-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: Red Hat build of Thorntail 2.7.0 security and bug fix update
Advisory ID:       RHSA-2020:2905-01
Product:           Red Hat OpenShift Application Runtimes
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:2905
Issue date:        2020-07-23
CVE Names:         CVE-2019-12423 CVE-2019-17573 CVE-2020-1695 
                   CVE-2020-1697 CVE-2020-1698 CVE-2020-1714 
                   CVE-2020-1718 CVE-2020-1719 CVE-2020-1724 
                   CVE-2020-1727 CVE-2020-1732 CVE-2020-1744 
                   CVE-2020-1745 CVE-2020-1757 CVE-2020-6950 
                   CVE-2020-10688 CVE-2020-10705 CVE-2020-10719 
====================================================================
1. Summary:

An update is now available for Red Hat build of Thorntail.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each
vulnerability. For more information, see the CVE links in the References
section.

2. Description:

This release of Red Hat build of Thorntail 2.7.0 includes security updates,
bug fixes, and enhancements. For more information, see the release notes
listed in the References section.

Security Fix(es):

* Wildfly: EJBContext principal is not popped back after invoking another
EJB using a different Security Domain (CVE-2020-1719)

* cxf: reflected XSS in the services listing page (CVE-2019-17573)

* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)

* Mojarra: Path traversal via either the loc parameter or the con
parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)

* resteasy: Improper validation of response header in
MediaTypeHeaderDelegate.java class (CVE-2020-1695)

* undertow: servletPath is normalized incorrectly leading to dangerous
application mapping which could result in security bypass (CVE-2020-1757)

* keycloak: stored XSS in client settings via application links
(CVE-2020-1697)

* keycloak: problem with privacy after user logout (CVE-2020-1724)

* keycloak: Password leak by logged exception in HttpMethod class
(CVE-2020-1698)

* cxf: OpenId Connect token service does not properly validate the clientId
(CVE-2019-12423)

* Soteria: security identity corruption across concurrent threads
(CVE-2020-1732)

* keycloak: missing input validation in IDP authorization URLs
(CVE-2020-1727)

* keycloak: failedLogin Event not sent to BruteForceProtector when using
Post Login Flow with Conditional-OTP (CVE-2020-1744)

* keycloak: security issue on reset credential flow (CVE-2020-1718)

* keycloak: Lack of checks in ObjectInputStream leading to Remote Code
Execution (CVE-2020-1714)

* RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected
XSS attack (CVE-2020-10688)

* undertow: invalid HTTP request with large chunk size (CVE-2020-10719)

* undertow: Memory exhaustion issue in HttpReadListener via "Expect: 100-
continue" header (CVE-2020-10705)

For more details about the security issues and their impact, the CVSS
score, acknowledgements, and other related information, see the CVE pages
listed in the References section.

3. Solution:

Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on.

The References section of this erratum contains a download link for the
update. You must be logged in to download the update.

4. Bugs fixed (https://bugzilla.redhat.com/):

1705975 - CVE-2020-1714 keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution
1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class
1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass
1790292 - CVE-2020-1698 keycloak: Password leak by logged exception in HttpMethod class
1791538 - CVE-2020-1697 keycloak: stored XSS in client settings via application links
1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain
1796756 - CVE-2020-1718 keycloak: security issue on reset credential flow
1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId
1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page
1800527 - CVE-2020-1724 keycloak: problem with privacy after user logout
1800573 - CVE-2020-1727 keycloak: missing input validation in IDP authorization URLs
1801726 - CVE-2020-1732 Soteria: security identity corruption across concurrent threads
1803241 - CVE-2020-10705 undertow: Memory exhaustion issue in HttpReadListener via "Expect: 100-continue" header
1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371
1805792 - CVE-2020-1744 keycloak: failedLogin Event not sent to BruteForceProtector when using Post Login Flow with Conditional-OTP
1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability
1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack
1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size

5. References:

https://access.redhat.com/security/cve/CVE-2019-12423
https://access.redhat.com/security/cve/CVE-2019-17573
https://access.redhat.com/security/cve/CVE-2020-1695
https://access.redhat.com/security/cve/CVE-2020-1697
https://access.redhat.com/security/cve/CVE-2020-1698
https://access.redhat.com/security/cve/CVE-2020-1714
https://access.redhat.com/security/cve/CVE-2020-1718
https://access.redhat.com/security/cve/CVE-2020-1719
https://access.redhat.com/security/cve/CVE-2020-1724
https://access.redhat.com/security/cve/CVE-2020-1727
https://access.redhat.com/security/cve/CVE-2020-1732
https://access.redhat.com/security/cve/CVE-2020-1744
https://access.redhat.com/security/cve/CVE-2020-1745
https://access.redhat.com/security/cve/CVE-2020-1757
https://access.redhat.com/security/cve/CVE-2020-6950
https://access.redhat.com/security/cve/CVE-2020-10688
https://access.redhat.com/security/cve/CVE-2020-10705
https://access.redhat.com/security/cve/CVE-2020-10719
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=catRhoar.thorntail&version=2.7.0
https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.7/html/release_notes_for_thorntail_2.7/

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXxk2rdzjgjWX9erEAQjSbQ//e0FG83JQFpQV7HUEsjPMB7+tT0UgoTXQ
KnfasEPEP7wnPU07lZiVW94sxhUC/hAhce1KWIR3nT3uesMO4S+7o2vmgOwax1G7
yYsG1SRX4KK5Ma7Qvyx8lM+6TN0MNNrXGvFsqcYF1pJBL/1tfZfb/ciiqjrsR0Tp
v20FKuNrNmn4IPRzN04AZafOG9tXQ8XMqkJaWxh8s4dupvElG4ywmYletwYLYMxS
5X+SVmQ9TtGSgJF6HUGoL0wsTbMtdlJPRrchhbjzAi00ZY5hElVa+MOzdyCFYygv
ev0iz9m0foF1bXfbJTfpzbOnz/f3uJUTKCzz+mLf3voeqbvXnzUNn74MXZQynR8G
LNFVpLo0U/d0wULkSSdFjqer+IxeUWRwcl2km1U42f+0BiCb4K3uHIjhkfAdRFFQ
7K8Nl/2GfJnLywD8693xSKi/6MeCHC2HhrYb9A89lXoebX/3WXkNUC4ReGL80+fg
3z7793xt6QzV9V+WOH8NbQS4SzpAOkusHMew7sQpLxU8r9uaF1KibshjUGq/rZlA
YswTjYHqNLja7kx8GDejpO/RAhMq6asm38YtFzY+Qtipe8xcAxSrTiO6FLN+Xv0M
YlvsaeWblymoLwbQ5ON59VoFFe1YgzIQP0CJEbWbnJl0UHdIldAbv22e4Trnw58t
ZwsJot3fnjU=2k8f
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2020-2905:01 Important: Red Hat build of Thorntail 2.7.0

An update is now available for Red Hat build of Thorntail

Summary

This release of Red Hat build of Thorntail 2.7.0 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section.
Security Fix(es):
* Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain (CVE-2020-1719)
* cxf: reflected XSS in the services listing page (CVE-2019-17573)
* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)
* Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)
* resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)
* undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass (CVE-2020-1757)
* keycloak: stored XSS in client settings via application links (CVE-2020-1697)
* keycloak: problem with privacy after user logout (CVE-2020-1724)
* keycloak: Password leak by logged exception in HttpMethod class (CVE-2020-1698)
* cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423)
* Soteria: security identity corruption across concurrent threads (CVE-2020-1732)
* keycloak: missing input validation in IDP authorization URLs (CVE-2020-1727)
* keycloak: failedLogin Event not sent to BruteForceProtector when using Post Login Flow with Conditional-OTP (CVE-2020-1744)
* keycloak: security issue on reset credential flow (CVE-2020-1718)
* keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution (CVE-2020-1714)
* RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack (CVE-2020-10688)
* undertow: invalid HTTP request with large chunk size (CVE-2020-10719)
* undertow: Memory exhaustion issue in HttpReadListener via "Expect: 100- continue" header (CVE-2020-10705)
For more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section.



Summary


Solution

Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.

References

https://access.redhat.com/security/cve/CVE-2019-12423 https://access.redhat.com/security/cve/CVE-2019-17573 https://access.redhat.com/security/cve/CVE-2020-1695 https://access.redhat.com/security/cve/CVE-2020-1697 https://access.redhat.com/security/cve/CVE-2020-1698 https://access.redhat.com/security/cve/CVE-2020-1714 https://access.redhat.com/security/cve/CVE-2020-1718 https://access.redhat.com/security/cve/CVE-2020-1719 https://access.redhat.com/security/cve/CVE-2020-1724 https://access.redhat.com/security/cve/CVE-2020-1727 https://access.redhat.com/security/cve/CVE-2020-1732 https://access.redhat.com/security/cve/CVE-2020-1744 https://access.redhat.com/security/cve/CVE-2020-1745 https://access.redhat.com/security/cve/CVE-2020-1757 https://access.redhat.com/security/cve/CVE-2020-6950 https://access.redhat.com/security/cve/CVE-2020-10688 https://access.redhat.com/security/cve/CVE-2020-10705 https://access.redhat.com/security/cve/CVE-2020-10719 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=catRhoar.thorntail&version=2.7.0 https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.7/html/release_notes_for_thorntail_2.7/

Package List


Severity
Advisory ID: RHSA-2020:2905-01
Product: Red Hat OpenShift Application Runtimes
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2905
Issued Date: : 2020-07-23
CVE Names: CVE-2019-12423 CVE-2019-17573 CVE-2020-1695 CVE-2020-1697 CVE-2020-1698 CVE-2020-1714 CVE-2020-1718 CVE-2020-1719 CVE-2020-1724 CVE-2020-1727 CVE-2020-1732 CVE-2020-1744 CVE-2020-1745 CVE-2020-1757 CVE-2020-6950 CVE-2020-10688 CVE-2020-10705 CVE-2020-10719

Topic

An update is now available for Red Hat build of Thorntail.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for eachvulnerability. For more information, see the CVE links in the Referencessection.


Topic


 

Relevant Releases Architectures


Bugs Fixed

1705975 - CVE-2020-1714 keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution

1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class

1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass

1790292 - CVE-2020-1698 keycloak: Password leak by logged exception in HttpMethod class

1791538 - CVE-2020-1697 keycloak: stored XSS in client settings via application links

1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain

1796756 - CVE-2020-1718 keycloak: security issue on reset credential flow

1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId

1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page

1800527 - CVE-2020-1724 keycloak: problem with privacy after user logout

1800573 - CVE-2020-1727 keycloak: missing input validation in IDP authorization URLs

1801726 - CVE-2020-1732 Soteria: security identity corruption across concurrent threads

1803241 - CVE-2020-10705 undertow: Memory exhaustion issue in HttpReadListener via "Expect: 100-continue" header

1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371

1805792 - CVE-2020-1744 keycloak: failedLogin Event not sent to BruteForceProtector when using Post Login Flow with Conditional-OTP

1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability

1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack

1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size


Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved