prometheus-jmx-exporter-0.12.0-6.el8
エラータID: AXSA:2021-1339:01
Release date:
Friday, January 29, 2021 - 10:47
Subject:
prometheus-jmx-exporter-0.12.0-6.el8
Affected Channels:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
Prometheus JMX Exporter is a JMX to Prometheus exporter: a collector that can be configured to scrape and expose MBeans of a JMX target.
Security Fix(es):
* snakeyaml: Billion laughs attack via alias feature (CVE-2017-18640)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2017-18640
The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
Solution:
Update packages.
CVEs:
CVE-2017-18640
The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
Additional Info:
N/A
Download:
SRPMS
- prometheus-jmx-exporter-0.12.0-6.el8.src.rpm
MD5: 395a6b4e3230d24df7e82aaffa5f6502
SHA-256: faa8ca8a6b258eb1614838d9895c097bdf9082e57a02d0d0aa50191b63a2bd21
Size: 44.12 kB
Asianux Server 8 for x86_64
- prometheus-jmx-exporter-0.12.0-6.el8.noarch.rpm
MD5: 1ee7ffe5336a41fdc4c960a8c864a096
SHA-256: 15d56ce87c3f08226930be8ad4c1daca78474c6feafdb21c20cfdf2b359d9b61
Size: 466.68 kB