RHSA-2022:0294: Red Hat Security Advisory: parfait:0.5 security update

Skip to navigation Skip to main content

Utilities

• Subscriptions
• Downloads
• Containers
• Support Cases

Infrastructure and Management

• Red Hat Enterprise Linux
• Red Hat Virtualization
• Red Hat Identity Management
• Red Hat Directory Server
• Red Hat Certificate System
• Red Hat Satellite
• Red Hat Subscription Management
• Red Hat Update Infrastructure
• Red Hat Insights
• Red Hat Ansible Automation Platform

Cloud Computing

• Red Hat OpenShift
• Red Hat CloudForms
• Red Hat OpenStack Platform
• Red Hat OpenShift Container Platform
• Red Hat OpenShift Data Science
• Red Hat OpenShift Online
• Red Hat OpenShift Dedicated
• Red Hat Advanced Cluster Security for Kubernetes
• Red Hat Advanced Cluster Management for Kubernetes
• Red Hat Quay
• Red Hat CodeReady Workspaces
• Red Hat OpenShift Service on AWS

Storage

• Red Hat Gluster Storage
• Red Hat Hyperconverged Infrastructure
• Red Hat Ceph Storage
• Red Hat OpenShift Data Foundation

Runtimes

• Red Hat Runtimes
• Red Hat JBoss Enterprise Application Platform
• Red Hat Data Grid
• Red Hat JBoss Web Server
• Red Hat Single Sign On
• Red Hat support for Spring Boot
• Red Hat build of Node.js
• Red Hat build of Thorntail
• Red Hat build of Eclipse Vert.x
• Red Hat build of OpenJDK
• Red Hat build of Quarkus
• Red Hat CodeReady Studio

Integration and Automation

• Red Hat Process Automation
• Red Hat Process Automation Manager
• Red Hat Decision Manager

All Products

Issued:

2022-01-26

Updated:

2022-01-26

RHSA-2022:0294 - Security Advisory

• Overview
• Updated Packages

Synopsis

Important: parfait:0.5 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the parfait:0.5 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Parfait is a Java performance monitoring library that collects metrics and exposes them through a variety of outputs. It provides APIs for extracting performance metrics from the JVM and other sources. It interfaces to Performance Co-Pilot (PCP) using the Memory Mapped Value (MMV) machinery for extremely lightweight instrumentation.

Security Fix(es):

• log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)
• log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)
• log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)
• log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

• Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le
• Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64

Fixes

• BZ - 2031667 - CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender
• BZ - 2041949 - CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink
• BZ - 2041959 - CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender
• BZ - 2041967 - CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer

CVEs

• CVE-2021-4104
• CVE-2022-23302
• CVE-2022-23305
• CVE-2022-23307

References

• https://access.redhat.com/security/updates/classification/#important
• https://access.redhat.com/security/vulnerabilities/RHSB-2021-009

