Red Hat 8936 Published by

An AMQ Broker 7.11.1.OPR.2.GA Container Images Release has been released.



[RHSA-2023:4720-01] Moderate: AMQ Broker 7.11.1.OPR.2.GA Container Images Release


=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: AMQ Broker 7.11.1.OPR.2.GA Container Images Release
Advisory ID: RHSA-2023:4720-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2023:4720
Issue date: 2023-08-23
CVE Names: CVE-2020-24736 CVE-2023-1667 CVE-2023-2283
CVE-2023-2602 CVE-2023-2603 CVE-2023-4065
CVE-2023-4066 CVE-2023-26604 CVE-2023-27536
CVE-2023-28321 CVE-2023-28484 CVE-2023-29469
CVE-2023-32681 CVE-2023-34969
=====================================================================

1. Summary:

This is the multiarch release of the AMQ Broker 7.11.1 aligned Operator and
associated container images on Red Hat Enterprise Linux 8 for the OpenShift
Container Platform.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Red Hat Middleware for OpenShift provides images for many of the Red Hat
Middleware products for use within the OpenShift Container Platform cloud
computing Platform-as-a-Service (PaaS) for on-premise or private cloud
deployments.

This release of the AMQ Broker 7.11.1 aligned Operator includes security
and bug fixes, and enhancements. For further information, refer to the
release notes linked to in the References section.

Security Fix(es):

* amq-broker-operator-container: Red Hat AMQ Broker Operator: plaintext
password in operator log (CVE-2023-4065)

* activemq-broker-operator: Red Hat AMQ Broker Operator: Passwords defined
in secrets shown in StatefulSet yaml (CVE-2023-4066)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

For information on supported configurations, see Red Hat AMQ Broker 7
Supported Configurations at https://access.redhat.com/articles/2791941

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed ( https://bugzilla.redhat.com/):

2224630 - CVE-2023-4065 Red Hat AMQ Broker Operator: plaintext password in operator log
2224677 - CVE-2023-4066 Red Hat AMQ Broker Operator: Passwords defined in secrets shown in StatefulSet yaml

5. JIRA issues fixed ( https://issues.redhat.com/):

ENTMQBR-7804 - Move json dumps for Openshift objects into Debug from INFO loglevel

6. References:

https://access.redhat.com/security/cve/CVE-2020-24736
https://access.redhat.com/security/cve/CVE-2023-1667
https://access.redhat.com/security/cve/CVE-2023-2283
https://access.redhat.com/security/cve/CVE-2023-2602
https://access.redhat.com/security/cve/CVE-2023-2603
https://access.redhat.com/security/cve/CVE-2023-4065
https://access.redhat.com/security/cve/CVE-2023-4066
https://access.redhat.com/security/cve/CVE-2023-26604
https://access.redhat.com/security/cve/CVE-2023-27536
https://access.redhat.com/security/cve/CVE-2023-28321
https://access.redhat.com/security/cve/CVE-2023-28484
https://access.redhat.com/security/cve/CVE-2023-29469
https://access.redhat.com/security/cve/CVE-2023-32681
https://access.redhat.com/security/cve/CVE-2023-34969
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_amq_broker/

7. Contact:

The Red Hat security contact is [secalert@redhat.com]. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.

--