RedHat: RHSA-2019-1712:01 Important: Red Hat JBoss Web Server 3.1 Service

    Date09 Jul 2019
    1670
    Posted ByLinuxSecurity Advisories
    An update is now available for Red Hat JBoss Web Server 3.1. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Important: Red Hat JBoss Web Server 3.1 Service Pack 7 security and bug fix update
    Advisory ID:       RHSA-2019:1712-01
    Product:           Red Hat JBoss Web Server
    Advisory URL:      https://access.redhat.com/errata/RHSA-2019:1712
    Issue date:        2019-07-09
    CVE Names:         CVE-2018-0739 CVE-2019-0232 
    =====================================================================
    
    1. Summary:
    
    An update is now available for Red Hat JBoss Web Server 3.1.
    
    Red Hat Product Security has rated this release as having a security impact
    of Important. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each vulnerability
    from the CVE link(s) in the References section.
    
    2. Description:
    
    Red Hat JBoss Web Server is a fully integrated and certified set of
    components for hosting Java web applications. It is comprised of the Apache
    HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector
    (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat
    Native library.
    
    This release of Red Hat JBoss Web Server 3.1 Service Pack 7 serves as a
    replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which
    are documented in the Release Notes document linked to in the References.
    
    Security Fix(es):
    
    * tomcat: Remote Code Execution on Windows (CVE-2019-0232)
    * openssl: Handling of crafted recursive ASN.1 structures can cause a stack
    overflow and resulting denial of service (CVE-2018-0739)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    3. Solution:
    
    Before applying the update, back up your existing Red Hat JBoss Web Server
    installation (including all applications and configuration files).
    
    For details on how to apply this update, refer to:
    
    https://access.redhat.com/articles/11258
    
    4. Bugs fixed (https://bugzilla.redhat.com/):
    
    1561266 - CVE-2018-0739 openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service
    1701056 - CVE-2019-0232 tomcat: Remote Code Execution on Windows
    
    5. JIRA issues fixed (https://issues.jboss.org/):
    
    JWS-1303 - Body text property replacement fails [jws3]
    JWS-1414 - Tomcat frequently hangs at startup when Jolokia loads certificate [jws-3]
    
    6. References:
    
    https://access.redhat.com/security/cve/CVE-2018-0739
    https://access.redhat.com/security/cve/CVE-2019-0232
    https://access.redhat.com/security/updates/classification/#important
    https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/3.1/html/3.1.0_release_notes/index
    
    7. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2019 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXSSdM9zjgjWX9erEAQjiyBAAm7poF66coR0wLnb9mmsmEl5gT8+oqM+Z
    QByRSEmp+cOIzzmz2JA0oRAAiq6if7D8jbcnK0+bEO9upkje9EDT7Y0whjq4zui4
    q938wRWMS4OoxGqWqYwPJZV9WVTbshHTaQ42dBPjDtE64P7o/ZJgbshO/znVDTFK
    crIC4h5GLawcBsGCApcGkxlfJQG/VzhTdBQkrVJGM4ovZ7zgFASNkQdoHN4x9st3
    NPZPDO3TbhKBougI9D8UcfqOLUvkGaMljYnqAsbheXb1T1E0gX3mNO/qfc7lVdKO
    Yh2tNL+sfHAa6/EQ9bH7OKsdxhR4szeCV/os8i7NSJgN0QbwpOsAXTi4T80wphl2
    krX3EPL3/Xsp9u+FMA2dkPXSUAJAEob++7p4r6tEEg4Q8q8wdx59Del4ERESos2W
    TccjjszCnT+OVTdpLRkf7LIjS+bTUsnnICTdyXKWATIEeZOYah4AsNPEfFFAFs3G
    Ln+kJ/tMkAEaR7J3uZqRIn0YtZVJhRoKQrB8iV49ItK2TIih+EvUCQhgu/MSFTUd
    9dPZwkJDLOzJnHF6YIFZoo8wIwgiszMBgMJQRZisJsgysd6jtJUAE4ye/wL9TRkk
    YPK4uuXnE486odfCu4gSeSrc2/Z+xIej6IwSaFcHbJR3u5rLKd1i/QzupciOFIJC
    PR68zb1PfGo=
    =WmTT
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"90","type":"x","order":"1","pct":78.95,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"18","type":"x","order":"2","pct":15.79,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"6","type":"x","order":"3","pct":5.26,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.