Red Hat Security Advisory 2019-4037-01 - Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. This release of Red Hat Data Grid 7.3.2 serves as a replacement for Red Hat Data Grid 7.3.1 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Issues addressed include code execution and deserialization vulnerabilities.
ce5063bf6be7167b85f5a8239239b32a7d74c613a7d9c267b9bdd64794ace7c2
Red Hat Security Advisory 2019-3892-01 - This release of Red Hat Fuse 7.5.0 serves as a replacement for Red Hat Fuse 7.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, denial of service, deserialization, information leakage, and traversal vulnerabilities.
d033b077fbe5857e973c9773a4c3ebbcdddde8391b77c6d861aa36baf37bde9f
Red Hat Security Advisory 2019-3149-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains an update for jackson-databind in the logging-elasticsearch5 container image for Red Hat OpenShift Container Platform 3.11.153. Issues addressed include code execution, denial of service, and deserialization vulnerabilities.
5b5749c71d52c3690eb137ec23b207f4283a94baacb4c994ead4402f6eddba76
Red Hat Security Advisory 2019-3140-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database. This release of Red Hat JBoss Data Virtualization 6.4.8 serves as a replacement for Red Hat JBoss Data Virtualization 6.4.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, deserialization, information leakage, and path sanitization vulnerabilities.
cb03b8a3107017eb58904d224acf26d8a49abf7981da23786dece9f70750672b
Red Hat Security Advisory 2019-3002-01 - Red Hat Fuse Integration Services provides a set of tools and containerized xPaaS images that enable development, deployment, and management of integration microservices within OpenShift. Issues addressed include code execution and deserialization vulnerabilities.
621dfcd461e954e5f0ed3fefc22cedb7836b478f9190950358f4e51efebf85c0
Red Hat Security Advisory 2019-2858-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains an update for both jackson-databind and guava in the logging-elasticsearch5 container image for Red Hat OpenShift Container Platform 4.1.18. Issues addressed include code execution, denial of service, and deserialization vulnerabilities.
a85ed2e06864386321cea11d7342ff644000cb72324d0fc21bf798a437bb758e
Red Hat Security Advisory 2019-2804-01 - Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. Issues addressed include code execution, cross site request forgery, and deserialization vulnerabilities.
0d0d481dcbc07eca687b42ca85d628b58047f050fec57e910f4142dc73e50bd4
Red Hat Security Advisory 2019-1823-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.4.0 serves as an update to Red Hat Process Automation Manager 7.3.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and deserialization vulnerabilities.
0905137bd94aa14fc0a8a175a67fcbcc5702cd7d6cccb18e2d7096e7c2569cd1
Red Hat Security Advisory 2019-1822-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.4.0 serves as an update to Red Hat Decision Manager 7.3.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and deserialization vulnerabilities.
e4838bd134ac47cc3dcbea7ee7a598dc437cc3c7da9002aab9c7e22679fa53fd
Debian Linux Security Advisory 4452-1 - Multiple security issues were found in jackson-databind, a Java library to parse JSON and other data formats which could result in information disclosure or the execution of arbitrary code.
8095674dd1045dcb3b6e8830df6c5e14a3e757092613ec37d2e027cf70e3e072
Red Hat Security Advisory 2019-1140-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.1 serves as a replacement for Red Hat Single Sign-On 7.3.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a deserialization vulnerability.
6271484c47940b0c7dd386126f6ef63ce4c90910c0f55a1eb2d7f58051fd1fc5
Red Hat Security Advisory 2019-1107-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 7.2.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.0, and includes bug fixes and enhancements. Issues addressed include a deserialization vulnerability.
80d392549592df0d3648a41edbe6f03cb21e2f0e4cde93f299d3e5a09e087415
Red Hat Security Advisory 2019-1108-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 7.2.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.0, and includes bug fixes and enhancements. Issues addressed include a deserialization vulnerability.
39ebf04e2cd56b743d8a3ff8fd6cdf412cf96ee2ea7d51c35b3077ac6f829854
Red Hat Security Advisory 2019-1106-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 7.2.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.0, and includes bug fixes and enhancements. Issues addressed include a deserialization vulnerability.
41d2db304156761fdbf12167d29fe1538e7185923616f68b356302ec873b1aaf
Red Hat Security Advisory 2019-0877-01 - Red Hat OpenShift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of RHOAR Thorntail 2.4.0 serves as a replacement for RHOAR Thorntail 2.2.0, and includes security and bug fixes and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include code execution, denial of service, deserialization, and traversal vulnerabilities.
5a770a9e44f952c4dbd8ebcd0a5a7da0c0737d9f710ca712c6c037e86137438f
Red Hat Security Advisory 2019-0782-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Issues addressed include code execution and deserialization vulnerabilities.
112695995622cdf7982b5f45e341346c6fb131743373fd9b1ae6014aa1e901cf