 2022(Updated: )
Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale.<br>Data Grid 8.4.0 replaces Data Grid 8.3.1 and includes bug fixes and enhancements. Find out more about Data Grid 8.4.0 in the Release Notes[3].<br>Security Fix(es):<br><li> prismjs: improperly escaped output allows a XSS (CVE-2022-23647)</li> <li> snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)</li> <li> node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)</li> <li> netty: world readable temporary file containing sensitive data (CVE-2022-24823)</li> <li> snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)</li> <li> snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)</li> <li> snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)</li> <li> snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat JBoss Data Grid |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=2044591
- https://bugzilla.redhat.com/show_bug.cgi?id=2056643
- https://bugzilla.redhat.com/show_bug.cgi?id=2087186
- https://bugzilla.redhat.com/show_bug.cgi?id=2126789
- https://bugzilla.redhat.com/show_bug.cgi?id=2129706
- https://bugzilla.redhat.com/show_bug.cgi?id=2129707
- https://bugzilla.redhat.com/show_bug.cgi?id=2129709
- https://bugzilla.redhat.com/show_bug.cgi?id=2129710
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=70381&product=data.grid&version=8.4&downloadType=patches
- https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.4/html-single/red_hat_data_grid_8.4_release_notes/index
- https://access.redhat.com/errata/RHSA-2022:8524 (Advisory)
Frequently Asked Questions
What is the severity of RHSA-2022:8524?
The severity of RHSA-2022:8524 is classified as important due to its potential impact on system stability and performance.
How do I fix RHSA-2022:8524?
To fix RHSA-2022:8524, you should upgrade to Data Grid version 8.4.0 or later as recommended in the advisory.
What vulnerabilities are addressed in RHSA-2022:8524?
RHSA-2022:8524 addresses multiple vulnerabilities related to performance and stability in Red Hat Data Grid.
When was RHSA-2022:8524 released?
RHSA-2022:8524 was released on December 20, 2022.
Is a restart required after applying the fix for RHSA-2022:8524?
Yes, a restart of the Red Hat Data Grid service is typically required after applying the fix for RHSA-2022:8524.
- agent/references
- agent/severity
- agent/type
- agent/event
- agent/last-modified-date
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2022:8524
- agent/first-publish-date
- agent/trending
- agent/weakness
- agent/title
- agent/remedy
- agent/description
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup