The following advisory data is extracted from: https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7612.json Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. - Packet Storm Staff ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat build of Quarkus 3.2.9 release and security update Advisory ID: RHSA-2023:7612-03 Product: Red Hat build of Quarkus Advisory URL: https://access.redhat.com/errata/RHSA-2023:7612 Issue date: 2023-12-20 Revision: 03 CVE Names: CVE-2023-6394 ==================================================================== Summary: A new release of the Red Hat build of Quarkus is now available. This new release comes packed with a host of enhancements, bug fixes, and security fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE links in the References section. Description: This release of Red Hat build of Quarkus 3.2.9 includes security updates, bug fixes, and enhancements. Security Fix(es): * CVE-2023-39410 avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK [quarkus-3.2] * CVE-2023-43642 snappy-java: Missing upper bound check on chunk length in snappy-java can lead to Denial of Service (DoS) impact [quarkus-3.2] For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: https://access.redhat.com/articles/11258 CVEs: CVE-2023-6394 References: https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=redhat.quarkus&downloadType=distributions&version=3.2.9 https://access.redhat.com/documentation/en-us/red_hat_build_of_quarkus/3.2/ https://access.redhat.com/articles/4966181#RHBQ_3_2_x https://bugzilla.redhat.com/show_bug.cgi?id=2241722 https://bugzilla.redhat.com/show_bug.cgi?id=2242521 https://issues.redhat.com/browse/QUARKUS-3339 https://issues.redhat.com/browse/QUARKUS-3367 https://issues.redhat.com/browse/QUARKUS-3563 https://issues.redhat.com/browse/QUARKUS-3564 https://issues.redhat.com/browse/QUARKUS-3565 https://issues.redhat.com/browse/QUARKUS-3566 https://issues.redhat.com/browse/QUARKUS-3567 https://issues.redhat.com/browse/QUARKUS-3568 https://issues.redhat.com/browse/QUARKUS-3569 https://issues.redhat.com/browse/QUARKUS-3570 https://issues.redhat.com/browse/QUARKUS-3571 https://issues.redhat.com/browse/QUARKUS-3572 https://issues.redhat.com/browse/QUARKUS-3573 https://issues.redhat.com/browse/QUARKUS-3662 https://issues.redhat.com/browse/QUARKUS-3663 https://issues.redhat.com/browse/QUARKUS-3664 https://issues.redhat.com/browse/QUARKUS-3665 https://issues.redhat.com/browse/QUARKUS-3666 https://issues.redhat.com/browse/QUARKUS-3667 https://issues.redhat.com/browse/QUARKUS-3668 https://issues.redhat.com/browse/QUARKUS-3669 https://issues.redhat.com/browse/QUARKUS-3670 https://issues.redhat.com/browse/QUARKUS-3671 https://issues.redhat.com/browse/QUARKUS-3672 https://issues.redhat.com/browse/QUARKUS-3673 https://issues.redhat.com/browse/QUARKUS-3674 https://issues.redhat.com/browse/QUARKUS-3675 https://issues.redhat.com/browse/QUARKUS-3676 https://issues.redhat.com/browse/QUARKUS-3677 https://issues.redhat.com/browse/QUARKUS-3678 https://issues.redhat.com/browse/QUARKUS-3679 https://issues.redhat.com/browse/QUARKUS-3680 https://issues.redhat.com/browse/QUARKUS-3681 https://issues.redhat.com/browse/QUARKUS-3682 https://issues.redhat.com/browse/QUARKUS-3683 https://issues.redhat.com/browse/QUARKUS-3685 https://issues.redhat.com/browse/QUARKUS-3686 https://issues.redhat.com/browse/QUARKUS-3687 https://issues.redhat.com/browse/QUARKUS-3688 https://issues.redhat.com/browse/QUARKUS-3689 https://issues.redhat.com/browse/QUARKUS-3690 https://issues.redhat.com/browse/QUARKUS-3691 https://issues.redhat.com/browse/QUARKUS-3692 https://issues.redhat.com/browse/QUARKUS-3693 https://issues.redhat.com/browse/QUARKUS-3694 https://issues.redhat.com/browse/QUARKUS-3695 https://issues.redhat.com/browse/QUARKUS-3696 https://issues.redhat.com/browse/QUARKUS-3697 https://issues.redhat.com/browse/QUARKUS-3698 https://issues.redhat.com/browse/QUARKUS-3699 https://issues.redhat.com/browse/QUARKUS-3700 https://issues.redhat.com/browse/QUARKUS-3701 https://issues.redhat.com/browse/QUARKUS-3702 https://issues.redhat.com/browse/QUARKUS-3703 https://issues.redhat.com/browse/QUARKUS-3704 https://issues.redhat.com/browse/QUARKUS-3705 https://issues.redhat.com/browse/QUARKUS-3706 https://issues.redhat.com/browse/QUARKUS-3707 https://issues.redhat.com/browse/QUARKUS-3708 https://issues.redhat.com/browse/QUARKUS-3709 https://issues.redhat.com/browse/QUARKUS-3710 https://issues.redhat.com/browse/QUARKUS-3711 https://issues.redhat.com/browse/QUARKUS-3712 https://issues.redhat.com/browse/QUARKUS-3713 https://issues.redhat.com/browse/QUARKUS-3714 https://issues.redhat.com/browse/QUARKUS-3715 https://issues.redhat.com/browse/QUARKUS-3716 https://issues.redhat.com/browse/QUARKUS-3717 https://issues.redhat.com/browse/QUARKUS-3718 https://issues.redhat.com/browse/QUARKUS-3719 https://issues.redhat.com/browse/QUARKUS-3720 https://issues.redhat.com/browse/QUARKUS-3721 https://issues.redhat.com/browse/QUARKUS-3722 https://issues.redhat.com/browse/QUARKUS-3723 https://issues.redhat.com/browse/QUARKUS-3724 https://issues.redhat.com/browse/QUARKUS-3725 https://issues.redhat.com/browse/QUARKUS-3726 https://issues.redhat.com/browse/QUARKUS-3727 https://issues.redhat.com/browse/QUARKUS-3728 https://issues.redhat.com/browse/QUARKUS-3729 https://issues.redhat.com/browse/QUARKUS-3730 https://issues.redhat.com/browse/QUARKUS-3731 https://issues.redhat.com/browse/QUARKUS-3732 https://issues.redhat.com/browse/QUARKUS-3733 https://issues.redhat.com/browse/QUARKUS-3734 https://issues.redhat.com/browse/QUARKUS-3735 https://issues.redhat.com/browse/QUARKUS-3736 https://issues.redhat.com/browse/QUARKUS-3737 https://issues.redhat.com/browse/QUARKUS-3738 https://issues.redhat.com/browse/QUARKUS-3739 https://issues.redhat.com/browse/QUARKUS-3740 https://issues.redhat.com/browse/QUARKUS-3741 https://issues.redhat.com/browse/QUARKUS-3742 https://issues.redhat.com/browse/QUARKUS-3743 https://issues.redhat.com/browse/QUARKUS-3744 https://issues.redhat.com/browse/QUARKUS-3746 https://issues.redhat.com/browse/QUARKUS-3747 https://issues.redhat.com/browse/QUARKUS-3749 https://issues.redhat.com/browse/QUARKUS-3750 https://issues.redhat.com/browse/QUARKUS-3751 https://issues.redhat.com/browse/QUARKUS-3752 https://issues.redhat.com/browse/QUARKUS-3753 https://issues.redhat.com/browse/QUARKUS-3754 https://issues.redhat.com/browse/QUARKUS-3755 https://issues.redhat.com/browse/QUARKUS-3756