RedHat: RHSA-2021-3218:01 Important: Red Hat JBoss Enterprise Appli...

Advisories

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat JBoss Enterprise Application Platform 7.4 security update
Advisory ID:       RHSA-2021:3218-01
Product:           Red Hat JBoss Enterprise Application Platform
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:3218
Issue date:        2021-08-18
CVE Names:         CVE-2021-3690 
=====================================================================

1. Summary:

A security update is now available for Red Hat JBoss Enterprise Application
Platform 7.4.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Description:

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java
applications based on the WildFly application runtime.

This asynchronous patch is a security update for Red Hat JBoss Enterprise
Application Platform 7.4.

Security Fix(es):

* undertow: buffer leak on incoming websocket PONG message may lead to DoS
(CVE-2021-3690)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, see the CVE page(s) listed in the
References section.

3. Solution:

Before applying this update, back up your existing Red Hat JBoss Enterprise
Application Platform installation and deployed applications.

The References section of this erratum contains a download link (you must
log in to download the update).

4. Bugs fixed (https://bugzilla.redhat.com/):

1991299 - CVE-2021-3690 undertow: buffer leak on incoming websocket PONG message may lead to DoS

5. References:

https://access.redhat.com/security/cve/CVE-2021-3690
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=7.4
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYR1MvtzjgjWX9erEAQjTrg//dvFUi4BmOXlmpB2zyMqFb9KexmH2bnHW
ow53cHcYpRfnylOcAJOLM45Rj35akI29NHox20Eu2KgMJ85NIeJ1xKv9+aHE8lEl
f4/qddXZzuUs9QBBLAMZ9z9+7EOQQPw95DBN1ZYkprTdGlx7f5IR00hbCNrLWNw2
xQTN3TdJ0cd5NJSQDWNiN6K3zGtbY2lSdYZIn1vGJ4TT0pj1Fuh131dnT61w8pe1
KuhNY7lo2Gef/i0Ivrl26cQTQwbvDT+SLnnsR6BEgk90DwmfIbn/67pQeygDVezu
D2DYg/QS8Ut81pjme70/4f5Hrg73kTFdF8fY2L+9OMkduK4Cs/Q6Gk7b/HY4nUe1
biNrr29YZuhIGNcjuMjgmXIRj6pGAUGZgLF/dVjVtBNHQNyCOhrYgIP8lR9y+3/I
lt3ehioQhZd8/Gq6mW+MfCI+8CWH+nvqNVJcAKfDN1hM7nT/dqi2+hTkvsr1I9lW
axxgC61mLS7N0pXm378ogQAw3jGaICWpCSqoFcyjUVGPN6exeZGqG67BSYMDIA8n
U73iz6DGPJtxGqs/HQpbHJyfhoLn16WG6A5IK4UcehEXC3uvUBYXJEf6FmJVALSV
Nu1sguO1EBiqGLh7VRDeYgnyVyNSm8d0yPdmTGBIbez2bfqy4U3jKs3SOnZASz31
tLhvBJuFKNY=
=kEWt
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2021-3218:01 Important: Red Hat JBoss Enterprise Application

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4

Summary

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.
Security Fix(es):
* undertow: buffer leak on incoming websocket PONG message may lead to DoS (CVE-2021-3690)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.

Solution

Before applying this update, back up your existing Red Hat JBoss EnterpriseApplication Platform installation and deployed applications.The References section of this erratum contains a download link (you mustlog in to download the update).

References

https://access.redhat.com/security/cve/CVE-2021-3690 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=7.4 https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/

Package List

Severity
Advisory ID: RHSA-2021:3218-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2021:3218
Issued Date: : 2021-08-18
CVE Names: CVE-2021-3690

Topic

A security update is now available for Red Hat JBoss Enterprise ApplicationPlatform 7.4.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Relevant Releases Architectures

Bugs Fixed

1991299 - CVE-2021-3690 undertow: buffer leak on incoming websocket PONG message may lead to DoS

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.