Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Critical Risk: Code Execution Vulnerability in Red Hat Jbossas Stack

red hat
Calendar Grey November 27, 2006
Dist Redhat Esm H88
Notice regarding essential vulnerability resolution in jbossas for Red Hat Application Stack. Crucial to safeguard against possible risks.
An updated jbossas package that corrects a security vulnerability is now available for Red Hat Application Stack

Solution

Before applying this update, make sure that the jbossas service is not running and all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs.

Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

215828 - CVE-2006-5750 JBoss Java Class DeploymentFileRepository Directory Traversal 216177 - JBossAS needs to be bound to localhost by default 216786 - Config files in the jbossas rpm should be marked accordingly

6. RPMs required:

Red Hat Application Stack v1 for Enterprise Linux AS (v.4):

SRPMS: ddcee54695279bfa2bcc1e6dc272edc5 jbossas-4.0.4-1.el4s1.25.src.rpm

noarch: edf562a2624881d8198f23bd3e61f443 jbossas-4.0.4-1.el4s1.25.noarch.rpm

Red Hat Application Stack v1 for Enterprise Linux ES (v.4):

SRPMS: ddcee54695279bfa2bcc1e6dc272edc5 jbossas-4.0.4-1.el4s1.25.src.rpm

noarch: edf562a2624881d8198f23bd3e61f443 jbossas-4.0.4-1.el4s1.25.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package

Summary

References

https://www.cve.org/CVERecord?id=CVE-2006-5750 https://access.redhat.com/security/updates/classification#critical

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2006:0743-01
Issue date: 2006-11-27
Updated on: 2006-11-27
Product: Red Hat Application Stack

Topic

Relevant Releases Architectures

Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - noarch

Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - noarch

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here