Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 83 articles for you...
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryRed Hatcritical

Red Hat: RHSA-2023:4506-01 Critical: JBoss EAP DoS and Memory Issue

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform security update Advisory ID: RHSA-2023:4506-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2023:4506 Issue date: 2023-08-07 CVE Names: CVE-2021-46877 CVE-2023-1436 CVE-2023-3223 ===================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.4 for RHEL 8 - noarch, x86_64 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.12 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.11 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.12 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223) * jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877) * jettison: Uncontrolled Recursion inJSONArray (CVE-2023-1436) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2182788 - CVE-2023-1436 jettison: Uncontrolled Recursion in JSONArray 2185707 - CVE-2021-46877 jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode 2209689 - CVE-2023-3223 undertow: OutOfMemoryError due to @MultipartConfig handling 6. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): JBEAP-24711 - (7.4.z) Upgrade Jettison from 1.5.2.redhat-00002 to 1.5.4.redhat-x JBEAP-24721 - Tracker bug for the EAP 7.4.12 release for RHEL-8 JBEAP-24744 - [GSS](7.4.z) Upgrade Undertow from 2.2.24.SP1-redhat-00001 to 2.2.25.SP1 JBEAP-24745 - (7.4.z) Upgrade Elytron from 1.15.16.Final-redhat-00001 to 1.15.17.Final-redhat-00001 JBEAP-24790 - (7.4.z) Upgrade HAL from 3.3.17.Final-redhat-00001 to 3.3.18.Final-redhat-00001 JBEAP-24808 - [GSS](7.4.z) Upgrade WildFly Core from 15.0.26.Final-redhat-00001 to 15.0.27.Final-redhat-00001 JBEAP-24819 - [GSS](7.4.z) Upgrade Hibernate ORM from 5.3.29.Final-redhat-00001 to 5.3.30.Final-redhat-00001 JBEAP-24820 - [GSS](7.4.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00012 to 2.5.5.SP12-redhat-00013 JBEAP-24821 - (7.4.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00014 to 2.5.5.SP12-redhat-00016 JBEAP-24822 - (7.4.z) Upgrade PicketLink version in PicketLink bindings. JBEAP-24831 - [GSS](7.4.z) Upgrade xalan from 2.7.1.redhat-13 to 2.7.1.redhat-14 JBEAP-24832 - (7.4.z) Upgrade Jakarta Mail from 1.6.7.redhat-00001 to 1.6.7.redhat-00003 JBEAP-24835 - (7.4.z) Upgrade Jakarta activation from1.2.2.redhat-00001 to 1.2.2.redhat-00002 JBEAP-24836 - (7.4.z) Upgrade jboss-ejb-client from 4.0.50.SP1-redhat-00001 to 4.0.53.Final-redhat-00001 JBEAP-24858 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00047 to 2.16.0.redhat-00048 JBEAP-24973 - (7.4.z) Upgrade insights-java-client from 1.0.1.redhat-00001 to 1.0.8.redhat-00001 JBEAP-25004 - (7.4.z) Upgrade runtimes-java-api from 1.0.8.redhat-00001 to 1.0.9.redhat-00001 JBEAP-25085 - [GSS](7.4.z) Upgrade Undertow from 2.2.25.SP1 to 2.2.25.SP2 JBEAP-25086 - [GSS](7.4.z) Upgrade WildFly Core from 15.0.27.Final-redhat-00001 to 15.0.28.Final-redhat-00001 JBEAP-25204 - [GSS](7.4.z) Upgrade Undertow from 2.2.25.SP2-redhat-00001 to 2.2.25.SP3 JBEAP-25205 - [GSS](7.4.z) Upgrade WildFly Core from 15.0.28.Final-redhat-00001 to 15.0.29.Final-redhat-00001 7. Package List: Red Hat JBoss EAP 7.4 for RHEL8: Source: eap7-activemq-artemis-2.16.0-12.redhat_00048.1.el8eap.src.rpm eap7-glassfish-jaf-1.2.2-2.redhat_00002.1.el8eap.src.rpm eap7-glassfish-javamail-1.6.7-2.redhat_00003.1.el8eap.src.rpm eap7-hal-console-3.3.18-1.Final_redhat_00001.1.el8eap.src.rpm eap7-hibernate-5.3.30-1.Final_redhat_00001.1.el8eap.src.rpm eap7-insights-java-client-1.0.9-1.redhat_00001.1.el8eap.src.rpm eap7-jboss-cert-helper-1.0.9-1.redhat_00001.1.el8eap.src.rpm eap7-jboss-ejb-client-4.0.53-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-server-migration-1.10.0-30.Final_redhat_00029.1.el8eap.src.rpm eap7-jettison-1.5.4-1.redhat_00002.1.el8eap.src.rpm eap7-picketlink-bindings-2.5.5-27.SP12_redhat_00016.1.el8eap.src.rpm eap7-picketlink-federation-2.5.5-23.SP12_redhat_00013.1.el8eap.src.rpm eap7-protostream-4.3.5-2.Final_redhat_00003.1.el8eap.src.rpm eap7-undertow-2.2.25-3.SP3_redhat_00001.1.el8eap.src.rpm eap7-wildfly-7.4.12-3.GA_redhat_00003.1.el8eap.src.rpm eap7-wildfly-elytron-1.15.17-1.Final_redhat_00001.1.el8eap.src.rpm eap7-xalan-j2-2.7.1-36.redhat_00014.1.el8eap.src.rpm noarch: eap7-activemq-artemis-2.16.0-12.redhat_00048.1.el8eap.noarch.rpm eap7-activemq-artemis-cli-2.16.0-12.redhat_00048.1.el8eap.noarch.rpm eap7-activemq-artemis-commons-2.16.0-12.redhat_00048.1.el8eap.noarch.rpm eap7-activemq-artemis-core-client-2.16.0-12.redhat_00048.1.el8eap.noarch.rpm eap7-activemq-artemis-dto-2.16.0-12.redhat_00048.1.el8eap.noarch.rpm eap7-activemq-artemis-hornetq-protocol-2.16.0-12.redhat_00048.1.el8eap.noarch.rpm