RedHat: RHSA-2019-1326:01 Important: Red Hat JBoss Fuse/A-MQ 6.3 R12

    Date04 Jun 2019
    CategoryRed Hat
    2739
    Posted ByLinuxSecurity Advisories
    Redhat Large
    An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Important: Red Hat JBoss Fuse/A-MQ 6.3 R12 security and bug fix update
    Advisory ID:       RHSA-2019:1326-01
    Product:           Red Hat JBoss Fuse
    Advisory URL:      https://access.redhat.com/errata/RHSA-2019:1326
    Issue date:        2019-06-04
    CVE Names:         CVE-2017-15089 
    =====================================================================
    
    1. Summary:
    
    An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss
    A-MQ 6.3.
    
    Red Hat Product Security has rated this update as having a security impact
    of Important. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each vulnerability
    from the CVE link(s) in the References section.
    
    2. Description:
    
    Red Hat Fuse provides a small-footprint, flexible, open source enterprise
    service bus and integration platform. Red Hat A-MQ is a standards compliant
    messaging system that is tailored for use in mission critical applications.
    
    This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It
    includes bug fixes, which are documented in the patch notes accompanying
    the package on the download page. See the download link given in the
    references section below.
    
    Security fix(es):
    
    * infinispan: Unsafe deserialization of malicious object injected into data
    cache (CVE-2017-15089)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, and other related information, refer to the CVE page(s) listed in
    the References section.
    
    3. Solution:
    
    Before applying the update, back up your existing installation, including
    all applications, configuration files, databases and database settings, and
    so on.
    
    Installation instructions are located in the download section of the
    customer portal.
    
    The References section of this erratum contains a download link (you must
    log in to download the update).
    
    4. Bugs fixed (https://bugzilla.redhat.com/):
    
    1503610 - CVE-2017-15089 infinispan: Unsafe deserialization of malicious object injected into data cache
    
    5. References:
    
    https://access.redhat.com/security/cve/CVE-2017-15089
    https://access.redhat.com/security/updates/classification/#important
    https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.broker&downloadType=securityPatches&version=6.3.0
    https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=securityPatches&version=6.3
    
    6. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2019 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXPaBYNzjgjWX9erEAQi+JQ//WshZagfiHJGT+KUCfcOjNkSmqDp59hP9
    UQZ/Y9VVefgUmDnBVUdVGAdYQ/7vIS2ytJJZAH3/79EpeL3aRsc71NwZUPi9y4k0
    N0c24dNJ6ENFXeweNlzoVtjhbaOBhf5017ltnmiLsdmhXs7IKIXRilrdWOhnDgtC
    BByIc5cdycM3LGbgpEhLOxgAU6EiuZJRHgnuX3zM32wf1x7gfOVEgZoUp7HqZjoq
    3R449Vxs1yfdPoGEVwQ5OxENrV0MIwH9tj1Ol2DA/OmT+v6MMSGYzq6JFTbmIgqr
    PAH9xPwbAOya8kr2bgOqXG0NDJx7NAqXYc0SUFEK7VDgHIgxJKKCSCNGRqcsCdkV
    suAs7uDw/AwTuwhJo8hLNSbr46G7DIzNGgVvOAKOn1rCGnSqn275Q3RpePLy3EPG
    XvYdHJH5rR1Wsx1TL9+SHpg7UrUarvxcWW+csb+e+RxtNupIvAetQTtIlINDNjoq
    K4tWFOJ6XRBbiANXTalbH4wyCLPCmvisd4AB0udpfQTz5T4O46lP7ftqSsVGzOau
    6ZAUAdI1uwSedyG2LqTlrMSpYo95E/GvFqdCG14T5x3+tnTq32MTz8mIUtGlb/Xg
    hhzGtkLucY40EY3cXl1dtSy597o586chLIGNdz8OA44Q84sUo4TaBKe++uoHVWyO
    YK0xhWaJG5o=
    =rtwJ
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"39","type":"x","order":"1","pct":52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"10","type":"x","order":"2","pct":13.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"26","type":"x","order":"3","pct":34.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.