An update for resteasy is now available for openEuler-20.03-LTS-SP1
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2021-1171
Final
1.0
1.0
2021-05-06
Initial
2021-05-06
2021-05-06
openEuler SA Tool V1.0
2021-05-06
resteasy security update
An update for resteasy is now available for openEuler-20.03-LTS-SP1.
%global desc \ RESTEasy contains a JBoss project that provides frameworks to help\ build RESTful Web Services and RESTful Java applications. It is a fully\ certified and portable implementation of the JAX-RS specification. %{desc} %global extdesc %{desc}\ \ This package contains
Security Fix(es):
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.(CVE-2021-20289)
An update for resteasy is now available for openEuler-20.03-LTS-SP1.
openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Medium
resteasy
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1171
https://openeuler.org/en/security/cve/detail.html?id=CVE-2021-20289
https://nvd.nist.gov/vuln/detail/CVE-2021-20289
openEuler-20.03-LTS-SP1
resteasy-netty3-3.0.19-3.oe1.noarch.rpm
resteasy-atom-provider-3.0.19-3.oe1.noarch.rpm
resteasy-3.0.19-3.oe1.noarch.rpm
resteasy-client-3.0.19-3.oe1.noarch.rpm
resteasy-jackson2-provider-3.0.19-3.oe1.noarch.rpm
resteasy-jackson-provider-3.0.19-3.oe1.noarch.rpm
resteasy-jettison-provider-3.0.19-3.oe1.noarch.rpm
resteasy-test-3.0.19-3.oe1.noarch.rpm
resteasy-yaml-provider-3.0.19-3.oe1.noarch.rpm
resteasy-core-3.0.19-3.oe1.noarch.rpm
resteasy-multipart-provider-3.0.19-3.oe1.noarch.rpm
resteasy-validator-provider-11-3.0.19-3.oe1.noarch.rpm
resteasy-jaxb-provider-3.0.19-3.oe1.noarch.rpm
resteasy-optional-3.0.19-3.oe1.noarch.rpm
resteasy-javadoc-3.0.19-3.oe1.noarch.rpm
resteasy-json-p-provider-3.0.19-3.oe1.noarch.rpm
resteasy-3.0.19-3.oe1.src.rpm
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.
2021-05-06
CVE-2021-20289
openEuler-20.03-LTS-SP1
Medium
5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
resteasy security update
2021-05-06
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1171