First published: Tue Oct 17 2023(Updated: )
A security update for Camel Extensions for Quarkus 2.13.3 is now available (updates to RHBQ 2.13.8.SP3). The purpose of this text-only erratum is to inform you about the security issues fixed.<br>Security Fix(es):<br><li> netty-codec-http2: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)</li> A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.<br><li> jetty-<a href="http:" target="_blank">http:</a> jetty: Improper validation of HTTP/1 content-length (CVE-2023-40167)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software | Affected Version | How to fix |
---|---|---|
Red Hat Quarkus |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of RHSA-2023:5780 is high.
The affected software of RHSA-2023:5780 is Red Hat Integration - Camel Extensions for Quarkus version 2.13.3.
To fix RHSA-2023:5780, apply the security update provided by Red Hat.
You can find more information about RHSA-2023:5780 on the Red Hat customer portal or Bugzilla.