RedHat: RHSA-2019-4117:01 Moderate: Open Liberty 19.0.0.12 Runtime security

    Date09 Dec 2019
    CategoryRed Hat
    203
    Posted ByLinuxSecurity Advisories
    A security update is now available for Open Liberty 19.0.0.12 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: Open Liberty 19.0.0.12 Runtime security update
    Advisory ID:       RHSA-2019:4117-01
    Product:           Open Liberty
    Advisory URL:      https://access.redhat.com/errata/RHSA-2019:4117
    Issue date:        2019-12-09
    =====================================================================
    
    1. Summary:
    
    A security update is now available for Open Liberty 19.0.0.12 from the
    Customer Portal.
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the originating Security Bulletin link(s) in the References section.
    
    2. Description:
    
    Open Liberty is a lightweight open framework for building fast and
    efficient cloud-native Java microservices. 
    
    This release of Open Liberty 19.0.0.12 serves as a replacement for Open
    Liberty 19.0.0.11 and includes bug fixes, enhancements, and security fixes.
    For specific information about this release, see links in the References
    section.
    
    Security Fix(es):
    
    * Information disclosure vulnerability in WebSphere Application Server
    (CVE-2019-4441)
    
    * Man in the middle vulnerability in WebSphere Application Server Liberty
    (CVE-2014-3603)
    
    * (CVE-2019-4663)
    
    For more details about the security issue(s), see the IBM Security Bulletin
    links for each CVE, listed in the References section.
    
    3. Solution:
    
    Before applying the update, back up your existing installation, including
    all applications, configuration files, databases and database settings, and
    so on.
    
    The References section of this erratum contains a download link (you must
    log in to download the update).
    
    4. References:
    
    https://access.redhat.com/security/updates/classification/#moderate
    https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=open.liberty&downloadType=distributions&version=19.0.0.12
    https://www.ibm.com/support/pages/security-bulletin-information-disclosure-vulnerability-websphere-application-server-cve-2019-4441
    https://www.ibm.com/support/pages/security-bulletin-man-middle-vulnerability-websphere-application-server-liberty-cve-2014-3603
    https://access.redhat.com/articles/4544981
    
    5. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2019 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXe5lqtzjgjWX9erEAQhNWQ//Xk+PeuJgLHstwIil06tNre6EmjZmTIoW
    0FVDY32xoAYacPvyHE/0O2TNQexd+CoS8x1cL6tgDKXx0lcfvpW2tXXBjUI4zfhy
    OGjEFn6r/2Z0m2IOJMDDC1Cy3Fp/rftbUl9FJYLtcvHgXYI5nRPA1taqfq20zqIp
    zbAvgfG8SVRC31FvHoAf8HA6wrYrjK6JUvp1+KbVk12xkkfnHchZg3GBXyViakQn
    lMmXenMGGXFJaaPfnqErWFDiE9bvSKtQBbQWW7fWViaPASGI0ESnbTFf+Unzxht2
    jf9/5313g54U8q7NXjucP/TsJi0VuwfkLZJVGXuMUUVNKxWXzjJL0aoLyIPAkuj7
    X+cOJXnHWxVTqaTIsyMi+tZICoQqvYS98fuPYLXSoK9gnf+cZHefDEcvWJRPIa0g
    D6PNVUvj7Nwi4zqrxAuxPEW0oIuw5O2u8fsAORrzI4hGv+6KeVQ2IK2OGK/T9S7a
    kDS8nG+rZT7+/10xI7VLyHwR93xT8aE8NGBPquKE3g5K1yTeCnQsn3JShVdfgm5g
    YorqYZWZrerKBwL70z1wQTYl747VSsykUrtJKBHhgYI0bmBa38weF/CCELrQE3B9
    VzSfPI1jtUgAolbs6euQbGVhrsQ3rjdNgi4GfH+HhC6cv/+Dz4yU3Abs0Kvk+eC6
    A2wdk90F/kI=
    =xUYG
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"82","type":"x","order":"1","pct":56.16,"resources":[]},{"id":"88","title":"Should be more technical","votes":"22","type":"x","order":"2","pct":15.07,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"42","type":"x","order":"3","pct":28.77,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.