RedHat: RHSA-2023-1855:01 Moderate: Red Hat JBoss EAP 7.4.10 XP 4.0...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat JBoss EAP 7.4.10 XP 4.0.0.GA security release
Advisory ID:       RHSA-2023:1855-01
Product:           Red Hat JBoss Enterprise Application Platform
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1855
Issue date:        2023-04-18
CVE Names:         CVE-2022-1278 CVE-2022-3509 CVE-2022-3510 
=====================================================================

1. Summary:

JBoss EAP XP 4.0.0.GA security release on the EAP 7.4.10 base is now
available. See references for release notes.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

This is a cumulative patch release zip for the JBoss EAP XP 4.0.0 runtime
distribution for use with EAP 7.4.10.

Security Fix(es):

* protobuf-java: Textformat parsing issue leads to DoS (CVE-2022-3509)

* protobuf-java: Message-Type Extensions parsing issue leads to DoS
(CVE-2022-3510)

* WildFly: possible information disclosure (CVE-2022-1278)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2073401 - CVE-2022-1278 WildFly: possible information disclosure
2184161 - CVE-2022-3509 protobuf-java: Textformat parsing issue leads to DoS
2184176 - CVE-2022-3510 protobuf-java: Message-Type Extensions parsing issue leads to DoS

5. JIRA issues fixed (https://issues.jboss.org/):

JBEAP-24683 - EAP XP 4.0.0.GA for EAP 7.4.10

6. References:

https://access.redhat.com/security/cve/CVE-2022-1278
https://access.redhat.com/security/cve/CVE-2022-3509
https://access.redhat.com/security/cve/CVE-2022-3510
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/red_hat_jboss_eap_xp_4.0.0_release_notes/index
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/jboss_eap_xp_4.0_upgrade_and_migration_guide/index
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/using_jboss_eap_xp_4.0.0/index

7. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBZEgrsNzjgjWX9erEAQjO7w/8CJVAm7CegEfpQTIiZZNLy0FZvR6VtmJm
yTUrhH5z5X/DquTmCvxhnmURumHAea5QBtb9Cl1vLPVtX7RAV8Ej+IlqyFr+bjtD
8HZP6eVeYuf+AGa1lVAM+mG0vkdTLRO5suijzzaPoqdORJ+emYYyUytAPkkuSIK6
ofRWIWaslyjcZyMAwPVPd63VYjwKOQztOg7tCH/66gL0TjZw/6v6stChKmz4+Kp5
2CGmozBUHTgwUUPNDIz/KzxgVilZHlk0ADQ5gjlTIa5HLmntqUytgALL9/04fflF
JNqNrRG1OMlmS105nhE/OGPWOSwy6s8hBvIvTz8jwNkAK4BToF2E1RZ98Mj415Uc
PAwl6EMNRAHzB1JHMik1XCUu9EbuSSmk/gGsrx6dkQ4czlhcZ8NwkSvNtRq7sGh7
q2FYyg2CvfRLPcDD9mgc20Rbp7oCcsA485l6+2eRfJH/yTq9leF/B1P2wer7a9p3
Z/RNu6oV7KHvnD4ZHE1Z6aB5gdEzSY708b8kV/qj1I5taK1cavZnmLyahxa9/wqg
9ZyH5wHGGHb/buQq9I630J73/nN5pySeJ+8RzyNqfGWV3Ob1MdBEL1PIyBjLNS+V
BxTnlZm10/vuumx0/qYVs/9OpXQ0iJBhjPJRSEu9/xA9gsOU0ooVTOvHY12VRDpT
wQ2MBld+FLs=
=cQr5
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2023-1855:01 Moderate: Red Hat JBoss EAP 7.4.10 XP 4.0.0.GA

JBoss EAP XP 4.0.0.GA security release on the EAP 7.4.10 base is now available

Summary

This is a cumulative patch release zip for the JBoss EAP XP 4.0.0 runtime distribution for use with EAP 7.4.10.
Security Fix(es):
* protobuf-java: Textformat parsing issue leads to DoS (CVE-2022-3509)
* protobuf-java: Message-Type Extensions parsing issue leads to DoS (CVE-2022-3510)
* WildFly: possible information disclosure (CVE-2022-1278)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Summary


Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2022-1278 https://access.redhat.com/security/cve/CVE-2022-3509 https://access.redhat.com/security/cve/CVE-2022-3510 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/red_hat_jboss_eap_xp_4.0.0_release_notes/index https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/jboss_eap_xp_4.0_upgrade_and_migration_guide/index https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/using_jboss_eap_xp_4.0.0/index

Package List


Severity
Advisory ID: RHSA-2023:1855-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2023:1855
Issued Date: : 2023-04-18
CVE Names: CVE-2022-1278 CVE-2022-3509 CVE-2022-3510

Topic

JBoss EAP XP 4.0.0.GA security release on the EAP 7.4.10 base is nowavailable. See references for release notes.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures


Bugs Fixed

2073401 - CVE-2022-1278 WildFly: possible information disclosure

2184161 - CVE-2022-3509 protobuf-java: Textformat parsing issue leads to DoS

2184176 - CVE-2022-3510 protobuf-java: Message-Type Extensions parsing issue leads to DoS

5. JIRA issues fixed (https://issues.jboss.org/):

JBEAP-24683 - EAP XP 4.0.0.GA for EAP 7.4.10


We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.