eap7-activemq-artemis-hqclient-protocol-2.16.0-12.redhat_00048.1.el8eap.noarch.rpm eap7-activemq-artemis-jdbc-store-2.16.0-12.redhat_00048.1.el8eap.noarch.rpm eap7-activemq-artemis-jms-client-2.16.0-12.redhat_00048.1.el8eap.noarch.rpm eap7-activemq-artemis-jms-server-2.16.0-12.redhat_00048.1.el8eap.noarch.rpm eap7-activemq-artemis-journal-2.16.0-12.redhat_00048.1.el8eap.noarch.rpm eap7-activemq-artemis-ra-2.16.0-12.redhat_00048.1.el8eap.noarch.rpm eap7-activemq-artemis-selector-2.16.0-12.redhat_00048.1.el8eap.noarch.rpm eap7-activemq-artemis-server-2.16.0-12.redhat_00048.1.el8eap.noarch.rpm eap7-activemq-artemis-service-extensions-2.16.0-12.redhat_00048.1.el8eap.noarch.rpm eap7-activemq-artemis-tools-2.16.0-12.redhat_00048.1.el8eap.noarch.rpm eap7-glassfish-jaf-1.2.2-2.redhat_00002.1.el8eap.noarch.rpm eap7-glassfish-javamail-1.6.7-2.redhat_00003.1.el8eap.noarch.rpm eap7-hal-console-3.3.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-5.3.30-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-core-5.3.30-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-entitymanager-5.3.30-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-envers-5.3.30-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-java8-5.3.30-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-insights-java-client-1.0.9-1.redhat_00001.1.el8eap.noarch.rpm eap7-jboss-ejb-client-4.0.53-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-server-migration-1.10.0-30.Final_redhat_00029.1.el8eap.noarch.rpm eap7-jboss-server-migration-cli-1.10.0-30.Final_redhat_00029.1.el8eap.noarch.rpm eap7-jboss-server-migration-core-1.10.0-30.Final_redhat_00029.1.el8eap.noarch.rpm eap7-jettison-1.5.4-1.redhat_00002.1.el8eap.noarch.rpm eap7-picketlink-api-2.5.5-23.SP12_redhat_00013.1.el8eap.noarch.rpm eap7-picketlink-bindings-2.5.5-27.SP12_redhat_00016.1.el8eap.noarch.rpm eap7-picketlink-common-2.5.5-23.SP12_redhat_00013.1.el8eap.noarch.rpm eap7-picketlink-config-2.5.5-23.SP12_redhat_00013.1.el8eap.noarch.rpm eap7-picketlink-federation-2.5.5-23.SP12_redhat_00013.1.el8eap.noarch.rpm eap7-picketlink-idm-api-2.5.5-23.SP12_redhat_00013.1.el8eap.noarch.rpm eap7-picketlink-idm-impl-2.5.5-23.SP12_redhat_00013.1.el8eap.noarch.rpm eap7-picketlink-idm-simple-schema-2.5.5-23.SP12_redhat_00013.1.el8eap.noarch.rpm eap7-picketlink-impl-2.5.5-23.SP12_redhat_00013.1.el8eap.noarch.rpm eap7-picketlink-wildfly8-2.5.5-27.SP12_redhat_00016.1.el8eap.noarch.rpm eap7-protostream-4.3.5-2.Final_redhat_00003.1.el8eap.noarch.rpm eap7-undertow-2.2.25-3.SP3_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-7.4.12-3.GA_redhat_00003.1.el8eap.noarch.rpm eap7-wildfly-elytron-1.15.17-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-elytron-tool-1.15.17-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-java-jdk11-7.4.12-3.GA_redhat_00003.1.el8eap.noarch.rpm eap7-wildfly-java-jdk17-7.4.12-3.GA_redhat_00003.1.el8eap.noarch.rpm eap7-wildfly-java-jdk8-7.4.12-3.GA_redhat_00003.1.el8eap.noarch.rpm eap7-wildfly-javadocs-7.4.12-3.GA_redhat_00003.1.el8eap.noarch.rpm eap7-wildfly-modules-7.4.12-3.GA_redhat_00003.1.el8eap.noarch.rpm eap7-xalan-j2-2.7.1-36.redhat_00014.1.el8eap.noarch.rpm x86_64: eap7-jboss-cert-helper-1.0.9-1.redhat_00001.1.el8eap.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 8. References: https://access.redhat.com/security/cve/CVE-2021-46877 https://access.redhat.com/security/cve/CVE-2023-1436 https://access.redhat.com/security/cve/CVE-2023-3223 https://access.redhat.com/security/updates/classification#important https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4 https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index 9. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJk0VHrAAoJENzjgjWX9erE9YUP/iBip1bPR2OtVsFD9cu7ggNH kbafk5dSqNHCEmNdXLmO1DAAXZHTEm4Dmr5L2nybzGWqJHLOwiEgh9U9e6sQaLQd 2Ihi9MiGuK/p3hunwx/z2oZphVKfMLeIuU9QXhUtumFmcRLsuJ+mRqX6hNcJQBeJ 8uNtr4pm8UwbZsXfK5nFCN5Wjwyflg+O6PYm4HVWLI3kL9ybN3zdnYfXaCKafll8 E/y12g2KmY/6edqpaBYniRZazGKSB4lMKNlhCQpKxSDoMVWaddTwJ3eZHBmfifox bTvxYxXzr0N+ApjhlW0zWktmr0Xf0t+3UpWF6f7HMx+7qp7WXKV9oFJoXDrhjjUS S/5QnXCaYJhL8z46CDFcvZ38xD/42/FZVYX6oSbh8aS8vEpl4nvWZ8z1UvCmJd4t gPo71EqpP8PcEolviLxBp+fKxvN9B3hiY5uJQo++2t5PVCOXDu1BzUPFdhFrPF/E dhfQQAC0iCAbnIeW6a24fATKq6BX+mvnc3YOFak91qcyMn0A8xaPVh8fxeKvEVVN dm8vcYSjLMQL1lXebyyR8BJE+j1H5F0Hxl/aL0jgt5NvxhO61Gzuf+lwENjK+AkY wjdPQdb2H/gU2ogO0WZdxRHzNflH7PQeXhk6vJNg+OP1Ku01SsnCQN0LKmnU5hdb KVCCE94M932OFn5k6RYf =n9LE -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Critical patch released for Red Hat JBoss Enterprise Application Platform 7.4 affecting various modules.. Red Hat JBoss, Security Advisory, Application Platform, Enterprise Software. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Aug 07, 2023 Important Red Hat
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryDoS attacksecurity impact

