You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa prometheus-jmx-exporter

Sigurnosni nedostatak programskog paketa prometheus-jmx-exporter

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LRH

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: prometheus-jmx-exporter security update
Advisory ID: RHSA-2020:4807-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4807
Issue date: 2020-11-03
CVE Names: CVE-2017-18640
=====================================================================

1. Summary:

An update for prometheus-jmx-exporter is now available for Red Hat
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) – noarch

3. Description:

Prometheus JMX Exporter is a JMX to Prometheus exporter: a collector that
can be configured to scrape and expose MBeans of a JMX target.

Security Fix(es):

* snakeyaml: Billion laughs attack via alias feature (CVE-2017-18640)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.3 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1785376 – CVE-2017-18640 snakeyaml: Billion laughs attack via alias feature

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
prometheus-jmx-exporter-0.12.0-6.el8.src.rpm

noarch:
prometheus-jmx-exporter-0.12.0-6.el8.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-18640
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBX6I2a9zjgjWX9erEAQgTog/+NO074oqVit4x18c1OZ8b72VgQ8Vnmv3H
XvRhkrt+ybMvE7nvbvs2fJut0iyp1zS3cYKdGy3KF1yxBV6/BKlP7zHzH9IVc2y4
mVuKJ882pjXy93rk7a/aGI/8/MeZZ7D/TO8fBHgU5Iuxk8VmCR1sJuTgZt3DvQJ5
o1fQmQbebohDziTq2aObKBBooqVKv/UO2TCpsITCO4/UQ15AYaIr1Lx5ZEUPZdqp
j49gLa+Jb73+kUdjdSYVlz8FvlztvQakmKopmoK3QUKYUKztkSOIfFdYMsc2Sree
hNTIZ3adXpcUN+wSX+FjTkR51YTQTvdxd1AjQI0pi3wuskza/1NwHkMvYke8oZVk
XOv9zYI0rn7kU8EkOCz9V7nI/FVVKhZdki+wdpAbhAqMCSP8sUIgsHCM48trzK3x
JMl9FSSN8qovRD5COFPt5ltAf28XbiA2i4UAS3GmNLtLOApwe16kYIaPUBzXAEfQ
FpjWKdAY4XOx7ez59ku/PgT7gWvimYOpuqLzuBI6UOqxGez6zwytPC+Bxrcm7UbZ
/TDMP9H3fKfEiDRwVg6tubOtwQ8IfgR32wXC8nhitBNbzZ4C7TTbKoMSgTglXgkH
mFAFaGdASYzRvOeCojlMar/aCf1F/QK6uFHk3mg8ms3iXN4Q67iTQNnviwWJga4Z
11faIrAWj9A=
=JQyi
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

AutorDona Seruga
Cert idNCERT-REF-2020-11-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke libgcrypt

Otkriven je sigurnosni nedostatak programske biblioteke libgcrypt za operacijski sustav RHEL. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje osjetljivih informacija. Savjetuje...

Close