RedHat: RHSA-2020-0481:01 Important: Red Hat JBoss Fuse/A-MQ 6.3 R15

    Date 12 Feb 2020
    647
    Posted By LinuxSecurity Advisories
    An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Important: Red Hat JBoss Fuse/A-MQ 6.3 R15 security and bug fix update
    Advisory ID:       RHSA-2020:0481-01
    Product:           Red Hat JBoss Fuse
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:0481
    Issue date:        2020-02-12
    CVE Names:         CVE-2015-9251 CVE-2019-10174 
    =====================================================================
    
    1. Summary:
    
    An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss
    A-MQ 6.3.
    
    Red Hat Product Security has rated this update as having a security impact
    of Important. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each vulnerability
    from the CVE link(s) in the References section.
    
    2. Description:
    
    Red Hat Fuse provides a small-footprint, flexible, open source enterprise
    service bus and integration platform. Red Hat A-MQ is a standards compliant
    messaging system that is tailored for use in mission critical applications.
    
    This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It
    includes bug fixes, which are documented in the patch notes accompanying
    the package on the download page. See the download link given in the
    references section below.
    
    Security fix(es):
    
    * infinispan: invokeAccessibly method from ReflectionUtil class allows to
    invoke private methods (CVE-2019-10174)
    
    * js-jquery: Cross-site scripting via cross-domain ajax requests
    (CVE-2015-9251)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, and other related information, refer to the CVE page(s) listed in
    the References section.
    
    3. Solution:
    
    Before applying the update, back up your existing installation, including
    all applications, configuration files, databases and database settings, and
    so on.
    
    Installation instructions are located in the download section of the
    customer portal.
    
    The References section of this erratum contains a download link (you must
    log in to download the update).
    
    4. Bugs fixed (https://bugzilla.redhat.com/):
    
    1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests
    1703469 - CVE-2019-10174 infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods
    
    5. References:
    
    https://access.redhat.com/security/cve/CVE-2015-9251
    https://access.redhat.com/security/cve/CVE-2019-10174
    https://access.redhat.com/security/updates/classification/#important
    https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.broker&downloadType=securityPatches&version=6.3.0
    https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=securityPatches&version=6.3
    https://access.redhat.com/documentation/en-us/red_hat_jboss_fuse/6.3/html/release_notes/index
    
    6. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXkQZStzjgjWX9erEAQgBIw/+NsU6N6p0YmMzXfske+iV+O0Oe13EStOB
    bPzwKV+9QUHfmRdIy7o3kUEviONKf/9ZbV33k7ZK3NjWaKD2ykAPCIuJezHrdpi5
    eo1lbdNwmZlk0UJp9FniI/Z7+nidmasKBx07uCXiHPNGUe/JqNV9+qiZl9pn0NOJ
    KT2VeiliMyW2OhBBhiEf8c55SSeRTvo951d+K13V62CgQEnGrD3+4pjiqfnjkZtv
    s9UbPRLlF0wMdaYm4YkUxLdmU48X/hUzlSLiW7OSrT/eN/Lc76ScUq1MiTc0/H66
    59yaii+0Wtz3SHUtLtrPX+TOwf2rr7x82aG5vYuFjOcyTeZE/cwYdRcbBhRp1apH
    dd7eSCeBbGw5XSLB4u2eTX6BQgClV17DgftOUUHnjiop+d7btIP7SMrFPlvewxKY
    OahEMt50FWJP5flYIHAIuaPuu+dsCIwtvpcKpjvaeW+lriuyeN41G6VqlPXByX/q
    zUXgev5wNWHmWgdUFDi8BDiXvgjPUMKuK489TeBDm7bhC12gFkcZ0I7YR0n3ARSJ
    AjMQt4aL19hoE70WzjpkRBxkb5gfP5nEllVe/+9afyhQCIEk+1Bg6d8zsiGEdrvR
    gTyxKvGmEAtYYjY62uYQ0JYr1kePLpZsIi9/tgSV2ZUA4391xtj2S0Ue9nzze1RA
    EVPwFRkVQq4=
    =ATwj
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    Do you feel that the Lawful Access to Encrypted Data Act, which aims to force encryption backdoors, is a threat to US citizens' privacy?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/30-do-you-feel-that-the-lawful-access-to-encrypted-data-act-which-aims-to-force-encryption-backdoors-is-a-threat-to-privacy?task=poll.vote&format=json
    30
    radio
    [{"id":"106","title":"Yes - I am a privacy advocate and I am strongly opposed to this bill.","votes":"7","type":"x","order":"1","pct":100,"resources":[]},{"id":"107","title":"I'm undecided - it has its pros and cons.","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"108","title":"No - I support this bill and feel that it will help protect against crime and threats to our national security. ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.