RHSA-2023:7705: Important: Red Hat Build of Apache Camel for Quarkus 2.13.3 security update (RHBQ 2.13.9.Final)

First published: Thu Dec 07 2023(Updated: )

A security update for Red Hat Build of Apache Camel for Quarkus 2.13.3 is now available (updates to RHBQ 2.13.9.Final). The purpose of this text-only errata is to inform you about the security issues fixed.<br> Red Hat Product Security has rated this update as having an impact of Important.<br>A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.<br>Security Fix(es):<br><li> CVE-2023-5072 JSON-java: parser confusion leads to OOM</li> <li> CVE-2023-39410 avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK</li> <li> CVE-2023-35887 sshd-common: apache-mina-sshd: information exposure in SFTP server implementations</li> <li> CVE-2023-34462 netty: SniHandler 16MB allocation leads to OOM</li> <li> CVE-2023-34455 snappy-java: Unchecked chunk length leads to DoS</li>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/type
• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2023:7705
• agent/source
• agent/description
• agent/references
• agent/remedy
• agent/title
• agent/severity
• agent/last-modified-date
• agent/first-publish-date
• agent/event
• agent/tags
• agent/softwarecombine
• collector/redhat-errata-latest
• agent/software-canonical-lookup-request
• vendor/red hat
• canonical/red hat quarkus