RHSA-2023:3809: Moderate: Red Hat build of Quarkus 2.13.8 release and security update
First published: Thu Jun 29 2023(Updated: )
This release of Red Hat build of Quarkus 2.13.8 includes security updates, bug<br>fixes, and enhancements. For more information, see the release notes page listed in the References section.<br>Security Fixes:<br><li> CVE-2023-1436 jettison: Uncontrolled Recursion in JSONArray [quarkus-2]</li> <li> CVE-2023-26053 gradle: usage of long IDs for PGP keys is unsafe and is subject to collision attacks [quarkus-2]</li> <li> CVE-2023-28867 graphql-java: crafted GraphQL query causes stack consumption [quarkus-2]</li> <li> CVE-2023-1584 quarkus-oidc: ID and access tokens leak via the authorization code flow [quarkus-2]</li> <li> CVE-2023-0482 RESTEasy: creation of insecure temp files [quarkus-2]</li> <li> CVE-2022-3782 keycloak: path traversal via double URL encoding [quarkus-2]</li> <li> CVE-2023-0481 io.quarkus-quarkus-parent: quarkus: insecure permissions on temp files [quarkus-2]</li> <li> CVE-2022-45787 apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider [quarkus-2]</li> For more information about the security issues, including the impact, a CVSS<br>score, acknowledgments, and other related information, see the CVE links listed in the References section.
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=2158916
- https://bugzilla.redhat.com/show_bug.cgi?id=2163533
- https://bugzilla.redhat.com/show_bug.cgi?id=2166004
- https://bugzilla.redhat.com/show_bug.cgi?id=2174854
- https://bugzilla.redhat.com/show_bug.cgi?id=2180886
- https://bugzilla.redhat.com/show_bug.cgi?id=2181977
- https://bugzilla.redhat.com/show_bug.cgi?id=2182788
- https://bugzilla.redhat.com/show_bug.cgi?id=2211026
- https://issues.redhat.com/browse/QUARKUS-2672
- https://issues.redhat.com/browse/QUARKUS-2787
- https://issues.redhat.com/browse/QUARKUS-2846
- https://issues.redhat.com/browse/QUARKUS-2978
- https://issues.redhat.com/browse/QUARKUS-3158
- https://issues.redhat.com/browse/QUARKUS-3159
- https://issues.redhat.com/browse/QUARKUS-3161
- https://issues.redhat.com/browse/QUARKUS-3164
- https://issues.redhat.com/browse/QUARKUS-3167
- https://issues.redhat.com/browse/QUARKUS-3168
- https://issues.redhat.com/browse/QUARKUS-3169
- https://issues.redhat.com/browse/QUARKUS-3170
- https://issues.redhat.com/browse/QUARKUS-3173
- https://issues.redhat.com/browse/QUARKUS-3174
- https://issues.redhat.com/browse/QUARKUS-3175
- https://issues.redhat.com/browse/QUARKUS-3176
- https://issues.redhat.com/browse/QUARKUS-3177
- https://issues.redhat.com/browse/QUARKUS-3178
- https://issues.redhat.com/browse/QUARKUS-3179
- https://issues.redhat.com/browse/QUARKUS-3181
- https://issues.redhat.com/browse/QUARKUS-3184
- https://issues.redhat.com/browse/QUARKUS-3185
- https://issues.redhat.com/browse/QUARKUS-3187
- https://issues.redhat.com/browse/QUARKUS-3188
- https://issues.redhat.com/browse/QUARKUS-3191
- https://issues.redhat.com/browse/QUARKUS-3194
- https://issues.redhat.com/browse/QUARKUS-3195
- https://issues.redhat.com/browse/QUARKUS-3205
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_build_of_quarkus/2.13/
- https://access.redhat.com/articles/4966181
- https://access.redhat.com/errata/RHSA-2023:3809 (Advisory)
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2023:3809
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness