-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Integration Camel for Spring Boot 3.18.3 Patch 1 security update Advisory ID: RHSA-2023:2099-01 Product: Red Hat Integration Advisory URL: https://access.redhat.com/errata/RHSA-2023:2099 Issue date: 2023-05-03 CVE Names: CVE-2023-1370 CVE-2023-20863 ===================================================================== 1. Summary: A patch is now available for Camel for Spring Boot 3.18.3. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: A patch is now available for Camel for Spring Boot 3.18.3. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Security Fix(es): * json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370) * springframework: Spring Expression DoS Vulnerability (CVE-2023-20863) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2187742 - CVE-2023-20863 springframework: Spring Expression DoS Vulnerability 2188542 - CVE-2023-1370 json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) 5. References: https://access.redhat.com/security/cve/CVE-2023-1370 https://access.redhat.com/security/cve/CVE-2023-20863 https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q2 https://access.redhat.com/security/updates/classification/#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZFKfltzjgjWX9erEAQgfdA//aIBhg/n25A/aVDKJ7FGiZcyA0noGxS/A HwLrbg/oI+yE54Hbqm1+YrZ5wJZKJHoryxqKE0p3rLgZdlXcaq+ceJfx+GJlyTCN fTxZ4ef1OWo8MOZoQA3bbuF1nQrDuVMADWSscAJ2vACb0mBQ/QItfjHhIG8bbmdN MCpBstXycTx2OWcrMYByxhR12Pa8OM08gvr5mek+TkkVCm1PVHUoErzEc2xMfRPE LbQ2VUaKGhNdhJA7rOCFnRZgjA3oYzm6hD4C8fiTSMd/byHZD1ZnG5UKMP8C2FSY OOo1nRGz7/huNFXpiBEEUrd4IDXN7kr3EkNaeIMGj2HOtnkvsFIYV9jpKcc4G+FZ m97BZxaTXtOmixlHLZrH3SbfU9Ur7G1/mxXoWDmufMb5kMiDjcN/P7zNvn0T/bmb sCsfaHJqBCyS1oOm7/pqoOJyVuzBx0FVDYQqIaW+feDgvhcAAn5ScRlcuvV4Pl4Z MUi0oo0GzXlgnsGfmYQaAEhYKp3O7OlymyVZ0FUlrESI5g/RHMuRf7O5TNxSMNPx rbEcGdh8b0PwmvOGlvr+fF3iPI7HcjpRUi/T33LhLkjFxTRQltfXAeY3TV4YRmIm GKX3cFrTC17Xvm6v6DtzmYaoj5U0Ds0p6aRq4ijuvltAwb/LR1MUdTWUuPeBMqFg /2Ns+oiCSlQ= =Iv7o -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce