Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Red Hat JBoss 7.4 Moderate Advisory RHSA-2022-5928-01 Security Fixes

red hat
Calendar Grey August 8, 2022
Dist Redhat Esm H88
Red Hat unveils an important security advisory for JBoss Enterprise Application Platform 7.4, featuring crucial updates.
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4

Solution

Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258

Summary

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.6 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es):
* com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647)
* org.jboss.hal-hal-parent: minimist: prototype pollution (CVE-2021-44906)
* netty: world readable temporary file containing sensitive data (CVE-2022-24823)

Topics%20covered

Topics Covered

security advisory Red Hat application security moderate severity application update patch management JBoss

References

https://access.redhat.com/security/cve/CVE-2021-44906 https://access.redhat.com/security/cve/CVE-2022-24823 https://access.redhat.com/security/cve/CVE-2022-25647 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=7.4 https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/

Package List


Advisory ID: RHSA-2022:5928-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2022:5928
Issue date: 2022-08-08

Topic

A security update is now available for Red Hat JBoss Enterprise ApplicationPlatform 7.4.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory Red Hat application security moderate severity application update patch management JBoss

Relevant Releases Architectures

Bugs Fixed

2066009 - CVE-2021-44906 minimist: prototype pollution

2080850 - CVE-2022-25647 com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson

2087186 - CVE-2022-24823 netty: world readable temporary file containing sensitive data

5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects):

JBEAP-17119 - Update quick start references to "Red Hat Developer Studio" to new name "Red Hat CodeReady Studio"

JBEAP-23344 - [GSS](7.4.z) Upgrade Ironjacamar from 1.5.3.Final-redhat-00001 to 1.5.3.SP1

JBEAP-23444 - (7.4.z) WFLY-16231 - Github clone URLs need to be updated for jboss-eap7 repository since Github dropped git:// protocol

JBEAP-23492 - (7.4.z) Upgrade HAL from 3.3.12.Final-redhat-00001 to 3.3.13.Final-redhat-00001

JBEAP-23526 - [GSS](7.4.z) Upgrade JBoss Remoting from 5.0.24.SP1-redhat-00001 to 5.0.25.SP1

JBEAP-23528 - (7.4.z) Upgrade Jandex from 2.2.3.Final-redhat-00001 to 2.4.2.Final-redhat-00001

JBEAP-23546 - [GSS](7.4.z) Upgrade Apache CXF from 3.3.12 to 3.3.13+

JBEAP-23550 - [QA](7.4.z) Upgrade jberet from 1.3.9.SP1 to 1.3.9.SP2

JBEAP-23551 - (7.4.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00009 to 2.5.5.SP12-redhat-00011

JBEAP-23554 - (7.4.z) Upgrade Mojarra from 2.3.14.SP04-redhat-00001 to 2.3.14.SP05

JBEAP-23556 - [GSS](7.4.z) Upgrade JSF API from 3.0.0.SP05-redhat-00002 to 3.0.0.SP06

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here