Red Hat JBoss: RHSA-2023-1516-01 Important Remote Execution Risks

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.4.10 security update Advisory ID: RHSA-2023:1516-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2023:1516 Issue date: 2023-03-29 CVE Names: CVE-2022-1471 CVE-2022-4492 CVE-2022-38752 CVE-2022-41853 CVE-2022-41854 CVE-2022-41881 CVE-2022-45787 CVE-2023-0482 CVE-2023-1108 ==================================================================== 1. Summary: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.10 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.9, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.10 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471) * hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853) * Undertow: Infinite loop in SslConduitduring close (CVE-2023-1108) * undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492) * snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752) * dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854) * codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881) * apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider (CVE-2022-45787) * RESTEasy: creation of insecure temp files (CVE-2023-0482) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2129710 - CVE-2022-38752 snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode 2136141 - CVE-2022-41853 hsqldb: Untrusted input may lead to RCE attack 2150009 - CVE-2022-1471 SnakeYaml: Constructor Deserialization Remote Code Execution 2151988 - CVE-2022-41854 dev-java/snakeyaml: DoS via stack overflow 2153260 - CVE-2022-4492 undertow: Server identity in https connection is not checked by the undertow client 2153379 - CVE-2022-41881 codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS 2158916 - CVE-2022-45787 apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider 2166004 - CVE-2023-0482 RESTEasy: creation of insecure temp files 2174246 - CVE-2023-1108 Undertow: Infinite loop in SslConduit during close 5. JIRA issues fixed (https://issues.redhat.com/): JBEAP-23572 - (7.4.z) Upgrade jbossws-spi from 3.3.1.Final-redhat-00001 to 3.4.0.Final-redhat-00001 JBEAP-24172 - (7.4.z) Upgrade jbossws-cxf from 5.4.4.Final-redhat-00001 to 5.4.8.Final-redhat-00001 JBEAP-24182 - (7.4.z)Upgrade wildfly-http-ejb-client from 1.1.13.SP1-redhat-00001 to 1.1.16.Final-redhat-00002 JBEAP-24220 - [GSS](7.4.z) Upgrade JBoss Metadata from 13.0.0.Final-redhat-00001 to 13.4.0.Final-redhat-00001 JBEAP-24254 - JDK17, CLI script to update security doesn't apply to microprofile JBEAP-24292 - (7.4.z) Upgrade Artemis Native from 1.0.2.redhat-00001 to 1.0.2.redhat-00004 JBEAP-24339 - (7.4.z) Upgrade Undertow from 2.2.22.SP3-redhat-00001 to 2.2.23.SP1 JBEAP-24341 - (7.4.z) Upgrade Ironjacamar from 1.5.10.Final-redhat-00001 to 1.5.11.Final-redhat-00001 JBEAP-24363 - (7.4.z) Upgrade org.jboss.spec.javax.el:jboss-el-api_3.0_spec from 2.0.0.Final-redhat-00001 to 2.0.1.Final JBEAP-24372 - (7.4.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00011 to 2.5.5.SP12-redhat-00012 JBEAP-24380 - (7.4.z) Upgrade jastow from 2.0.11.Final-redhat-00001 to 2.0.14.Final-redhat-00001 JBEAP-24383 - [GSS](7.4.z) Upgrade artemis-wildfly-integration from 1.0.4 to 1.0.7 JBEAP-24384 - (7.4.z) Upgrade netty from 4.1.77.Final-redhat-00001 to 4.1.86.Final JBEAP-24385 - (7.4.z) Upgrade WildFly Core from 15.0.22.Final-redhat-00001 to 15.0.23.Final-redhat-00001 JBEAP-24395 - [GSS](7.4.z) Upgrade jboss-ejb-client from 4.0.49.Final-redhat-00001 to 4.0.50.Final JBEAP-24507 - (7.4.z) RESTEASY-3285 Upgrade resteasy 3.15.x to mime4j 0.8.9 JBEAP-24535 - [GSS](7.4.z) UNDERTOW-2239 - Infinite loop in `SslConduit` during close on JDK 11 JBEAP-24574 - [PST](7.4.z) Upgrade snakeyaml from 1.33.0.redhat-00001 to 1.33.SP1.redhat-00001 JBEAP-24588 - [GSS](7.4.z) RHEL9 rpms: yum groupinstall jboss-eap7 installing JDK11 instead of JDK8 with EAP 7.4 Update 9 JBEAP-24605 - [PST](7.4.z) Upgrade undertow from 2.2.23.SP1-redhat-00001 to 2.2.23.SP2 JBEAP-24618 - (7.4.z) Upgrade WildFly Core from 15.0.23.Final-redhat-00001 to 15.0.25.Final-redhat-00001 6.References: https://access.redhat.com/security/cve/CVE-2022-1471 https://access.redhat.com/security/cve/CVE-2022-4492 https://access.redhat.com/security/cve/CVE-2022-38752 https://access.redhat.com/security/cve/CVE-2022-41853 https://access.redhat.com/security/cve/CVE-2022-41854 https://access.redhat.com/security/cve/CVE-2022-41881 https://access.redhat.com/security/cve/CVE-2022-45787 https://access.redhat.com/security/cve/CVE-2023-0482 https://access.redhat.com/security/cve/CVE-2023-1108 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=7.4 https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/ 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZCfNb9zjgjWX9erEAQgIQg//QBJ+O8EA2VS2l0ZJhdHZrE3K06j5NP5w 15EPliPwcjPOZysjYIMNyTI5hjNRN77LstivwtaRFnpXES9MBQMqUDnX6E21pY2p VK8r86dLE3WUC2NEXaZE29zeizTjGc9zWjokbXKH5sxD0qjgW9qk5FLpcsKPj+Jy /MVpRMgriPpiIS6UwVrpDb0JdZLlYSrJXCiBIOFbxYMhnZ13jT8uIogbyiJDB+TJ 0H7gPJFi2ZE6fk6RGafxK4Gyu1Zf2Zvhuukk3N3esOpaVDAvyKYZmQLFnMB/B+qh ac1SxnQ7PcGTXn1sQVL0DVh3CBZUM820TeyePMoHBtGwrccFQJi12IwfFI9k3XgR TUyZEtcefaR/IdJcR1QNHqP+0X+QsbqJEJhh8SST9DJF61Ubm1rBuln+m4UQ0+Pi EG+aY/2RbvMig+YEyxy2rkSTZ5xUKJvaFKrQt/dbZy0qLA9ZopCom5MwQqXX6gnl RYghktlm+DLi0+91YojZUu7p+v8sre1Hr3ucOFJLCJ/k4l6oGv5HSdjYigWdhJXM H70fJW5tj20mbyp0hft2q6vezZSdz7VDZDYZoPS05cw0b2wKbAL5g2aFe4Q7zhrt HnzyR6ctNlrpQ0FJLUh1L0KS33lADtPXaDtbEsycVZYDOnDPhWBhfYNsG+Mftgof mpkMoZ3Q1Pw=csif -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . The latest Red Hat JBoss Enterprise Application update addresses critical vulnerabilities, including risksof unauthorized remote access and possible Denial of Service (DoS) issues. Red Hat JBoss, Security Update, Application Platform, Remote Execution, DoS Issues. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Apr 01, 2023 Important Red Hat
Banner 1 1028x280 1708121660 1771599717
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorysecurity updateinfinite loop

