Solace PubSub+ Event Broker (Software & Appliance) new versions are released

The following product has been released and is available for download:

• Solace PubSub+ Event Broker 9.6.0.58

Release Summary

The following vulnerabilities have been addressed in this release (see Release Notes for details):

• CentOS 7 : glib2 (CESA-2021:2147) (https://www.tenable.com/plugins/nessus/150773)
  CVSS v3 Score: 7.5 (High)
  CVE: CVE-2021-27219

• CentOS 7 : dhcp (CESA-2021:2357) (https://www.tenable.com/plugins/nessus/150763)
  CVSS v3 Score: 7.7 (High)
  CVE: CVE-2021-25217

• CentOS 7 : kernel (CESA-2021:2314) (https://www.tenable.com/plugins/nessus/150770)
  CVSS v3 Score: 7.8 (High)
  CBE: CVE-2021-3347

• CVE vulnerability in urllib3-1.26.4-py2.py3-none-any.whl (https://nvd.nist.gov/vuln/detail/CVE-2021-33503)
  CVSS v3 Score: 7.5 (High)
  CVE: CVE-2021-33503

• CentOS 7 : linuxptp (CESA-2021:2658) (https://nvd.nist.gov/vuln/detail/CVE-2021-3570)
  CVSS v3 Score: 9.1 (Critical)
  CVE: CVE-2021-3570

• Oracle Java SE 1.7.0_301 / 1.8.0_291 / 1.11.0_11 / 1.16.0_1 Multiple Vulnerabilities (Unix Apr 2021 CPU) (https://www.tenable.com/plugins/nessus/148961)
  CVSS v3 Severity: Medium (5.9)
  CVE: CVE-2021-2161, CVE-2021-2163

• nginx 0.6.x < 1.20.1 1-Byte Memory Overwrite RCE (https://nvd.nist.gov/vuln/detail/CVE-2021-23017)
  CVSS v3 Score: 9.8 (Critical)
  CVE: CVE-2021-23017

• A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service. (https://nvd.nist.gov/vuln/detail/CVE-2020-25692)
  CVSS v3 Score: 7.5 (High)
  CVE: CVE-2020-25692

• Various Kernel Vulnerabilities
  CVSS v3 Severity: 7.8 (High)
  CVE: CVE-2021-26930, CVE-2021-26931, CVE-2021-26932, CVE-2021-27363, CVE-2021-27364, CVE-2021-27365, CVE-2021-28038, CVE-2021-30002, CVE-2019-19060, CVE-2021-28660, CVE-2021-29265, CVE-2021-28964, CVE-2021-28971, CVE-2021-28972, CVE-2021-28688, CVE-2021-29647, CVE-2021-3483, CVE-2021-29154, CVE-2020-25670, CVE-2020-25671, CVE-2020-25672

• CentOS 7: bind (CESA-2021:1469) (https://www.tenable.com/plugins/nessus/149205)
  CVSS v3 Severity: 7.5 (High)
  CVE: CVE-2021-25215

Download

Please contact Solace at support@solace.com. Access to http://products.solace.com requires your account name and password.

Documentation

Solace product documentation can be found at: https://docs.solace.com.