-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: prometheus-jmx-exporter security update Advisory ID: RHSA-2020:4807-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4807 Issue date: 2020-11-03 CVE Names: CVE-2017-18640 ==================================================================== 1. Summary: An update for prometheus-jmx-exporter is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - noarch 3. Description: Prometheus JMX Exporter is a JMX to Prometheus exporter: a collector that can be configured to scrape and expose MBeans of a JMX target. Security Fix(es): * snakeyaml: Billion laughs attack via alias feature (CVE-2017-18640) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1785376 - CVE-2017-18640 snakeyaml: Billion laughs attack via alias feature 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: prometheus-jmx-exporter-0.12.0-6.el8.src.rpm noarch: prometheus-jmx-exporter-0.12.0-6.el8.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-18640 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX6I2a9zjgjWX9erEAQgTog/+NO074oqVit4x18c1OZ8b72VgQ8Vnmv3H XvRhkrt+ybMvE7nvbvs2fJut0iyp1zS3cYKdGy3KF1yxBV6/BKlP7zHzH9IVc2y4 mVuKJ882pjXy93rk7a/aGI/8/MeZZ7D/TO8fBHgU5Iuxk8VmCR1sJuTgZt3DvQJ5 o1fQmQbebohDziTq2aObKBBooqVKv/UO2TCpsITCO4/UQ15AYaIr1Lx5ZEUPZdqp j49gLa+Jb73+kUdjdSYVlz8FvlztvQakmKopmoK3QUKYUKztkSOIfFdYMsc2Sree hNTIZ3adXpcUN+wSX+FjTkR51YTQTvdxd1AjQI0pi3wuskza/1NwHkMvYke8oZVk XOv9zYI0rn7kU8EkOCz9V7nI/FVVKhZdki+wdpAbhAqMCSP8sUIgsHCM48trzK3x JMl9FSSN8qovRD5COFPt5ltAf28XbiA2i4UAS3GmNLtLOApwe16kYIaPUBzXAEfQ FpjWKdAY4XOx7ez59ku/PgT7gWvimYOpuqLzuBI6UOqxGez6zwytPC+Bxrcm7UbZ /TDMP9H3fKfEiDRwVg6tubOtwQ8IfgR32wXC8nhitBNbzZ4C7TTbKoMSgTglXgkH mFAFaGdASYzRvOeCojlMar/aCf1F/QK6uFHk3mg8ms3iXN4Q67iTQNnviwWJga4Z 11faIrAWj9A=JQyi -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce