Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Red Hat JBoss EAP 14: RHSA-2020-2563-01 Important Security Update

red hat
Calendar Grey June 15, 2020
Dist Redhat Esm H88
Crucial security patch released for JBoss EAP Continuous Delivery 14.0, featuring essential remedies for significant vulnerabilities. Ensure your safety!
This is a security update for JBoss EAP Continuous Delivery 14.0

Solution

Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.

You must restart the JBoss server process for the update to take effect.

The References section of this erratum contains a download link (you must log in to download the update)

Summary

Red Hat JBoss Enterprise Application Platform CD14 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform CD14 includes bug fixes and enhancements.
Security Fix(es):
* XML Frameworks: JBoss: JAXP in EAP 7.0 allows RCE via XSL (CVE-2017-7465)
* XML Frameworks: TransformerFactory in JBoss EAP 7 is vulnerable to XXE (CVE-2017-7503)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory Red Hat security impact important update issue fix application platform EAP Continuous Delivery

References

https://access.redhat.com/security/cve/CVE-2017-7465 https://access.redhat.com/security/cve/CVE-2017-7503 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=eap-cd&version=14

Package List


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2020:2563-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2563
Issue date: 2020-06-15

Topic

This is a security update for JBoss EAP Continuous Delivery 14.0.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory Red Hat security impact important update issue fix application platform EAP Continuous Delivery

Relevant Releases Architectures

Bugs Fixed

1439980 - CVE-2017-7465 JBoss: JAXP in EAP 7.0 allows RCE via XSL

1451960 - CVE-2017-7503 EAP: XXE issue in TransformerFactory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here