RedHat: RHSA-2020-0728:01 Moderate: Red Hat Data Grid 7.3.4 security update

    Date 05 Mar 2020
    332
    Posted By LinuxSecurity Advisories
    An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: Red Hat Data Grid 7.3.4 security update
    Advisory ID:       RHSA-2020:0728-01
    Product:           Red Hat JBoss Data Grid
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:0728
    Issue date:        2020-03-05
    CVE Names:         CVE-2019-14838 
    =====================================================================
    
    1. Summary:
    
    An update for Red Hat Data Grid is now available.
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Description:
    
    Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the
    Infinispan project.
    
    This release of Red Hat Data Grid 7.3.4 serves as a replacement for Red Hat
    Data Grid 7.3.3 and includes bug fixes and enhancements, which are
    described in the Release Notes, linked to in the References section of this
    erratum.
    
    Security Fix(es):
    
    * wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and
    'Deployer' user by default (CVE-2019-14838)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    3. Solution:
    
    To install this update, do the following:
    
    1. Download the Data Grid 7.3.4 server patch from the customer portal.
    2. Back up your existing Data Grid installation. You should back up
    databases, configuration files, and so on.
    3. Install the Data Grid 7.3.4 server patch. Refer to the 7.3 Release Notes
    for patching instructions.
    4. Restart Data Grid to ensure the changes take effect.
    
    4. Bugs fixed (https://bugzilla.redhat.com/):
    
    1751227 - CVE-2019-14838 wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default
    
    5. References:
    
    https://access.redhat.com/security/cve/CVE-2019-14838
    https://access.redhat.com/security/updates/classification/#moderate
    https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=70381&product=data.grid&version=7.3&downloadType=patches
    https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index
    
    6. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXmD58tzjgjWX9erEAQhLSA/+M9UCHp9LEpy0IDRTjj0BZYpu/Wx2Wzlf
    HpH+HysKOAvO0fTQOo7CrcWIGWm76BVjPdkzIlhttCs96WfghCCVnIPg40fW26SH
    V2edEuVgok+gcPEbFb4IiG56/9M5So4VQ/jsvI0m1mH5+xHAU4R1cuYPPGITEHWw
    70vka3vs5PM2Y1A9rXz89Qhex/Zk4rlge29T/1tZIjQAAeWucuAEtA/902aLm+9P
    ecD3YwWcmEQCcjK03QjYmiCUnCU6aSFCZqWAyX2O5k9LUpROrJQO5zkuydF+hfny
    E8+dqs8UBD2aHny7duzmWa6UFe/uetmtLK4Aa7UTLr84hFKnGpEYcUJ3bBXXSOz9
    5CQOc4yt69klIkVNyk3Evmka/erDj3lj3F2YKu93s6HJQfxmAPsg3xoUrs4cTOmF
    E4NlV5UvvUJo9adNRzHGBbpdaOXq1wJc8QeaXMjhQOr4/p6XDS9ebtmnJbaJqrN/
    /1sZUxEO2DerO1zy6ws7TEuCzeFPHJrwQFXN0uso9aNJZoDvFqRbQWUHrhe7J0Dp
    ES6BVCUchqfa50XCTkmytLsFmdB5tL+asJWYWwNefIu1Lg8l22SMbzw0s1GJnuGj
    fXnzDCwHDdMj6VKhUjyLdDV1KPe/MMzEBwXcXwqi9P3O9bJC4eYy377iHked62z1
    PG26lBU0UZ4=
    =Hs6K
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"96","type":"x","order":"1","pct":80,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"18","type":"x","order":"2","pct":15,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"6","type":"x","order":"3","pct":5,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.