-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: Red Hat JBoss Enterprise Application Platform 7.4.9 XP 4.0.0.GA Security release
Advisory ID:       RHSA-2023:0756-01
Product:           Red Hat JBoss Enterprise Application Platform
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0756
Issue date:        2023-02-14
CVE Names:         CVE-2021-0341 CVE-2022-47629 
====================================================================
1. Summary:

JBoss EAP XP 4.0.0.GA Security release on the EAP 7.4.9 base. See
references for release notes.
Red Hat Product Security has rated this update as having a security impact
of
Important. A Common Vulnerability Scoring System (CVSS) base score, which
gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

2. Description:

This is a cumulative patch release zip for the JBoss EAP XP 4.0.0 runtime
distribution for use with EAP 7.4.9.

Security Fix(es):

* libksba: integer overflow to code execution (CVE-2022-47629)

* okhttp: information disclosure via improperly used cryptographic function
(CVE-2021-0341)

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2154086 - CVE-2021-0341 okhttp: information disclosure via improperly used cryptographic function
2161571 - CVE-2022-47629 libksba: integer overflow to code execution

5. JIRA issues fixed (https://issues.redhat.com/):

JBEAP-24408 - EAP XP 4.0.0.GA for EAP 7.4.9

6. References:

https://access.redhat.com/security/cve/CVE-2021-0341
https://access.redhat.com/security/cve/CVE-2022-47629
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/red_hat_jboss_eap_xp_4.0.0_release_notes/
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html/jboss_eap_xp_4.0_upgrade_and_migration_guide/index
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/using_jboss_eap_xp_4.0.0/index

7. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY+vS39zjgjWX9erEAQgT8g//aLuYwP7xted5GVKPQVWt0BMKviNDUygt
vqaasjwsQlm8QAmKU2UQgZ85GP/GovItewMHHHyTO765v568PQjb7KgNAFpZBWGt
idVuh47fGpUiFWc0fnunToE0HlqsSzzdgb4pzZEGwMrSJuDkP8sNIWkwcJR5sHVA
zV6o0pBYyjnWZLB3tW6L0Kzaseh1rI3TXogyTvqT6L64y06B5qxnr1OHP6QAPmRa
sHsjxlotvSqDnbUN0cWPPhC6QNYEWO0PLOol7DRcNbMlR7887snzaO/2Bgk3Gba6
jxfHW1KMvEYwFWcDuq4mO0X0u7ebYKrGS0CYsQG1MJcqVYrurGXZHPAmkKDVz9+p
Ob97W2a8262vqA88DNzs69Dz6S/NcAPwLLeJ00cMQa3vc4J7wKGsJNNwj6gvBl/q
sXgJUBIlkYmuwzoNPoXR+mepiT6qyW4PrDt3y7SY9Yr2zEv+Nb2pwIA/6V0cgoDC
oySQG/SqUMDZdQzLd18xP6dJornd5GooQqrEJyY6uUCLqE85HQaFbXKcz9yX57IP
6MPN5cRuje9oTvy7j4PAqvxbVPkfgvpYIl3/yGd2vwZEnAG17ll6GOaYzVfTA3Ta
YXyY+gvUxAy1uUU959g9F+Aa07SzNlQBFj1ant+NfbdZBGTP5xyrnQcwSX4gCVPx
rsOwLU04OSM=wpU0
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2023-0756:01 Important: Red Hat JBoss Enterprise Application

JBoss EAP XP 4.0.0.GA Security release on the EAP 7.4.9 base

Summary

This is a cumulative patch release zip for the JBoss EAP XP 4.0.0 runtime distribution for use with EAP 7.4.9.
Security Fix(es):
* libksba: integer overflow to code execution (CVE-2022-47629)
* okhttp: information disclosure via improperly used cryptographic function (CVE-2021-0341)



Summary


Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2021-0341 https://access.redhat.com/security/cve/CVE-2022-47629 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/red_hat_jboss_eap_xp_4.0.0_release_notes/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html/jboss_eap_xp_4.0_upgrade_and_migration_guide/index https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/using_jboss_eap_xp_4.0.0/index

Package List


Severity
Advisory ID: RHSA-2023:0756-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2023:0756
Issued Date: : 2023-02-14
CVE Names: CVE-2021-0341 CVE-2022-47629

Topic

JBoss EAP XP 4.0.0.GA Security release on the EAP 7.4.9 base. Seereferences for release notes.Red Hat Product Security has rated this update as having a security impactofImportant. A Common Vulnerability Scoring System (CVSS) base score, whichgives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.


Topic


 

Relevant Releases Architectures


Bugs Fixed

2154086 - CVE-2021-0341 okhttp: information disclosure via improperly used cryptographic function

2161571 - CVE-2022-47629 libksba: integer overflow to code execution

5. JIRA issues fixed (https://issues.redhat.com/):

JBEAP-24408 - EAP XP 4.0.0.GA for EAP 7.4.9


Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved