Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 554
Alerts This Week
Warning Icon 1 554

Red Hat RHSA-2018:3528-01 Moderate JBoss IIOP Vulnerability Advisory

red hat
Calendar Grey November 8, 2018
Dist Redhat Esm H88
A recent security update for Red Hat JBoss on RHEL 7 addresses vulnerabilities that threaten system integrity and confidentiality, urging prompt application.
An update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Summary

Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.
This release of Red Hat JBoss Enterprise Application Platform 7.1.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* wildfly-iiop-openjdk: iiop does not honour strict transport confidentiality (CVE-2018-14627)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

References

https://access.redhat.com/security/cve/CVE-2018-14627 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=7.1 https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/

Package List

Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server:
Source: eap7-activemq-artemis-1.5.5.014-1.redhat_00001.1.ep7.el7.src.rpm eap7-elytron-web-1.0.2-1.Final_redhat_00001.1.ep7.el7.src.rpm eap7-glassfish-jsf-2.2.13-7.SP6_redhat_00001.1.ep7.el7.src.rpm eap7-hibernate-5.1.16-1.Final_redhat_00001.1.ep7.el7.src.rpm eap7-ironjacamar-1.4.11-1.Final_redhat_00001.1.ep7.el7.src.rpm eap7-jboss-marshalling-2.0.6-1.Final_redhat_00001.1.ep7.el7.src.rpm eap7-jboss-modules-1.6.5-1.Final_redhat_00001.1.ep7.el7.src.rpm eap7-jboss-server-migration-1.0.7-1.Final_redhat_00001.1.ep7.el7.src.rpm eap7-jboss-vfs-3.2.13-1.Final_redhat_1.1.ep7.el7.src.rpm eap7-jboss-xnio-base-3.5.6-1.Final_redhat_00001.1.ep7.el7.src.rpm eap7-jbossws-common-3.1.6-1.Final_redhat_00001.1.ep7.el7.src.rpm eap7-jbossws-cxf-5.1.11-1.Final_redhat_00001.1.ep7.el7.src.rpm eap7-log4j-jboss-logmanager-1.1.6-1.Final_redhat_00001.1.ep7.el7.src.rpm eap7-picketbox-5.0.3-2.Final_redhat_3.1.ep7.el7.src.rpm eap7-picketlink-bindings-2.5.5-14.SP12_redhat_2.1.ep7.el7.src.rpm eap7-picketlink-federation-2.5.5-14.SP12_redhat_2.1.ep7.el7.src.rpm eap7-undertow-1.4.18-8.SP9_redhat_00001.1.ep7.el7.src.rpm eap7-undertow-jastow-2.0.6-1.Final_redhat_00001.1.ep7.el7.src.rpm eap7-wildfly-7.1.5-4.GA_redhat_00002.1.ep7.el7.src.rpm

Read the Full Advisory


Advisory ID: RHSA-2018:3528-01
Product: Red Hat JBoss Enterprise Application Platform
Issue date: 2018-11-08

Topic

An update is now available for Red Hat JBoss Enterprise ApplicationPlatform 7.1 for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Relevant Releases Architectures

Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server - noarch, x86_64

Bugs Fixed

1624664 - CVE-2018-14627 JBoss/WildFly: iiop does not honour strict transport confidentiality

6. JIRA issues fixed (https://issues.redhat.com/):

JBEAP-14939 - (7.1.z) Upgrade Elytron from 1.1.10.Final to 1.1.11.Final

JBEAP-14950 - (7.1.z) Upgrade wildfly-client-config from 1.0.0 to 1.0.1

JBEAP-14958 - [GSS](7.1.z) Upgrade Undertow from 1.4.18.SP8 to 1.4.18.SP9

JBEAP-14987 - [GSS](7.1.z) Upgrade ActiveMQ Artemis from 1.5.5.jbossorg-013 to 1.5.5.jbossorg-014

JBEAP-14997 - [GSS](7.1.z) Upgrade Hibernate ORM from 5.1.15 to 5.1.16

JBEAP-15013 - [GSS](7.1.z) Upgrade to ironjacamar from 1.4.10 Final to 1.4.11 Final

JBEAP-15015 - Tracker bug for the EAP 7.1.5 release for RHEL-7

JBEAP-15025 - (7.1.z) Upgrade WildFly Core to 3.0.19.Final-redhat-1

JBEAP-15043 - (7.1.z) Upgrade PicketLink from 2.5.5.SP12 to 2.5.5.SP12-redhat-2

JBEAP-15065 - [GSS](7.1.z) Upgrade Migration Tool from 1.0.6.Final-redhat-3 to 1.0.7.Final-redhat-1

JBEAP-15072 - [GSS](7.1.z) Upgrade jboss-vfs to 3.2.13.Final

JBEAP-15129 - [GSS](7.1.z) Upgrade JBoss Modules from 1.6.4.Final-redhat-1 to 1.6.5.Final-redhat-1

JBEAP-15131 - [GSS](7.1.z) Upgrade Mojarra from 2.2.13.SP5 to 2.2.13.SP6

JBEAP-15170 - [GSS](7.1.z) Upgrade JBossWS Common from 3.1.5.Final to 3.1.6.Final

JBEAP-15216 - (7.1.z) Upgrade Elytron-Tool from 1.0.7 to 1.0.8.Final

JBEAP-15217 - (7.1.z) Upgrade Elytron Web from 1.0.1.Final to 1.0.2.Final

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.