Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Red Hat JBoss EAP 7.2.0 Security Advisory: RHSA-2019-0139 Release

red hat
Calendar Grey January 22, 2019
Dist Redhat Esm H88
Red Hat has issued a moderate-level security update for JBoss EAP, fixing vulnerabilities that could compromise application security and performance
Red Hat JBoss Enterprise Application Platform 7.2.0 is now available

Solution

Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.

The References section of this erratum contains a download link (you must log in to download the update).

The JBoss server process must be restarted for the update to take effect.

Summary

Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.
This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1, and includes bug fixes and enhancements. Refer to the Red Hat JBoss Enterprise Application Platform 7.2.0 Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* picketlink: SAML request parser replaces special strings with system properties (CVE-2017-2582)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
The CVE-2017-2582 issue was discovered by Hynek Mlnarik (Red Hat).

Topics%20covered

Topics Covered

security advisory Red Hat software update Moderate SAML parsing JBoss Application

References

https://access.redhat.com/security/cve/CVE-2017-2582 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=distributions&version=7.2 https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.1 https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/index

Package List


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2019:0139-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2019:0139
Issue date: 2019-01-22

Topic

Red Hat JBoss Enterprise Application Platform 7.2.0 is now available.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory Red Hat software update Moderate SAML parsing JBoss Application

Relevant Releases Architectures

Bugs Fixed

1410481 - CVE-2017-2582 picketlink, keycloak: SAML request parser replaces special strings with system properties

5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects):

JBEAP-12932 - Upgrade WildFly Core to 4.0.1.Final

JBEAP-13189 - Upgrade Generic JMS RA 2.0.1.Final

JBEAP-13658 - Upgrade JGroups to 3.6.15.Final

JBEAP-13867 - [Artemis upgrade] Transformer interface was changed

JBEAP-13895 - [GSS](7.2.0) Upgrade picketlink from 2.5.5.SP8 to 2.5.5.SP9

JBEAP-14222 - (EL12) Upgrade Infinispan to 9.1.6.Final to 9.1.7.Final

JBEAP-14239 - (EL12) Upgrade Artemis to 1.5.5.009-redhat-1

JBEAP-14386 - (7.2.0.EO12) Upgrade slf4j from 1.7.22.redhat-1 to 1.7.22.redhat-2

JBEAP-14415 - Upgrade WildFly Core to 4.0.1.Final-redhat-1

JBEAP-14421 - Upgrade WildFly Elytron Tool to 1.1.4.Final

JBEAP-14422 - Upgrade WildFly Elytron to 1.2.4.Final

JBEAP-14427 - Upgrade Undertow to 2.0.0.SP1

JBEAP-14504 - Upgrade WildFly HTTP client 1.0.12.Final

JBEAP-14581 - (CD12) Upgrade FasterXML Jackson from 2.9.4.redhat-1 to 2.9.5.redhat-1

JBEAP-14811 - 7.2 - Migration Guide: Upgrade org.apache.santuario.xmlsec to 2.1.1. caused regression in PicketLinkSTS

JBEAP-14852 - Upgrade to Galleon 1.0.1.Final and Galleon Plugins 1.0.1.Final (core)

JBEAP-14853 - Upgrade to Galleon 1.0.1.Final and Galleon Plugins 1.0.1.Final (full)

JBEAP-14854 - [7.2] Migration Guide: document upgrade from Hibernate ORM 5.1 to 5.3

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here