Red Hat JBoss EAP 7.4.10 XP 4.0.0.GA RHSA-2023:1855-01 Moderate: DoS Attack

red hat

April 25, 2023

JBoss EAP XP 4.0.0.GA security release on the EAP 7.4.10 base is now available

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Summary

This is a cumulative patch release zip for the JBoss EAP XP 4.0.0 runtime distribution for use with EAP 7.4.10.
Security Fix(es):
* protobuf-java: Textformat parsing issue leads to DoS (CVE-2022-3509)
* protobuf-java: Message-Type Extensions parsing issue leads to DoS (CVE-2022-3510)
* WildFly: possible information disclosure (CVE-2022-1278)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics Covered

security advisory DoS issue moderate impact information disclosure Red Hat JBoss

References

https://access.redhat.com/security/cve/CVE-2022-1278 https://access.redhat.com/security/cve/CVE-2022-3509 https://access.redhat.com/security/cve/CVE-2022-3510 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/red_hat_jboss_eap_xp_4.0.0_release_notes/index https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/jboss_eap_xp_4.0_upgrade_and_migration_guide/index https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/using_jboss_eap_xp_4.0.0/index

Package List

Advisory ID: RHSA-2023:1855-01

Product: Red Hat JBoss Enterprise Application Platform

Advisory URL: https://access.redhat.com/errata/RHSA-2023:1855

Issue date: 2023-04-18

Topic

JBoss EAP XP 4.0.0.GA security release on the EAP 7.4.10 base is nowavailable. See references for release notes.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics Covered

security advisory DoS issue moderate impact information disclosure Red Hat JBoss

Relevant Releases Architectures

Bugs Fixed

2073401 - CVE-2022-1278 WildFly: possible information disclosure

2184161 - CVE-2022-3509 protobuf-java: Textformat parsing issue leads to DoS

2184176 - CVE-2022-3510 protobuf-java: Message-Type Extensions parsing issue leads to DoS

5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects):

JBEAP-24683 - EAP XP 4.0.0.GA for EAP 7.4.10

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Red Hat JBoss EAP 7.4.10 XP 4.0.0.GA RHSA-2023:1855-01 Moderate: DoS Attack

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Red Hat JBoss EAP 7.4.10 XP 4.0.0.GA RHSA-2023:1855-01 Moderate: DoS Attack

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!