Red Hat JBoss EAP 7.4 RHSA-2023:1185 Important: Infinite Loop Issue

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.4 security update Advisory ID: RHSA-2023:1185-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2023:1185 Issue date: 2023-03-09 CVE Names: CVE-2023-1108 ==================================================================== 1. Summary: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.4 for RHEL 7 Server - noarch Red Hat JBoss EAP 7.4 for RHEL 8 - noarch Red Hat JBoss EAP 7.4 for RHEL 9 - noarch 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4. Security Fix(es): * undertow: Infinite loop in SslConduit during close (CVE-2023-1108) For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2174246 - CVE-2023-1108 Undertow: Infinite loop in SslConduit during close 6. Package List: Red Hat JBoss EAP 7.4 for RHEL 7 Server: Source: eap7-undertow-2.2.22-1.SP3_redhat_00002.1.el7eap.src.rpm eap7-wildfly-7.4.9-6.GA_redhat_00004.1.el7eap.src.rpm noarch: eap7-undertow-2.2.22-1.SP3_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-7.4.9-6.GA_redhat_00004.1.el7eap.noarch.rpm eap7-wildfly-java-jdk11-7.4.9-6.GA_redhat_00004.1.el7eap.noarch.rpm eap7-wildfly-java-jdk8-7.4.9-6.GA_redhat_00004.1.el7eap.noarch.rpm eap7-wildfly-javadocs-7.4.9-6.GA_redhat_00004.1.el7eap.noarch.rpm eap7-wildfly-modules-7.4.9-6.GA_redhat_00004.1.el7eap.noarch.rpm Red Hat JBoss EAP 7.4 for RHEL 8: Source: eap7-undertow-2.2.22-1.SP3_redhat_00002.1.el8eap.src.rpm eap7-wildfly-7.4.9-6.GA_redhat_00004.1.el8eap.src.rpm noarch: eap7-undertow-2.2.22-1.SP3_redhat_00002.1.el8eap.noarch.rpm eap7-wildfly-7.4.9-6.GA_redhat_00004.1.el8eap.noarch.rpm eap7-wildfly-javadocs-7.4.9-6.GA_redhat_00004.1.el8eap.noarch.rpm eap7-wildfly-modules-7.4.9-6.GA_redhat_00004.1.el8eap.noarch.rpm Red Hat JBoss EAP 7.4 for RHEL 9: Source: eap7-undertow-2.2.22-1.SP3_redhat_00002.1.el9eap.src.rpm eap7-wildfly-7.4.9-6.GA_redhat_00004.1.el9eap.src.rpm noarch: eap7-undertow-2.2.22-1.SP3_redhat_00002.1.el9eap.noarch.rpm eap7-wildfly-7.4.9-6.GA_redhat_00004.1.el9eap.noarch.rpm eap7-wildfly-javadocs-7.4.9-6.GA_redhat_00004.1.el9eap.noarch.rpm eap7-wildfly-modules-7.4.9-6.GA_redhat_00004.1.el9eap.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2023-1108 https://access.redhat.com/security/updates/classification#important https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4 https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZApNXtzjgjWX9erEAQglug//bHLbuq0YicJor7WmFSWrPeZw2Ec7teRr 8BfgrLnd91klImfyVAOxPRox5d3LfFraB120pVUDgkTe9OoWqwcNRpjCVwUFYpwf DRyiR0OR45bhEYqBC3TpZhsxYeNBNU2cbS5C3oO1cleydv9jtOPK9dZtAVXVZ1By wMv26yXlA62xfnweDtadprfcKBhkCwQJGKmqnZNL09cpoihLSs+4DB9WuiK+aK+D rmNlxtSFjIpvpiaaku8Px8VgNsSVN33A9KxGtD+YpBz59XVnvRa6C1fjIltf583U pSRn4jHWR6M8Z2E8jAxU7HQMqgDJ4ywAiLQMBjcxe9ryFad0E4SrZFzuVHJUFhD8 0Fyzx3x5S0LwAMK+KxKrcQrw7rJ1PyLAnQHDHAMt3z3EkpYBhgTwQs/GV9FK4eKn XnZM9LrW0fQPIwbnz5NXtDbC4SLZiNfvt5mb/1Ubsp6rS8yyz9xXGWsrV8w4x4Sr NDuyTiOLsPqlsfzOQn/Mxl1abpTP+HOm+XnmWSCaveA5xvZDFvuMeJ2VWE0vwfj7 alms9t5MFcG2Ogbu4a/Vq+jRy6JH3in17SI9V5aGlb+N2WlreVrpGC2RwOnWMP6w ym3ti55YYpKa44rQ4AiYTavB32zrFiwzpyNdkQT0jFgYRUjI/ftwpYIJiw28+DkO Y4OMbcHnS9w=I/dI -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A crucial enhancement has been released for Oracle WebLogic Server 14c. Enhance your application's protection with this important update.. Java Applications, Red Hat JBoss, Application Security Updates, Security Patch. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Mar 09, 2023 Important Red Hat
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorysecurity updateimportant

