RedHat: RHSA-2019-1545:01 Important: Red Hat Fuse 7.3.1 security update

    Date18 Jun 2019
    CategoryRed Hat
    3194
    Posted ByLinuxSecurity Advisories
    A micro version update (from 7.3 to 7.3.1) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Important: Red Hat Fuse 7.3.1 security update
    Advisory ID:       RHSA-2019:1545-01
    Product:           Red Hat JBoss Fuse
    Advisory URL:      https://access.redhat.com/errata/RHSA-2019:1545
    Issue date:        2019-06-18
    CVE Names:         CVE-2016-2510 CVE-2017-5645 CVE-2017-15691 
                       CVE-2018-3258 CVE-2018-11798 
    =====================================================================
    
    1. Summary:
    
    A micro version update (from 7.3 to 7.3.1) is now available for Red Hat
    Fuse. The purpose of this text-only errata is to inform you about the
    security issues fixed in this release.
    
    Red Hat Product Security has rated this update as having a security impact
    of Important. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each vulnerability
    from the CVE link(s) in the References section.
    
    2. Description:
    
    This release of Red Hat Fuse 7.3.1 serves as a replacement for Red Hat Fuse
    7.3, and includes bug fixes and enhancements, which are documented in the
    Release Notes document linked to in the References.
    
    Security Fix(es):
    
    * bsh2: remote code execution via deserialization (CVE-2016-2510)
    
    * log4j: Socket receiver deserialization vulnerability (CVE-2017-5645)
    
    * uima: XML external entity expansion (XXE) can allow attackers to execute
    arbitrary code (CVE-2017-15691)
    
    * mysql-connector-java: Connector/J unspecified vulnerability (CPU October
    2018) (CVE-2018-3258)
    
    * thrift: Improper Access Control grants access to files outside the
    webservers docroot path (CVE-2018-11798)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, and other related information, refer to the CVE page(s) listed in
    the References section.
    
    3. Solution:
    
    Before applying the update, back up your existing installation, including
    all applications, configuration files, databases and database settings, and
    so on.
    
    Installation instructions are available from the Fuse 7.3.0 product
    documentation page:
    https://access.redhat.com/documentation/en-us/red_hat_fuse/7.3/
    
    4. Bugs fixed (https://bugzilla.redhat.com/):
    
    1310647 - CVE-2016-2510 bsh2: remote code execution via deserialization
    1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability
    1572463 - CVE-2017-15691 uima: XML external entity expansion (XXE) can allow attackers to execute arbitrary code
    1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018)
    1667188 - CVE-2018-11798 thrift: Improper Access Control grants access to files outside the  webservers docroot path
    
    5. References:
    
    https://access.redhat.com/security/cve/CVE-2016-2510
    https://access.redhat.com/security/cve/CVE-2017-5645
    https://access.redhat.com/security/cve/CVE-2017-15691
    https://access.redhat.com/security/cve/CVE-2018-3258
    https://access.redhat.com/security/cve/CVE-2018-11798
    https://access.redhat.com/security/updates/classification/#important
    https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.3.1
    https://access.redhat.com/documentation/en-us/red_hat_fuse/7.3
    
    6. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2019 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXQlBI9zjgjWX9erEAQh77w/+PsSuUAlieEwI9nv+bv7r8zfDnPx4c6yB
    EoLphmrN/thQ4cuBmPOjZjhoHuvxFNxPN8+n4s21qSJiPLDWdBZ37JPyukSQqKOo
    OvZwGOiSiQrvo0kWZIDwnSv6eqv5V2CfLW2BZpVYdpx/SN24LeKX9E9hDC4E/4+p
    oE3xc27npAkmkVwmLlESuQyPTzAMYL+gWgbxaz9U2YCyxqEPnqnfFqhGsa5SPJhf
    GfSVjCH6ck6RXf6rARZWJSCakP5NWK5zJ2DHYFEUyf1/hKrtvG5/8ndGF8CjuQ+I
    Tx1VzoEJXjM6FRihnoWZsE/e3jjNi6+32tqVrgAnWwdegozKvOU/MLBw8tTdul1g
    6ivX51OrOdosa13gEpLWdk/yBlbeB0LKRiSnpy+ireTvd6cy657p+F6gXyS7qqA1
    hlpNWqSp/iGY3wU5+z3XbGuY0eElkvYtj6itTxsBY7xW+s/GR10PkHQPvpSCHPv2
    3uFWBu10QPdx6IF2CNHs1NAToQcgonIYmx5zcO8u06RJ7smvwZT2uVYEtWUqAn1X
    KqRjMLTXrp0uYPiBvZcAfZ+w3N4dhzUjN82aJGtU+Vz+hyP9vkQMGFNuMx5fANVL
    cUuFrK1uqLVNXjaLQe4YRknSDJpyWeAa4NvEDTKpPLTcLn0UhpiXo64N2g+A2RKb
    zlWsqxiu5w0=
    =He6i
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Do you read our distribution advisories on a regular basis?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    23
    radio
    [{"id":"84","title":"Yes, for a single distribution","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"85","title":"Yes, for multiple distributions","votes":"5","type":"x","order":"2","pct":62.5,"resources":[]},{"id":"86","title":"No","votes":"3","type":"x","order":"3","pct":37.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.