{"id":"ALSA-2022:0290","summary":"Important: parfait:0.5 security update","details":"Parfait is a Java performance monitoring library that collects metrics and exposes them through a variety of outputs. It provides APIs for extracting performance metrics from the JVM and other sources. It interfaces to Performance Co-Pilot (PCP) using the Memory Mapped Value (MMV) machinery for extremely lightweight instrumentation.\n\nSecurity Fix(es):\n\n* log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)\n\n* log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","modified":"2026-01-30T02:00:45.720979Z","published":"2022-01-26T14:27:19Z","related":["CVE-2021-4104","CVE-2022-23302","CVE-2022-23305","CVE-2022-23307"],"references":[{"type":"ADVISORY","url":"https://errata.almalinux.org/8/ALSA-2022-0290.html"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-4104"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2022-23302"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2022-23305"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2022-23307"}],"affected":[{"package":{"name":"parfait","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/parfait"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.5.4-4.module_el8.5.0+235+62ea7738"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0290.json"}},{"package":{"name":"parfait","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/parfait"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.5.4-4.module_el8.5.0+2610+de2b8c0b"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0290.json"}},{"package":{"name":"parfait-examples","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/parfait-examples"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.5.4-4.module_el8.5.0+2610+de2b8c0b"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0290.json"}},{"package":{"name":"parfait-examples","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/parfait-examples"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.5.4-4.module_el8.5.0+235+62ea7738"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0290.json"}},{"package":{"name":"parfait-javadoc","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/parfait-javadoc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.5.4-4.module_el8.5.0+235+62ea7738"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0290.json"}},{"package":{"name":"parfait-javadoc","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/parfait-javadoc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.5.4-4.module_el8.5.0+2610+de2b8c0b"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0290.json"}},{"package":{"name":"pcp-parfait-agent","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/pcp-parfait-agent"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.5.4-4.module_el8.5.0+2610+de2b8c0b"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0290.json"}},{"package":{"name":"pcp-parfait-agent","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/pcp-parfait-agent"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.5.4-4.module_el8.5.0+235+62ea7738"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0290.json"}},{"package":{"name":"si-units","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/si-units"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.6.5-2.module_el8.5.0+235+62ea7738"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0290.json"}},{"package":{"name":"si-units","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/si-units"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.6.5-2.module_el8.5.0+2610+de2b8c0b"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0290.json"}},{"package":{"name":"si-units-javadoc","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/si-units-javadoc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.6.5-2.module_el8.5.0+2610+de2b8c0b"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0290.json"}},{"package":{"name":"si-units-javadoc","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/si-units-javadoc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.6.5-2.module_el8.5.0+235+62ea7738"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0290.json"}},{"package":{"name":"unit-api","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/unit-api"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0-5.module_el8.5.0+2610+de2b8c0b"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0290.json"}},{"package":{"name":"unit-api","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/unit-api"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0-5.module_el8.5.0+235+62ea7738"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0290.json"}},{"package":{"name":"unit-api-javadoc","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/unit-api-javadoc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0-5.module_el8.5.0+2610+de2b8c0b"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0290.json"}},{"package":{"name":"unit-api-javadoc","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/unit-api-javadoc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0-5.module_el8.5.0+235+62ea7738"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0290.json"}},{"package":{"name":"uom-lib","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/uom-lib"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.1-6.module_el8.5.0+2610+de2b8c0b"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0290.json"}},{"package":{"name":"uom-lib","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/uom-lib"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.1-6.module_el8.5.0+235+62ea7738"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0290.json"}},{"package":{"name":"uom-lib-javadoc","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/uom-lib-javadoc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.1-6.module_el8.5.0+2610+de2b8c0b"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0290.json"}},{"package":{"name":"uom-lib-javadoc","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/uom-lib-javadoc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.1-6.module_el8.5.0+235+62ea7738"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0290.json"}},{"package":{"name":"uom-parent","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/uom-parent"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.3-3.module_el8.5.0+235+62ea7738"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0290.json"}},{"package":{"name":"uom-parent","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/uom-parent"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.3-3.module_el8.5.0+2610+de2b8c0b"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0290.json"}},{"package":{"name":"uom-se","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/uom-se"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.4-3.module_el8.5.0+235+62ea7738"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0290.json"}},{"package":{"name":"uom-se","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/uom-se"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.4-3.module_el8.5.0+2610+de2b8c0b"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0290.json"}},{"package":{"name":"uom-se-javadoc","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/uom-se-javadoc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.4-3.module_el8.5.0+235+62ea7738"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0290.json"}},{"package":{"name":"uom-se-javadoc","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/uom-se-javadoc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.4-3.module_el8.5.0+2610+de2b8c0b"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0290.json"}},{"package":{"name":"uom-systems","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/uom-systems"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.7-1.module_el8.5.0+235+62ea7738"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0290.json"}},{"package":{"name":"uom-systems","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/uom-systems"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.7-1.module_el8.5.0+2610+de2b8c0b"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0290.json"}},{"package":{"name":"uom-systems-javadoc","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/uom-systems-javadoc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.7-1.module_el8.5.0+2610+de2b8c0b"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0290.json"}},{"package":{"name":"uom-systems-javadoc","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/uom-systems-javadoc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.7-1.module_el8.5.0+235+62ea7738"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0290.json"}}],"schema_version":"1.7.3"}