Red Hat JBoss 7.4: RHSA-2023:1184-01 Important: Infinite Loop Issue

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.4 security update Advisory ID: RHSA-2023:1184-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2023:1184 Issue date: 2023-03-09 CVE Names: CVE-2023-1108 ==================================================================== 1. Summary: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4. Security Fix(es): * undertow: Infinite loop in SslConduit during close (CVE-2023-1108) For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2174246 - CVE-2023-1108 Undertow: Infinite loop in SslConduit during close 5.References: https://access.redhat.com/security/cve/CVE-2023-1108 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=7.4 https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4 https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZApNXdzjgjWX9erEAQi8HQ/+P7OCx4t2Z/SGbmy4wyGApBmvmWAu1KKA xZTNTyTKRBxTplHQrFcctwMeZR7Sq9l8S1H+L1xN8v10zdh5bnNGYYrZyugtNzCj t3GhR83p0RlS79syW1HYHT7rsD73tYi8xKn+47/QqyX1TVHVDS467sK/LhUfouUh TzCpzvB0JglINKdRo64AH342mD/FXsSfmusYLsSXE6c4W6+zvvKE9uqyJTtyeYIp UufVyLPBVUybdY3eohc/v/kHWJz3Lh5OJRSf5VWGtutyTJiqXoHj5DhxaGdczLE7 +uBIFZ26jCK18Svg4IqgRLZku5TmFAeo6JMQPqXd8jW2XNWJwTLNPrrBWGkfOVug VsUdz6yQXrOWyBkWmH48u+RNtOwAiyR/TMfdD8MX+Oj6KWxWZgMG27XEYcJLNfuF 6CDOpox6pCOOoPKDcPv7Kc2yHqVftVAYtJ5rKr7pk6yG+P26Lg3vWe0XT5buu2cE sRbQkdaVC5b32zymHTOU0Z2d2vi/DOu/lFzB/pLx58vo29sxnBSfY9CjGhn+MChd RNo1diAPnkZbC8tJAQiVtUIbqA93hV+j2tnG4tDAz7jgXdUfTwW8X1UrAZNzonUR Abvz5fFesWP4XxzRSVrxIk0o/XEnY7VtCLKvBurHALsuGZHu6/a+rDH4pwDha/WP ZgS7lJPBosQ=6uKb -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Red Hat has issued a crucial security patch for JBoss EAP addressing an infinite loop vulnerability that may affect services, urging admins to upgrade promptly for security. Red Hat JBoss, Important Security Update, Java Application Platform. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Mar 09, 2023 Important Red Hat
Banner 1 1028x280 1708121660 1771599717
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorydenial of servicered hat

