prometheus-jmx-exporter-0.12.0-9.el8

エラータID: AXSA:2022-4526:04

Release date: 
Monday, December 26, 2022 - 13:22
Subject: 
prometheus-jmx-exporter-0.12.0-9.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Prometheus JMX Exporter is a JMX to Prometheus exporter: a collector that can be configured to scrape and expose MBeans of a JMX target.

Security Fix(es):

* SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-1471
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization.

Solution: 

Update packages.

CVEs: 
CVE-2022-1471
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization.
Additional Info: 

N/A

Download: 

SRPMS
  1. prometheus-jmx-exporter-0.12.0-9.el8.src.rpm
    MD5: db917a8d46e7ee25261915839dc30276
    SHA-256: 221910c957a291401790fd85d9a17c37f0c1600f376bfe245a5c293cee6f731e
    Size: 47.03 kB

Asianux Server 8 for x86_64
  1. prometheus-jmx-exporter-0.12.0-9.el8.noarch.rpm
    MD5: 5f754c2d5b80b2fab9e43a065479de1d
    SHA-256: 45665bd2736b368c998a3b741d5e237961304c76f5cbb0f75573a43d3a4d64e2
    Size: 467.76 kB
  2. prometheus-jmx-exporter-openjdk11-0.12.0-9.el8.noarch.rpm
    MD5: 69ebf420210df7ed1ea1029c5f3e3425
    SHA-256: 578714d9f1ba4d41adcdba1bb5f3e5f5d86e33c70d401a72a6ba403e70edc1a0
    Size: 7.30 kB