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1

SRPM

parfait-0.5.4-4.module+el8.1.0+14000+df5fdac7.src.rpm

SHA-256: 1773b76b2c88ce2872115134d2075dae2486529bdb7973eca867afd787072483

si-units-0.6.5-2.module+el8+2463+615f6896.src.rpm

SHA-256: 241c474ba7e3f34811ea1af6035a1d683e2d62371721db435644ca94782b841f

unit-api-1.0-5.module+el8+2463+615f6896.src.rpm

SHA-256: 589bb96439d9f458b0358000adb9854bb01c8d91cfcb1622ff1b42c56fc753ba

uom-lib-1.0.1-6.module+el8+2463+615f6896.src.rpm

SHA-256: d11e6c7a825148480d94e535556d9876a6105114a621f53e35ed5cb2fef3a2b3

uom-parent-1.0.3-3.module+el8+2463+615f6896.src.rpm

SHA-256: affed31ce680b8b7b2354a4ed438f7bd7c975efe65f6a527997ed77e366387a5

uom-se-1.0.4-3.module+el8+2463+615f6896.src.rpm

SHA-256: 766721d1af9ed26434c4a6df39505e82a8ba22adea14a2b8d3a2cd38423e7eab

uom-systems-0.7-1.module+el8+2463+615f6896.src.rpm

SHA-256: 7484fbeaf29c89509f8634c1e4e84bf19e7710e25117fb44e18985053177a5d2

ppc64le

parfait-0.5.4-4.module+el8.1.0+14000+df5fdac7.noarch.rpm

SHA-256: 16d30c10e02d9ebe652eb39b5343dfd9b0a933bb1487d908a097a48c9e9f4087

parfait-examples-0.5.4-4.module+el8.1.0+14000+df5fdac7.noarch.rpm

SHA-256: fc8c3a6c714e1c7291fe6041009dbf03cead0f253e820daa5ab00e3f875678ab

parfait-javadoc-0.5.4-4.module+el8.1.0+14000+df5fdac7.noarch.rpm

SHA-256: e3bf95a1c418d5ea8d181508508c1df55a9f749e0d8e0e80d2cd2174c57a57a8

pcp-parfait-agent-0.5.4-4.module+el8.1.0+14000+df5fdac7.noarch.rpm

SHA-256: 87e11d08348909a32b6b7869d1aa96fb24ef4a24aba7953b476e4c96b804142a

si-units-0.6.5-2.module+el8+2463+615f6896.noarch.rpm

SHA-256: 977632266c65196ce97006ee861d57e0d995c67f2a1dbce6a0fed5d815343579

si-units-javadoc-0.6.5-2.module+el8+2463+615f6896.noarch.rpm

SHA-256: eba0d36c052d2f36df644b049a56021fe24d666e354f69e9e59f7885032fbe72

unit-api-1.0-5.module+el8+2463+615f6896.noarch.rpm

SHA-256: 2fadd123b9ff3559aefcb593f254fab80b6cf3d938541893e1d793e3b98cb91d

unit-api-javadoc-1.0-5.module+el8+2463+615f6896.noarch.rpm

SHA-256: a664aaa4197d866973e7ff5a3cb7ed779a3a6fb19f9e96e90ef73cf65d4f4297

uom-lib-1.0.1-6.module+el8+2463+615f6896.noarch.rpm

SHA-256: 4d8b5ece1553ab9b4c7ba98de295af7f06f6beb098aada2fd4ed79bcc09e1f10

uom-lib-javadoc-1.0.1-6.module+el8+2463+615f6896.noarch.rpm

SHA-256: cb08887ffa2bbda6dea6f2d702da1ecbe3441ee17b1d584bf57b13bf84bd1a2c

uom-parent-1.0.3-3.module+el8+2463+615f6896.noarch.rpm

SHA-256: ef902a8c0f5ba504291c984004170c953f31a607eb9843ecff9218ba844a18d8

uom-se-1.0.4-3.module+el8+2463+615f6896.noarch.rpm

SHA-256: 4acba35e65a789d6deb0371ab8944862c37f20ec4ca920b021f25bfcd89bfde9

uom-se-javadoc-1.0.4-3.module+el8+2463+615f6896.noarch.rpm

SHA-256: a772481c9c94a96475f77624c128a06d7d6380bd438657d923f65557a5f5d513

uom-systems-0.7-1.module+el8+2463+615f6896.noarch.rpm

SHA-256: 1c3405ddf30289937866fb55744a90a2628fa4590b01b774d29d50ab98c07c91

uom-systems-javadoc-0.7-1.module+el8+2463+615f6896.noarch.rpm

SHA-256: 1d59f427e0d4f3d8110a13d60c818e1fdc85bb51272ff563eee803cfb471bf4d