Red Hat JBoss EAP 7.4.9 Important Security Update RHSA-2023:0552-01

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update Advisory ID: RHSA-2023:0552-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2023:0552 Issue date: 2023-01-31 CVE Names: CVE-2015-9251 CVE-2016-10735 CVE-2017-18214 CVE-2018-14040 CVE-2018-14041 CVE-2018-14042 CVE-2019-8331 CVE-2019-11358 CVE-2020-11022 CVE-2020-11023 CVE-2022-3143 CVE-2022-40149 CVE-2022-40150 CVE-2022-40152 CVE-2022-42003 CVE-2022-42004 CVE-2022-45047 CVE-2022-45693 CVE-2022-46364 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.4 for RHEL 7 Server - noarch 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes andenhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358) * jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251) * bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040) * jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods (CVE-2020-11023) * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * bootstrap: XSS in the data-target attribute (CVE-2016-10735) * bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy (CVE-2018-14041) * sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047) * woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152) * bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042) * bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331) * nodejs-moment: Regular expression denial of service (CVE-2017-18214) * wildfly-elytron: possible timing attacks via use of unsafe comparator (CVE-2022-3143) * jackson-databind: use of deeply nested arrays (CVE-2022-42004) * jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003) * jettison: parser crash by stackoverflow (CVE-2022-40149) * jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150) * jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693) * CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364) 4. Solution: Before applying this update, make sure all previously released errata relevant to your system havebeen applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1399546 - CVE-2015-9251 jquery: Cross-site scripting via cross-domain ajax requests 1553413 - CVE-2017-18214 nodejs-moment: Regular expression denial of service 1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute 1601616 - CVE-2018-14041 bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy 1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip 1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute 1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1850004 - CVE-2020-11023 jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods 2124682 - CVE-2022-3143 wildfly-elytron: possible timing attacks via use of unsafe comparator 2134291 - CVE-2022-40152 woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays 2135770 - CVE-2022-40150 jettison: memory exhaustion via user-supplied XML or JSON data 2135771 - CVE-2022-40149 jettison: parser crash by stackoverflow 2145194 - CVE-2022-45047 mina-sshd: Java unsafe deserialization vulnerability 2155682 - CVE-2022-46364 Apache CXF: SSRF Vulnerability 2155970 - CVE-2022-45693 jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos 6. JIRA issues fixed ( JBEAP-23864 - (7.4.z) Upgrade xmlsec from2.1.7.redhat-00001 to 2.2.3.redhat-00001 JBEAP-23865 - [GSS](7.4.z) Upgrade Apache CXF from 3.3.13.redhat-00001 to 3.4.10.redhat-00001 JBEAP-23866 - (7.4.z) Upgrade wss4j from 2.2.7.redhat-00001 to 2.3.3.redhat-00001 JBEAP-23926 - Tracker bug for the EAP 7.4.9 release for RHEL-7 JBEAP-24055 - (7.4.z) Upgrade HAL from 3.3.15.Final-redhat-00001 to 3.3.16.Final-redhat-00001 JBEAP-24081 - (7.4.z) Upgrade Elytron from 1.15.14.Final-redhat-00001 to 1.15.15.Final-redhat-00001 JBEAP-24095 - (7.4.z) Upgrade elytron-web from 1.9.2.Final-redhat-00001 to 1.9.3.Final-redhat-00001 JBEAP-24100 - [GSS](7.4.z) Upgrade Undertow from 2.2.20.SP1-redhat-00001 to 2.2.22.SP3-redhat-00001 JBEAP-24127 - (7.4.z) UNDERTOW-2123 - Update AsyncContextImpl.dispatch to use proper value JBEAP-24128 - (7.4.z) Upgrade Hibernate Search from 5.10.7.Final-redhat-00001 to 5.10.13.Final-redhat-00001 JBEAP-24132 - [GSS](7.4.z) Upgrade Ironjacamar from 1.5.3.SP2-redhat-00001 to 1.5.10.Final-redhat-00001 JBEAP-24147 - (7.4.z) Upgrade jboss-ejb-client from 4.0.45.Final-redhat-00001 to 4.0.49.Final-redhat-00001 JBEAP-24167 - (7.4.z) Upgrade WildFly Core from 15.0.19.Final-redhat-00001 to 15.0.21.Final-redhat-00002 JBEAP-24191 - [GSS](7.4.z) Upgrade remoting from 5.0.26.SP1-redhat-00001 to 5.0.27.Final-redhat-00001 JBEAP-24195 - [GSS](7.4.z) Upgrade JSF API from 3.0.0.SP06-redhat-00001 to 3.0.0.SP07-redhat-00001 JBEAP-24207 - (7.4.z) Upgrade Soteria from 1.0.1.redhat-00002 to 1.0.1.redhat-00003 JBEAP-24248 - (7.4.z) ELY-2492 - Upgrade sshd-common in Elytron from 2.7.0 to 2.9.2 JBEAP-24426 - (7.4.z) Upgrade Elytron from 1.15.15.Final-redhat-00001 to 1.15.16.Final-redhat-00001 JBEAP-24427 - (7.4.z) Upgrade WildFly Core from 15.0.21.Final-redhat-00002 to 15.0.22.Final-redhat-00001 7. Package List: Red Hat JBoss EAP 7.4 for RHEL 7Server: Source: eap7-apache-sshd-2.9.2-1.redhat_00001.1.el7eap.src.rpm eap7-elytron-web-1.9.3-1.Final_redhat_00001.1.el7eap.src.rpm eap7-hal-console-3.3.16-1.Final_redhat_00001.1.el7eap.src.rpm eap7-hibernate-search-5.10.13-3.Final_redhat_00001.1.el7eap.src.rpm eap7-ironjacamar-1.5.10-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jackson-annotations-2.12.7-1.redhat_00003.1.el7eap.src.rpm eap7-jackson-core-2.12.7-1.redhat_00003.1.el7eap.src.rpm eap7-jackson-databind-2.12.7-1.redhat_00003.1.el7eap.src.rpm eap7-jackson-jaxrs-providers-2.12.7-1.redhat_00003.1.el7eap.src.rpm eap7-jackson-modules-base-2.12.7-1.redhat_00003.1.el7eap.src.rpm eap7-jackson-modules-java8-2.12.7-1.redhat_00003.1.el7eap.src.rpm eap7-javaee-security-soteria-1.0.1-3.redhat_00003.1.el7eap.src.rpm eap7-jboss-ejb-client-4.0.49-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-6.SP07_redhat_00001.1.el7eap.src.rpm eap7-jboss-jsp-api_2.3_spec-2.0.0-3.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-remoting-5.0.27-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-server-migration-1.10.0-24.Final_redhat_00023.1.el7eap.src.rpm eap7-jettison-1.5.2-1.redhat_00002.1.el7eap.src.rpm eap7-undertow-2.2.22-1.SP3_redhat_00001.1.el7eap.src.rpm eap7-wildfly-7.4.9-4.GA_redhat_00003.1.el7eap.src.rpm eap7-wildfly-elytron-1.15.16-1.Final_redhat_00001.1.el7eap.src.rpm eap7-woodstox-core-6.4.0-1.redhat_00001.1.el7eap.src.rpm noarch: eap7-apache-sshd-2.9.2-1.redhat_00001.1.el7eap.noarch.rpm eap7-hal-console-3.3.16-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-search-5.10.13-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-search-backend-jgroups-5.10.13-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-search-backend-jms-5.10.13-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-search-engine-5.10.13-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-search-orm-5.10.13-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-search-serialization-avro-5.10.13-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-1.5.10-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-api-1.5.10-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-impl-1.5.10-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-spi-1.5.10-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-api-1.5.10-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-impl-1.5.10-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-deployers-common-1.5.10-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-jdbc-1.5.10-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-validator-1.5.10-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jackson-annotations-2.12.7-1.redhat_00003.1.el7eap.noarch.rpm eap7-jackson-core-2.12.7-1.redhat_00003.1.el7eap.noarch.rpm eap7-jackson-databind-2.12.7-1.redhat_00003.1.el7eap.noarch.rpm eap7-jackson-datatype-jdk8-2.12.7-1.redhat_00003.1.el7eap.noarch.rpm eap7-jackson-datatype-jsr310-2.12.7-1.redhat_00003.1.el7eap.noarch.rpm eap7-jackson-jaxrs-base-2.12.7-1.redhat_00003.1.el7eap.noarch.rpm eap7-jackson-jaxrs-json-provider-2.12.7-1.redhat_00003.1.el7eap.noarch.rpm eap7-jackson-module-jaxb-annotations-2.12.7-1.redhat_00003.1.el7eap.noarch.rpm eap7-jackson-modules-base-2.12.7-1.redhat_00003.1.el7eap.noarch.rpm eap7-jackson-modules-java8-2.12.7-1.redhat_00003.1.el7eap.noarch.rpm eap7-javaee-security-soteria-1.0.1-3.redhat_00003.1.el7eap.noarch.rpm eap7-javaee-security-soteria-enterprise-1.0.1-3.redhat_00003.1.el7eap.noarch.rpm eap7-jboss-ejb-client-4.0.49-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-6.SP07_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-jsp-api_2.3_spec-2.0.0-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-remoting-5.0.27-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-server-migration-1.10.0-24.Final_redhat_00023.1.el7eap.noarch.rpm eap7-jboss-server-migration-cli-1.10.0-24.Final_redhat_00023.1.el7eap.noarch.rpm eap7-jboss-server-migration-core-1.10.0-24.Final_redhat_00023.1.el7eap.noarch.rpm eap7-jettison-1.5.2-1.redhat_00002.1.el7eap.noarch.rpm eap7-undertow-2.2.22-1.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-undertow-server-1.9.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-7.4.9-4.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wildfly-elytron-1.15.16-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-elytron-tool-1.15.16-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-java-jdk11-7.4.9-4.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wildfly-java-jdk8-7.4.9-4.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wildfly-javadocs-7.4.9-4.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wildfly-modules-7.4.9-4.GA_redhat_00003.1.el7eap.noarch.rpm eap7-woodstox-core-6.4.0-1.redhat_00001.1.el7eap.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 8.References: https://access.redhat.com/security/cve/CVE-2015-9251 https://access.redhat.com/security/cve/CVE-2016-10735 https://access.redhat.com/security/cve/CVE-2017-18214 https://access.redhat.com/security/cve/CVE-2018-14040 https://access.redhat.com/security/cve/CVE-2018-14041 https://access.redhat.com/security/cve/CVE-2018-14042 https://access.redhat.com/security/cve/CVE-2019-8331 https://access.redhat.com/security/cve/CVE-2019-11358 https://access.redhat.com/security/cve/CVE-2020-11022 https://access.redhat.com/security/cve/CVE-2020-11023 https://access.redhat.com/security/cve/CVE-2022-3143 https://access.redhat.com/security/cve/CVE-2022-40149 https://access.redhat.com/security/cve/CVE-2022-40150 https://access.redhat.com/security/cve/CVE-2022-40152 https://access.redhat.com/security/cve/CVE-2022-42003 https://access.redhat.com/security/cve/CVE-2022-42004 https://access.redhat.com/security/cve/CVE-2022-45047 https://access.redhat.com/security/cve/CVE-2022-45693 https://access.redhat.com/security/cve/CVE-2022-46364 https://access.redhat.com/security/updates/classification#important https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4 https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index 9. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBY9lDGtzjgjWX9erEAQjimw//fBUaCFjuNEUDLbls17MLQ06kwBtninVs fvq4SPMrKnBWVjrMAFLKMBY91i3/mpaNBaOvN/B/KHGEm/q3yQcJ17prAOxPBnOJ gLmhnk51XOSLz0w65f4y4SGgP92BnwiFGrBvxXfcrfffGoBNfCZFQt9k3wGjyam/ Rxt1VMjJDXwjr0KnRDBIdRN0wH68nu8Wmd7Hr2TrWtUEg2gicnxZZRe5HuV4UAZp EDXjPPeiCIcqu/D80IKnEAbICvc9jmcgw5Gx2apx30ymrgSzbvjAS6IOUs36STzE 0J9YknZwnA4lqhSW4GsuG236fT0nB3v4zl18idn+zm2ECuEP6v8wJICQUsMMvJqt adkO2CGPZGfAL3nUBed+DZ45pBwOV9590cM7wD1W52J47/DHokq0G1j2xrdMyIOJ jlK3Qd+mOnK0tQblFSCjzWUtmCBDAxpXTSxh/hRjwShJGCGNPduE5lKnrVW3OhO+ Ujlm94l7by0EiTtPS7fBuzEFLRD4L9+wjevFOEE6bVuR+E4Humo9x8uLXkbcPK3z 2MbEfQh07FIAByCxnG1WC0ejS5w5aHIECUfkgxJUT0OaxUvFwunWE2Kh3m2d1ZH/ utJMKjr6kIYOwLOTbREZJpp3FldoxwE9sHTLfUhGWxUYbn+u7/MHtpVZlqNonBIy RijOt1IMGd4=zhy0 -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A crucial security patch for Red Hat JBoss EAP 7.4 has been issued to rectify several vulnerabilities.. JBoss Security Advisory, Security Updates, Software Vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jan 31, 2023 Important Red Hat
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorysecurity updateRed Hat

