Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Critical Red Hat JBoss Web Server 3.1 RHSA-2019:1712 Vulnerabilities Alert

red hat
Calendar Grey July 9, 2019
Dist Redhat Esm H88
A significant security patch for Red Hat JBoss Application Server 3.1 tackles severe problems and defects linked to resolved weaknesses.
An update is now available for Red Hat JBoss Web Server 3.1

Solution

Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Summary

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 3.1 Service Pack 7 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* tomcat: Remote Code Execution on Windows (CVE-2019-0232) * openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory denial of service remote code execution bug fix Red Hat JBoss service pack update

References

https://access.redhat.com/security/cve/CVE-2018-0739 https://access.redhat.com/security/cve/CVE-2019-0232 https://access.redhat.com/security/updates/classification#important https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/3.1/html/3.1.0_release_notes/index

Package List


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2019:1712-01
Product: Red Hat JBoss Web Server
Advisory URL: https://access.redhat.com/errata/RHSA-2019:1712
Issue date: 2019-07-09

Topic

An update is now available for Red Hat JBoss Web Server 3.1.Red Hat Product Security has rated this release as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory denial of service remote code execution bug fix Red Hat JBoss service pack update

Relevant Releases Architectures

Bugs Fixed

1561266 - CVE-2018-0739 openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service

1701056 - CVE-2019-0232 tomcat: Remote Code Execution on Windows

5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects):

JWS-1303 - Body text property replacement fails [jws3]

JWS-1414 - Tomcat frequently hangs at startup when Jolokia loads certificate [jws-3]

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here