RedHat: RHSA-2020-2169:01 Moderate: Red Hat JBoss Enterprise Application

    Date 14 May 2020
    176
    Posted By LinuxSecurity Advisories
    An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: Red Hat JBoss Enterprise Application Platform 6.4 security update
    Advisory ID:       RHSA-2020:2169-01
    Product:           Red Hat JBoss Enterprise Application Platform
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:2169
    Issue date:        2020-05-14
    CVE Names:         CVE-2019-14885 
    =====================================================================
    
    1. Summary:
    
    An update is now available for Red Hat JBoss Enterprise Application
    Platform 6.4 for Red Hat Enterprise Linux 5, 6, and 7.
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server - noarch
    Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server - noarch
    Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server - noarch
    
    3. Description:
    
    Red Hat JBoss Enterprise Application Platform is a platform for Java
    applications based on the JBoss Application Server.
    
    This asynchronous patch is an update for JBoss Enterprise Application
    Platform 6.4 for Red Hat Enterprise Linux 5, 6, and 7. All users of Red Hat
    JBoss Enterprise Application Platform 6.4 are advised to upgrade to this
    updated package.
    
    Security Fix(es):
    
    * jboss-cli: JBoss EAP: Vault system property security attribute value is
    revealed on CLI 'reload' command (CVE-2019-14885)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, and other related information, see the CVE page(s) listed in the
    References section.
    
    4. Solution:
    
    Before applying this update, ensure all previously released errata relevant
    to your system have been applied. The JBoss server process must be
    restarted for the update to take effect.
    
    For details about how to apply this update, see:
    
    https://access.redhat.com/articles/11258
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1770615 - CVE-2019-14885 JBoss EAP: Vault system property security attribute value is revealed on CLI 'reload' command
    
    6. Package List:
    
    Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server:
    
    Source:
    jboss-as-controller-7.5.22-3.Final_redhat_4.1.ep6.el5.src.rpm
    jboss-as-server-7.5.22-3.Final_redhat_4.1.ep6.el5.src.rpm
    jboss-as-weld-7.5.22-3.Final_redhat_4.1.ep6.el5.src.rpm
    
    noarch:
    jboss-as-controller-7.5.22-3.Final_redhat_4.1.ep6.el5.noarch.rpm
    jboss-as-server-7.5.22-3.Final_redhat_4.1.ep6.el5.noarch.rpm
    jboss-as-weld-7.5.22-3.Final_redhat_4.1.ep6.el5.noarch.rpm
    
    Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server:
    
    Source:
    jboss-as-controller-7.5.22-3.Final_redhat_4.1.ep6.el6.src.rpm
    jboss-as-server-7.5.22-3.Final_redhat_4.1.ep6.el6.src.rpm
    jboss-as-weld-7.5.22-3.Final_redhat_4.1.ep6.el6.src.rpm
    
    noarch:
    jboss-as-controller-7.5.22-3.Final_redhat_4.1.ep6.el6.noarch.rpm
    jboss-as-server-7.5.22-3.Final_redhat_4.1.ep6.el6.noarch.rpm
    jboss-as-weld-7.5.22-3.Final_redhat_4.1.ep6.el6.noarch.rpm
    
    Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server:
    
    Source:
    jboss-as-controller-7.5.22-3.Final_redhat_4.1.ep6.el7.src.rpm
    jboss-as-server-7.5.22-3.Final_redhat_4.1.ep6.el7.src.rpm
    jboss-as-weld-7.5.22-3.Final_redhat_4.1.ep6.el7.src.rpm
    
    noarch:
    jboss-as-controller-7.5.22-3.Final_redhat_4.1.ep6.el7.noarch.rpm
    jboss-as-server-7.5.22-3.Final_redhat_4.1.ep6.el7.noarch.rpm
    jboss-as-weld-7.5.22-3.Final_redhat_4.1.ep6.el7.noarch.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2019-14885
    https://access.redhat.com/security/updates/classification/#moderate
    https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/6.4/
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXr02FtzjgjWX9erEAQgRIA//S87xqlBXwi354hpcQQ1txqbhDC1Tol7Q
    1Q+g36e8hVJYTzI7S40qFncmp6bc61dt/aFBbAZrKvDgRiMwCbASAtm0otDoc9B9
    SS61QomV5GV6uc/sTjhxwrcgAnhBlOiiyAWFr34X+4TL+0Nv5oSm3zc+2Qh6rf1N
    JSTB6kCXoun/+xuJr3b/A4vLhFsbNGJu38wqyau3hUmNmDJj94ixfLy55CmAnBn/
    /xFI5BGoj7bpEBad5B54jnkXm0Nstzj+NE5ySOTFO6VyPqklQNElsfIYmC2mTdBd
    LlCWGGytOGtrmqofMfUgaB1zWUMJHKgFgp9Dk3YSx8hz4KEmywh/wCQWkVmgpIOx
    R0lNSo9dAfMI/qGHG0Utm+WkqKQt2Em4TE5ppV4EURvuUUtKq9L13q0z0SbhbyGL
    z4HdXfGtZP4OCe8+J74LJxfp2pIlNMWF6IuRR15U5kdwEdMQIKwUkVi9vp1QlYwO
    UM9DKwMdYBJHlA15lFXzXOkLnGbkNoEmnzKCNK5DOFCANEL/3BQTBP+396Ws7h4b
    RO2zZX23/7yaoHSto5bIF0oaRNI6ySblh3lUDojGiDTlkHkMptjOHO6JcRbpkUbF
    p0rw+Sv6ovKX2vfCAmOlFeLF+IBV+ENfboWT18V0IXkYfpQzKASc4E4rjuk7GwKw
    X4m3m9FbT10=
    =OO4J
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    How do you feel about the elimination of the terms 'blacklist' and 'slave' from the Linux kernel?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/32-how-do-you-feel-about-the-elimination-of-the-terms-blacklist-and-slave-from-the-linux-kernel?task=poll.vote&format=json
    32
    radio
    [{"id":"112","title":"I strongly support this change - racially charged language should not be used in the code and documentation of the kernel and other open-source projects.","votes":"3","type":"x","order":"1","pct":42.86,"resources":[]},{"id":"113","title":"I'm indifferent - this small change will not affect broader issues of racial insensitivity and white privilege.","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"114","title":"I'm opposed to this change - there is no need to change language that has been used for years. It doesn't make sense for people to take offense to terminology used in community projects.","votes":"2","type":"x","order":"3","pct":28.57,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.