RHSA-2024:7052: Important: Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.GA)
First published: Tue Sep 24 2024(Updated: )
An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.GA).<br>The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products:<br><li> CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in </li> <li> CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.r5: XXE vulnerability in XSLT transforms in </li> <li> CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.r4: XXE vulnerability in XSLT transforms in </li> <li> CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.dstu3: XXE vulnerability in XSLT transforms in </li> <li> CVE-2024-45294 ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may: XXE vulnerability in XSLT transforms in </li> <li> CVE-2024-8391 io.vertx/vertx-grpc-server: Vertx gRPC server does not limit the maximum message size</li> <li> CVE-2024-8391 io.vertx/vertx-grpc-client: Vertx gRPC server does not limit the maximum message size</li> <li> CVE-2024-32007 org.apache.cxf/cxf-rt-rs-security-jose: apache: cxf: org.apache.cxf:cxf-rt-rs-security-jose: Denial of Service vulnerability in JOSE</li> <li> CVE-2024-41172 org.apache.cxf/cxf-rt-transports-<a href="http:" target="_blank">http:</a> unrestricted memory consumption in CXF HTTP clients</li> <li> CVE-2024-35255 com.azure/azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity</li>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Red Hat Build of Apache Camel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/errata/RHSA-2024:7052 (Advisory)
- https://bugzilla.redhat.com/show_bug.cgi?id=2295081
- https://bugzilla.redhat.com/show_bug.cgi?id=2298828
- https://bugzilla.redhat.com/show_bug.cgi?id=2298829
- https://bugzilla.redhat.com/show_bug.cgi?id=2309758
- https://bugzilla.redhat.com/show_bug.cgi?id=2310447
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/security/cve/CVE-2024-45294
- https://access.redhat.com/security/cve/CVE-2024-8391
- https://access.redhat.com/security/cve/CVE-2024-32007
- https://access.redhat.com/security/cve/CVE-2024-41172
- https://access.redhat.com/security/cve/CVE-2024-35255
- collector/redhat-errata-latest
- source/Red Hat
- anchor-id/RHSA-2024:7052
- agent/software-canonical-lookup
- agent/severity
- agent/softwarecombine
- agent/type
- agent/references
- agent/remedy
- agent/title
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- collector/redhat-errata
- vendor/red hat
- canonical/red hat red hat build of apache camel