-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat build of Eclipse Vert.x 4.0.3 security update Advisory ID: RHSA-2021:0943-01 Product: Red Hat OpenShift Application Runtimes Advisory URL: https://access.redhat.com/errata/RHSA-2021:0943 Issue date: 2021-03-31 CVE Names: CVE-2021-21290 CVE-2021-21295 ==================================================================== 1. Summary: An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE pages listed in the References section. 2. Description: This release of Red Hat build of Eclipse Vert.x 4.0.3 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section. Security Fix(es): * netty: Information disclosure via the local system temporary directory (CVE-2021-21290) * netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295) For more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. 4. Bugs fixed (https://bugzilla.redhat.com/): 1927028 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory 1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation 5. References: https://access.redhat.com/security/cve/CVE-2021-21290 https://access.redhat.com/security/cve/CVE-2021-21295 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&productÊtRhoar.eclipse.vertx&version=4.0.3 https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/4.0/html/release_notes_for_eclipse_vert.x_4.0/index https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/4.0/html/eclipse_vert.x_4.0_migration_guide/index 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYGRDR9zjgjWX9erEAQh9IQ//ZWUE0Mj0hVag/gdeQVTB7VGQFbPje2oB Rl6J7IfOBLNRa/mUN6MP8NezNeNtW/FUk71TwkyoIO1gesFlCdbd02qFnac19JBs PADuR1kWKQlL6CsS9bhl4c84m3bw8AYqa7FsoOKjeWLcR2T3twafw0+LrL/aaUrd Kj3l68L5DIZWpQ/o8uCGHxmq5Gz1H6XvYsH6m9w3Jmvq6v5psm7rRofYsj3UgWS2 3Uvc0ICmVAkLK1mc2Fqby23mUt2zMDdDjb0yEOE7UyIYD8MMZmn74SOH0yl/ZRmD LmcFv8Se6TDEMCBwzVCXKCfE38GIx5Y0PiWpQ6NOmEziDmUFmWaOrHNvs98cgkd+ BKlLo98iBi0878oJpSImV0e5h/MzNi2R0EHUpdI6zWiMV+cqcPLpLr1N5xQqE1Q7 EH169GmOBqvUJxKh07bP8jICeJ3u8GssHwqQL5lQAV97AwVFc3JipIG922QhThMP acpi3dmOP9F+wIXyIhv61g7ZWohH0edwxVhN+2LxIcNMBGXQtOHvOecyDTTWEcVx gUJq2D/z4Y6aJPI5XaXrj4c0mtNGBMYqjWsQQdGdqPaFoIXq2UfZiNFIvIC4L/A+ 6DTfUy9IIaOcroSu20NVfH7vWi0RDHT8l7aml3zK84kieZAcAuYwo3i8W3U93ZB6 adeqT0ijyKI=aIC7 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce