-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: Open Liberty 21.0.0.6 Runtime security update
Advisory ID:       RHSA-2021:2439-01
Product:           Open Liberty
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:2439
Issue date:        2021-06-15
====================================================================
1. Summary:

Open Liberty 21.0.0.6 Runtime is now available from the Customer Portal.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Description:

Open Liberty is a lightweight open framework for building fast and
efficient cloud-native Java microservices.

This release of Open Liberty 21.0.0.6 serves as a replacement for Open
Liberty 21.0.0.3, and includes a security fix and enhancements. For
specific information about this release, see links in the References
section.

Security Fix(es):

* myfaces: Cross-site request forgery vulnerability in Apache MyFaces
(CVE-2021-26296)

For more details about the security issue(s), see the IBM Security Bulletin
links for each CVE, listed in the References section.

3. Solution:

Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on.

The References section of this erratum contains a download link (you must
log in to download the update).

4. JIRA issues fixed (https://issues.redhat.com/plugins/servlet/samlsso

IBMRT-133 - Create Errata (RHSA) for Open Liberty

5. References:

https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=open.liberty&downloadType=distributions&version=21.0.0.6
https://www.ibm.com/support/pages/node/6441433
https://access.redhat.com/articles/4544981
https://access.redhat.com/products/open-liberty
https://access.redhat.com/documentation/en-us/open_liberty/

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYMimftzjgjWX9erEAQhrsA//Y0ojMf2eAgzAzR8wlmNm8WmzB57R2j4d
6NWTmOLcgxOtqah3YHlJwpNmd3TCnLewNZPvYWFHYtu/OlQThItno89xN6ttadQt
xOVX+lI5f9Ks3xo0EyO/8RhmSHTs6goGVK3spjkgjNMh+Gb2BuReFxx+LKAySiyS
QMMV90A46/HPfFlPYtlQTpVmISe1efeG2aCbvCFZDTUbm4luSxTThL1CsNpeE+1A
/5d8RG64269/1VLN/z9SnkpOO/0mMPmNXroC3+Y9XBfVt1rdDlzKskvlQkdoifix
7mpyEu66Q1wL3K9qTuzf939Avd4Eha1V/gHQAcrBuwPVofm9OZ3Vkgog9Q1bXWmp
UACXXfY+obV3eNveLqVpDdwt/DlUQKwWb1nbi8S43uYgXnaM03W1POgFoFTJ2QPT
QKs2f1ZeAWVN1CuORY/Q8OTo79EDEeNgjia874uk87pdbHtoxe8VwUiTVIeL+049
kHlJbqwhk5Fp2G7qfaDrQT+J/Lo8KxRcSI+akhQGknPdK9OFNiUM1TcgINk3qsTQ
znUfcqoHnsYFoEfcG3sWc7UWMp7WK6q83lNn8jf87xb4JTlr8qzjenNn55oTaCoe
DqEn/kMPTbb3hqZ6i0Jjej4/RdiA/oM6IWAD7gZ5HZoUSU1GbwyGVPoYSb0brT1J
W1Q0HnRVJlU=mOIE
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2021-2439:01 Important: Open Liberty 21.0.0.6 Runtime security

Open Liberty 21.0.0.6 Runtime is now available from the Customer Portal

Summary

Open Liberty is a lightweight open framework for building fast and efficient cloud-native Java microservices.
This release of Open Liberty 21.0.0.6 serves as a replacement for Open Liberty 21.0.0.3, and includes a security fix and enhancements. For specific information about this release, see links in the References section.
Security Fix(es):
* myfaces: Cross-site request forgery vulnerability in Apache MyFaces (CVE-2021-26296)
For more details about the security issue(s), see the IBM Security Bulletin links for each CVE, listed in the References section.



Summary


Solution

Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link (you must log in to download the update).
4. JIRA issues fixed (https://issues.redhat.com/plugins/servlet/samlsso
IBMRT-133 - Create Errata (RHSA) for Open Liberty

References

https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=open.liberty&downloadType=distributions&version=21.0.0.6 https://www.ibm.com/support/pages/node/6441433 https://access.redhat.com/articles/4544981 https://access.redhat.com/products/open-liberty https://access.redhat.com/documentation/en-us/open_liberty/

Package List


Severity
Advisory ID: RHSA-2021:2439-01
Product: Open Liberty
Advisory URL: https://access.redhat.com/errata/RHSA-2021:2439
Issued Date: : 2021-06-15

Topic

Open Liberty 21.0.0.6 Runtime is now available from the Customer Portal.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures


Bugs Fixed


Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved