RedHat: RHSA-2023-0756:01 Important: Red Hat JBoss Enterprise Application
Summary
This is a cumulative patch release zip for the JBoss EAP XP 4.0.0 runtime
distribution for use with EAP 7.4.9.
Security Fix(es):
* libksba: integer overflow to code execution (CVE-2022-47629)
* okhttp: information disclosure via improperly used cryptographic function
(CVE-2021-0341)
Summary
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
References
https://access.redhat.com/security/cve/CVE-2021-0341 https://access.redhat.com/security/cve/CVE-2022-47629 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/red_hat_jboss_eap_xp_4.0.0_release_notes/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html/jboss_eap_xp_4.0_upgrade_and_migration_guide/index https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/using_jboss_eap_xp_4.0.0/index
Package List
Topic
JBoss EAP XP 4.0.0.GA Security release on the EAP 7.4.9 base. Seereferences for release notes.Red Hat Product Security has rated this update as having a security impactofImportant. A Common Vulnerability Scoring System (CVSS) base score, whichgives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Topic
Relevant Releases Architectures
Bugs Fixed
2154086 - CVE-2021-0341 okhttp: information disclosure via improperly used cryptographic function
2161571 - CVE-2022-47629 libksba: integer overflow to code execution
5. JIRA issues fixed (https://issues.redhat.com/):
JBEAP-24408 - EAP XP 4.0.0.GA for EAP 7.4.9