Bug 2009041 (CVE-2021-38153)
| Summary: | CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | aileenc, akoufoud, alazarot, anstephe, aos-bugs, asoldano, atangrin, avibelli, bbaranow, bgeorges, bibryam, bmaxwell, bmontgom, brian.stansberry, caswilli, cdewolf, chazlett, clement.escoffier, dandread, darran.lofthouse, dkreling, dosoudil, drieden, eleandro, eparis, eric.wittmann, etirelli, ewolinet, fjansen, fjuma, ggaughan, gmalinko, gsmet, hamadhan, hbraun, ibek, iweiss, janstey, jburrell, jcantril, jnethert, jochrist, jpallich, jperkins, jrokos, jross, jstastny, jwon, kaycoth, krathod, kverlaen, kwills, lgao, lthon, mnovotny, msochure, msvehla, mszynkie, nstielau, nwallace, pantinor, pdelbell, peholase, pgallagh, pjindal, pmackay, probinso, rguimara, rrajasek, rruss, rstancel, rsvoboda, sbiarozk, sd-operator-metering, sdouglas, smaestri, sponnaga, swoodman, tflannag, tom.jenkinson, tzimanyi, yborgess |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | kafka-2.8.1 kafka-clients-2.8.1 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-01-13 16:00:41 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2010404 | ||
| Bug Blocks: | 2009042 | ||
|
Description
Pedro Sampaio
2021-09-29 18:37:36 UTC
Upstream fix: [2.8.1] kafka clients - https://github.com/apache/kafka/commit/3325342fecba56c2f5b28d60ca37605a7ebf420a kafka connect - https://github.com/apache/kafka/commit/d7abd32f3569a65a4b59c7dd8a655b17ffa1b455 [3.0.0 ] kafka clients - https://github.com/apache/kafka/commit/00c086e9087c3163cb0502bf0067bae4d401d66e kafka connect - https://github.com/apache/kafka/commit/be5889d1d110abfd2f580d88b109a9a0c8e7b2d6 This issue has been addressed in the following products: Red Hat AMQ Streams 2.0.0 Via RHSA-2022:0138 https://access.redhat.com/errata/RHSA-2022:0138 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-38153 This issue has been addressed in the following products: Red Hat AMQ Streams 1.6.6 Via RHSA-2022:0219 https://access.redhat.com/errata/RHSA-2022:0219 This issue has been addressed in the following products: RHINT Service Registry 2.0.3 GA Via RHSA-2022:0501 https://access.redhat.com/errata/RHSA-2022:0501 This issue has been addressed in the following products: Red Hat build of Quarkus 2.2.5 Via RHSA-2022:0589 https://access.redhat.com/errata/RHSA-2022:0589 This issue has been addressed in the following products: Vert.x 4.2.5 Via RHSA-2022:0737 https://access.redhat.com/errata/RHSA-2022:0737 This issue has been addressed in the following products: Red Hat Data Grid 8.3.1 Via RHSA-2022:2232 https://access.redhat.com/errata/RHSA-2022:2232 This issue has been addressed in the following products: Red Hat Fuse 7.11 Via RHSA-2022:5532 https://access.redhat.com/errata/RHSA-2022:5532 This issue has been addressed in the following products: RHINT Camel-Q 2.7 Via RHSA-2022:5606 https://access.redhat.com/errata/RHSA-2022:5606 This issue has been addressed in the following products: RHAF Camel-K 1.8 Via RHSA-2022:6407 https://access.redhat.com/errata/RHSA-2022:6407 |