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1

SRPM

parfait-0.5.4-4.module+el8.1.0+14000+df5fdac7.src.rpm

SHA-256: 1773b76b2c88ce2872115134d2075dae2486529bdb7973eca867afd787072483

si-units-0.6.5-2.module+el8+2463+615f6896.src.rpm

SHA-256: 241c474ba7e3f34811ea1af6035a1d683e2d62371721db435644ca94782b841f

unit-api-1.0-5.module+el8+2463+615f6896.src.rpm

SHA-256: 589bb96439d9f458b0358000adb9854bb01c8d91cfcb1622ff1b42c56fc753ba

uom-lib-1.0.1-6.module+el8+2463+615f6896.src.rpm

SHA-256: d11e6c7a825148480d94e535556d9876a6105114a621f53e35ed5cb2fef3a2b3

uom-parent-1.0.3-3.module+el8+2463+615f6896.src.rpm

SHA-256: affed31ce680b8b7b2354a4ed438f7bd7c975efe65f6a527997ed77e366387a5

uom-se-1.0.4-3.module+el8+2463+615f6896.src.rpm

SHA-256: 766721d1af9ed26434c4a6df39505e82a8ba22adea14a2b8d3a2cd38423e7eab

uom-systems-0.7-1.module+el8+2463+615f6896.src.rpm

SHA-256: 7484fbeaf29c89509f8634c1e4e84bf19e7710e25117fb44e18985053177a5d2

x86_64

parfait-0.5.4-4.module+el8.1.0+14000+df5fdac7.noarch.rpm

SHA-256: 16d30c10e02d9ebe652eb39b5343dfd9b0a933bb1487d908a097a48c9e9f4087

parfait-examples-0.5.4-4.module+el8.1.0+14000+df5fdac7.noarch.rpm

SHA-256: fc8c3a6c714e1c7291fe6041009dbf03cead0f253e820daa5ab00e3f875678ab

parfait-javadoc-0.5.4-4.module+el8.1.0+14000+df5fdac7.noarch.rpm

SHA-256: e3bf95a1c418d5ea8d181508508c1df55a9f749e0d8e0e80d2cd2174c57a57a8

pcp-parfait-agent-0.5.4-4.module+el8.1.0+14000+df5fdac7.noarch.rpm

SHA-256: 87e11d08348909a32b6b7869d1aa96fb24ef4a24aba7953b476e4c96b804142a

si-units-0.6.5-2.module+el8+2463+615f6896.noarch.rpm

SHA-256: 977632266c65196ce97006ee861d57e0d995c67f2a1dbce6a0fed5d815343579

si-units-javadoc-0.6.5-2.module+el8+2463+615f6896.noarch.rpm

SHA-256: eba0d36c052d2f36df644b049a56021fe24d666e354f69e9e59f7885032fbe72

unit-api-1.0-5.module+el8+2463+615f6896.noarch.rpm

SHA-256: 2fadd123b9ff3559aefcb593f254fab80b6cf3d938541893e1d793e3b98cb91d

unit-api-javadoc-1.0-5.module+el8+2463+615f6896.noarch.rpm

SHA-256: a664aaa4197d866973e7ff5a3cb7ed779a3a6fb19f9e96e90ef73cf65d4f4297

uom-lib-1.0.1-6.module+el8+2463+615f6896.noarch.rpm

SHA-256: 4d8b5ece1553ab9b4c7ba98de295af7f06f6beb098aada2fd4ed79bcc09e1f10

uom-lib-javadoc-1.0.1-6.module+el8+2463+615f6896.noarch.rpm

SHA-256: cb08887ffa2bbda6dea6f2d702da1ecbe3441ee17b1d584bf57b13bf84bd1a2c

uom-parent-1.0.3-3.module+el8+2463+615f6896.noarch.rpm

SHA-256: ef902a8c0f5ba504291c984004170c953f31a607eb9843ecff9218ba844a18d8

uom-se-1.0.4-3.module+el8+2463+615f6896.noarch.rpm

SHA-256: 4acba35e65a789d6deb0371ab8944862c37f20ec4ca920b021f25bfcd89bfde9

uom-se-javadoc-1.0.4-3.module+el8+2463+615f6896.noarch.rpm

SHA-256: a772481c9c94a96475f77624c128a06d7d6380bd438657d923f65557a5f5d513

uom-systems-0.7-1.module+el8+2463+615f6896.noarch.rpm

SHA-256: 1c3405ddf30289937866fb55744a90a2628fa4590b01b774d29d50ab98c07c91

uom-systems-javadoc-0.7-1.module+el8+2463+615f6896.noarch.rpm

SHA-256: 1d59f427e0d4f3d8110a13d60c818e1fdc85bb51272ff563eee803cfb471bf4d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.