Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Red Hat Enterprise Linux 8: RHSA-2022:5893-01 Moderate JBoss EAP Update

red hat
Calendar Grey August 3, 2022
Dist Redhat Esm H88
Incremental security patch released for Red Hat JBoss Enterprise Application, targeting several vulnerabilities with potential security implications.
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8

Solution

Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258

Summary

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.6 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es):
* com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647)
* org.jboss.hal-hal-parent: minimist: prototype pollution (CVE-2021-44906)
* netty: world readable temporary file containing sensitive data (CVE-2022-24823)

Topics%20covered

Topics Covered

security advisory moderate security issue Red Hat Enterprise Linux Java application application platform JBoss EAP

References

https://access.redhat.com/security/cve/CVE-2021-44906 https://access.redhat.com/security/cve/CVE-2022-24823 https://access.redhat.com/security/cve/CVE-2022-25647 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4 https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index

Package List

Red Hat JBoss EAP 7.4 for RHEL 8:
Source: eap7-apache-cxf-3.3.13-1.redhat_00001.1.el8eap.src.rpm eap7-glassfish-jsf-2.3.14-4.SP05_redhat_00001.1.el8eap.src.rpm eap7-gson-2.8.9-1.redhat_00001.1.el8eap.src.rpm eap7-hal-console-3.3.13-1.Final_redhat_00001.1.el8eap.src.rpm eap7-hibernate-5.3.27-1.Final_redhat_00001.1.el8eap.src.rpm eap7-ironjacamar-1.5.3-2.SP1_redhat_00001.1.el8eap.src.rpm eap7-jackson-databind-2.12.6.1-2.redhat_00004.1.el8eap.src.rpm eap7-jandex-2.4.2-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jberet-1.3.9-2.SP2_redhat_00001.1.el8eap.src.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-5.SP06_redhat_00001.1.el8eap.src.rpm eap7-jboss-remoting-5.0.25-1.SP1_redhat_00001.1.el8eap.src.rpm eap7-jboss-server-migration-1.10.0-18.Final_redhat_00017.1.el8eap.src.rpm eap7-netty-4.1.77-1.Final_redhat_00001.1.el8eap.src.rpm eap7-netty-tcnative-2.0.52-1.Final_redhat_00001.1.el8eap.src.rpm eap7-netty-transport-native-epoll-4.1.77-1.Final_redhat_00001.1.el8eap.src.rpm eap7-picketbox-5.0.3-10.Final_redhat_00009.1.el8eap.src.rpm eap7-picketlink-bindings-2.5.5-26.SP12_redhat_00014.1.el8eap.src.rpm eap7-picketlink-federation-2.5.5-21.SP12_redhat_00011.1.el8eap.src.rpm eap7-undertow-2.2.18-2.SP2_redhat_00001.1.el8eap.src.rpm eap7-wildfly-7.4.6-5.GA_redhat_00002.1.el8eap.src.rpm

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2022:5893-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2022:5893
Issue date: 2022-08-03

Topic

A security update is now available for Red Hat JBoss Enterprise ApplicationPlatform 7.4 for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory moderate security issue Red Hat Enterprise Linux Java application application platform JBoss EAP

Relevant Releases Architectures

Red Hat JBoss EAP 7.4 for RHEL 8 - noarch, x86_64

Bugs Fixed

2066009 - CVE-2021-44906 minimist: prototype pollution

2080850 - CVE-2022-25647 com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson

2087186 - CVE-2022-24823 netty: world readable temporary file containing sensitive data

6. JIRA issues fixed (https://redhat.atlassian.net/jira/projects):

JBEAP-17119 - Update quick start references to "Red Hat Developer Studio" to new name "Red Hat CodeReady Studio"

JBEAP-23344 - [GSS](7.4.z) Upgrade Ironjacamar from 1.5.3.Final-redhat-00001 to 1.5.3.SP1

JBEAP-23361 - Tracker bug for the EAP 7.4.6 release for RHEL-8

JBEAP-23444 - (7.4.z) WFLY-16231 - Github clone URLs need to be updated for jboss-eap7 repository since Github dropped git:// protocol

JBEAP-23492 - (7.4.z) Upgrade HAL from 3.3.12.Final-redhat-00001 to 3.3.13.Final-redhat-00001

JBEAP-23526 - [GSS](7.4.z) Upgrade JBoss Remoting from 5.0.24.SP1-redhat-00001 to 5.0.25.SP1

JBEAP-23528 - (7.4.z) Upgrade Jandex from 2.2.3.Final-redhat-00001 to 2.4.2.Final-redhat-00001

JBEAP-23546 - [GSS](7.4.z) Upgrade Apache CXF from 3.3.12 to 3.3.13+

JBEAP-23550 - [QA](7.4.z) Upgrade jberet from 1.3.9.SP1 to 1.3.9.SP2

JBEAP-23551 - (7.4.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00009 to 2.5.5.SP12-redhat-00011

JBEAP-23554 - (7.4.z) Upgrade Mojarra from 2.3.14.SP04-redhat-00001 to 2.3.14.SP05

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here