RedHat: RHSA-2020-0729:01 Important: Red Hat Data Grid 7.3.5 security update

    Date 05 Mar 2020
    366
    Posted By LinuxSecurity Advisories
    An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Important: Red Hat Data Grid 7.3.5 security update
    Advisory ID:       RHSA-2020:0729-01
    Product:           Red Hat JBoss Data Grid
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:0729
    Issue date:        2020-03-05
    CVE Names:         CVE-2015-9251 CVE-2019-14888 CVE-2019-14892 
                       CVE-2019-14893 CVE-2019-16335 
    =====================================================================
    
    1. Summary:
    
    An update for Red Hat Data Grid is now available.
    
    Red Hat Product Security has rated this update as having a security impact
    of Important. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each vulnerability
    from the CVE link(s) in the References section.
    
    2. Description:
    
    Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the
    Infinispan project.
    
    This release of Red Hat Data Grid 7.3.5 serves as a replacement for Red Hat
    Data Grid 7.3.4 and includes bug fixes and enhancements, which are
    described in the Release Notes, linked to in the References section of this
    erratum.
    
    Security Fix(es):
    
    * undertow: possible Denial Of Service (DOS) in Undertow HTTP server
    listening on HTTPS (CVE-2019-14888)
    
    * js-jquery: Cross-site scripting via cross-domain ajax requests
    (CVE-2015-9251)
    
    * jackson-databind: Serialization gadgets in classes of the
    commons-configuration package (CVE-2019-14892)
    
    * jackson-databind: Serialization gadgets in classes of the xalan package
    (CVE-2019-14893)
    
    * jackson-databind: polymorphic typing issue related to
    com.zaxxer.hikari.HikariDataSource (CVE-2019-16335)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    3. Solution:
    
    To install this update, do the following:
    
    1. Download the Data Grid 7.3.5 server patch from the customer portal.
    2. Back up your existing Data Grid installation. You should back up
    databases, configuration files, and so on.
    3. Install the Data Grid 7.3.5 server patch. Refer to the 7.3 Release Notes
    for patching instructions.
    4. Restart Data Grid to ensure the changes take effect.
    
    4. Bugs fixed (https://bugzilla.redhat.com/):
    
    1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests
    1755831 - CVE-2019-16335 jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariDataSource
    1758171 - CVE-2019-14892 jackson-databind: Serialization gadgets in classes of the commons-configuration package
    1758182 - CVE-2019-14893 jackson-databind: Serialization gadgets in classes of the xalan package
    1772464 - CVE-2019-14888 undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS
    
    5. References:
    
    https://access.redhat.com/security/cve/CVE-2015-9251
    https://access.redhat.com/security/cve/CVE-2019-14888
    https://access.redhat.com/security/cve/CVE-2019-14892
    https://access.redhat.com/security/cve/CVE-2019-14893
    https://access.redhat.com/security/cve/CVE-2019-16335
    https://access.redhat.com/security/updates/classification/#important
    https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=70381&product=data.grid&version=7.3&downloadType=patches
    https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index
    
    6. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXmD64dzjgjWX9erEAQhVEw//YhsuCp6jWyCTmV4ityeuQbAfugDZbDil
    UgLHKB9LytAPXZunO8F+JpvNUAjTuPuJCXoTLY75Qz50v1Tdi1sCFr4oeQcpwkTZ
    L3+x5F4p8B+xAWTtmP+dM/36OClSLDvKcT+wLcwIZs9uUhXt5a/eMcbGkEvDRqeS
    56WULWu2uHYhOPr3l7SaL3V0+7GTH3QsaeqNTohn8wsSjsdVWJwh4L8St1MVdPiI
    qraV1nN5DY0uqHfkIdZJY5dnhJ43PVvSgf9TS+0GFYZN78F9FMQQi94MRHQbNOuc
    LJrbiVXWgyDBIPJCA0Nu5TYutIdRcD6agHXeFay2SRCEMxfXdtFVEstInAOMy7g8
    daH7DGPvNG9tyC32uKJpq11/3qCulfJ2WzIocuLUnBTg13pjhpOGTSG5h+kxTybR
    IU83IP24lVZOdkbXv/9GBWPwyOPpZO1IO7zUTaGPoRbGW+167pRoMp8LG28NCth3
    mENbW2oBk/sAQbiUQ6oQntKmLBOC4yQDAskvWTf82csrcve0kAcOCFU5ivnRt4Mf
    mePrVsHc1O/WHFyoZP9TPX99h0jYKHKxP8VE81RT2MkQmnPkL1UQcnFmtutcVqEd
    LNNW7Y8V6thdeZRspwAR575lqYzq59dNkGeINHuWTv4DWHQTneVcJB7a1fAvcFB6
    6hUzIjSDmgY=
    =NGTq
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"96","type":"x","order":"1","pct":80,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"18","type":"x","order":"2","pct":15,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"6","type":"x","order":"3","pct":5,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.