RLSA-2022:0290

Source
https://errata.rockylinux.org/RLSA-2022:0290
Import Source
https://storage.googleapis.com/resf-osv-data/RLSA-2022:0290.json
JSON Data
https://api.osv.dev/v1/vulns/RLSA-2022:0290
Related
Published
2022-01-26T14:27:19Z
Modified
2023-02-02T13:33:44.254246Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Important: parfait:0.5 security update
Details

Parfait is a Java performance monitoring library that collects metrics and exposes them through a variety of outputs. It provides APIs for extracting performance metrics from the JVM and other sources. It interfaces to Performance Co-Pilot (PCP) using the Memory Mapped Value (MMV) machinery for extremely lightweight instrumentation.

Security Fix(es):

  • log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)

  • log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)

  • log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)

  • log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:8 / parfait

Package

Name
parfait
Purl
pkg:rpm/rocky-linux/parfait?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.5.4-4.module+el8.5.0+728+553fbdb8

Rocky Linux:8 / si-units

Package

Name
si-units
Purl
pkg:rpm/rocky-linux/si-units?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.6.5-2.module+el8.3.0+214+edf13b3f

Rocky Linux:8 / unit-api

Package

Name
unit-api
Purl
pkg:rpm/rocky-linux/unit-api?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.0-5.module+el8.3.0+214+edf13b3f

Rocky Linux:8 / uom-lib

Package

Name
uom-lib
Purl
pkg:rpm/rocky-linux/uom-lib?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.0.1-6.module+el8.3.0+214+edf13b3f

Rocky Linux:8 / uom-parent

Package

Name
uom-parent
Purl
pkg:rpm/rocky-linux/uom-parent?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.0.3-3.module+el8.3.0+214+edf13b3f

Rocky Linux:8 / uom-se

Package

Name
uom-se
Purl
pkg:rpm/rocky-linux/uom-se?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.0.4-3.module+el8.3.0+214+edf13b3f

Rocky Linux:8 / uom-systems

Package

Name
uom-systems
Purl
pkg:rpm/rocky-linux/uom-systems?distro=rocky-linux-8-x86-64&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.7-1.module+el8.3.0+214+edf13b3f