关键漏洞信息 漏洞概述 类型/严重性: 重要 主题: Red Hat Streams for Apache Kafka 2.9.1 发布和安全更新 漏洞详情 CVEs: - CVE-2023-1370: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) - CVE-2024-6765: Denial of Service attack on windows app using Netty - CVE-7024: Arbitrary File Read SSRF Security - CVE-2024-3184: Replay attacks when used with automatic ConfigProvider Security - CVE-2024-4785: Denial of Service attack on windows app using Netty - CVE-2025-24970: netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine - CVE-2025-25193: Denial of Service attack on windows app using Netty - CVE-2025-27817: org.apache.kafka: Kafka Client Arbitrary File Read SSRF - CVE-2025-28761: commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppress an enum's declaredClass property by default 影响的产品 Red Hat AMQ Streams 2 for RHEL 9 x86_64 Red Hat AMQ Streams 2 for RHEL 9 s390x Red Hat AMQ Streams 2 for RHEL 9 ppc64le Red Hat AMQ Streams 2 for RHEL 9 aarch64 解决方案 在应用此更新之前,确保所有先前发布的与系统相关的错误都已修复。 参考文档: https://access.redhat.com/articles/11258 参考资料 https://access.redhat.com/security/updates/classification/#Important