Red Hat JBoss 7.4: RHSA-2022-8793-01 Low Impact DoS Advisory

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat JBoss Enterprise Application Platform 7.4.8 security update Advisory ID: RHSA-2022:8793-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:8793 Issue date: 2022-12-05 CVE Names: CVE-2022-2764 ==================================================================== 1. Summary: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.8 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, backup your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 2117506 - CVE-2022-2764 Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): JBEAP-23913 - [GSS](7.4.z) Upgrade HAL from 3.3.14.Final-redhat-00001 to 3.3.15.Final-redhat-00001 JBEAP-23997 - (7.4.z) Upgrade Infinispan from 11.0.15.Final-redhat-00001 to 11.0.16.Final-redhat-00001 JBEAP-23998 - [GSS](7.4.z) Upgrade Jakarta Mail from 1.6.5.redhat-00001 to 1.6.7.redhat-00001 JBEAP-24011 - [GSS](7.4.z) Upgrade to JBoss Marshalling from 2.0.12.Final-redhat-00001 to 2.0.13.Final-redhat-00001 JBEAP-24013 - (7.4.z) Upgrade WildFly Core from 15.0.18.Final-redhat-00001 to 15.0.19.Final-redhat-00001 JBEAP-24028 - [GSS](7.4.z) Upgrade Mojarra from 2.3.14.SP06-redhat-00001 to 2.3.14.SP07-redhat-00001 JBEAP-24030 - [GSS](7.4.z) Upgrade remoting from 5.0.25.SP1-redhat-00001 to 5.0.26.SP1-redhat-00001 JBEAP-24031 - [GSS](7.4.z) Upgrade wildfly-naming-client from 1.0.14.Final-redhat-00001 to 1.0.15.Final-redhat-00002 6. References: https://access.redhat.com/security/cve/CVE-2022-2764 https://access.redhat.com/security/updates/classification#low https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=7.4 https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4 https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBY46TC9zjgjWX9erEAQg5Mg//RG3dosUb8WqykXAc7X57kWUf2B5xrkUj JYOGpAthMVEa0gR/MwZGca92Ou9IqLDtwoZu853ZGV5DNUubVd1QTPDuuJgME+GI ijG9phHTtKlmFAdKnqWOHaZE5yVcUorikg7eqegWIMf6IFUBw1/As+0BHd5kwmQ5 OCWdUQma/7AnZpmyz4aHjaOlW9aCyB/0zqFPjNJH91xEuu3rpua1db9NOznEsyUP W9r6sojspa7ggcEw1a+hIyIJ36KRFdAPX+9SwkoZm4D36vo0aYK3kEImLQNNr+Ji kV4zcW1u+ZVtAzuCxFi8004C9eGLDJNhMEB08Mbj4tmuAF1IR/xTpnpcvWwgQzuQ Zw4cJaSNREr7FXbm20uhtqZfqwg1YKpcrzBUAcRJyO0KN1CaK3wXpkvJzN9T0f/O gQyc+Vzb4MqwEXRs4mHPGHwaZDCGJcNUi++IE41ZEn5ZbGrMqEKtioBpvM+Tuvto 4ZgSSlBGW/nNDOsY8UP0/wDBWL/akJZe3A+XEcmkEDrr6wg/w0ejaie4I0Z/b80E OszoVcHr6BZhP2nBZ/9IyGlmYSiu+DXMo54Ag5evtVJhEguuCQptpia3hkdci9eY wpQtruPy7IQx/s/ygRvHhFhaQM+VnKkoCTq7sjVNl597kUE6uF9M7Fsp15OFh8Gs dpWRXDWzjds=oe8Y -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A software patch for Red Hat JBoss Enterprise Application Platform version 7.4 has been released, classified with a minimal impact level.. Red Hat JBoss, Application Security, Enterprise Application, Software Update, Security Patches. . Severity: Low. LinuxSecurity.com Team

Calendar 2 Dec 06, 2022 Low Red Hat
Banner 1 1028x280 1708121660 1771599717
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorysecurity updateDoS

Red Hat JBoss EAP 7.4.8 Low Advisory RHSA-2022:8791-01 DoS Issue

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat JBoss Enterprise Application Platform 7.4.8 Security update Advisory ID: RHSA-2022:8791-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:8791 Issue date: 2022-12-05 CVE Names: CVE-2022-2764 ==================================================================== 1. Summary: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.4 for RHEL 8 - noarch 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.8 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764) 4. Solution: Before applying this update, ensure all previously released errata relevant toyour system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2117506 - CVE-2022-2764 Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations 6. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): JBEAP-23834 - Tracker bug for the EAP 7.4.8 release for RHEL-8 JBEAP-23913 - [GSS](7.4.z) Upgrade HAL from 3.3.14.Final-redhat-00001 to 3.3.15.Final-redhat-00001 JBEAP-23997 - (7.4.z) Upgrade Infinispan from 11.0.15.Final-redhat-00001 to 11.0.16.Final-redhat-00001 JBEAP-23998 - [GSS](7.4.z) Upgrade Jakarta Mail from 1.6.5.redhat-00001 to 1.6.7.redhat-00001 JBEAP-24011 - [GSS](7.4.z) Upgrade to JBoss Marshalling from 2.0.12.Final-redhat-00001 to 2.0.13.Final-redhat-00001 JBEAP-24013 - (7.4.z) Upgrade WildFly Core from 15.0.18.Final-redhat-00001 to 15.0.19.Final-redhat-00001 JBEAP-24028 - [GSS](7.4.z) Upgrade Mojarra from 2.3.14.SP06-redhat-00001 to 2.3.14.SP07-redhat-00001 JBEAP-24030 - [GSS](7.4.z) Upgrade remoting from 5.0.25.SP1-redhat-00001 to 5.0.26.SP1-redhat-00001 JBEAP-24031 - [GSS](7.4.z) Upgrade wildfly-naming-client from 1.0.14.Final-redhat-00001 to 1.0.15.Final-redhat-00002 7. Package List: Red Hat JBoss EAP 7.4 for RHEL8: Source: eap7-glassfish-javamail-1.6.7-1.redhat_00001.1.el8eap.src.rpm eap7-glassfish-jsf-2.3.14-6.SP07_redhat_00001.1.el8eap.src.rpm eap7-hal-console-3.3.15-1.Final_redhat_00001.1.el8eap.src.rpm eap7-infinispan-11.0.16-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-marshalling-2.0.13-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-remoting-5.0.26-1.SP1_redhat_00001.1.el8eap.src.rpm eap7-jboss-server-migration-1.10.0-21.Final_redhat_00020.1.el8eap.src.rpm eap7-undertow-2.2.20-1.SP1_redhat_00001.1.el8eap.src.rpm eap7-wildfly-7.4.8-4.GA_redhat_00002.1.el8eap.src.rpm eap7-wildfly-naming-client-1.0.15-1.Final_redhat_00002.1.el8eap.src.rpm noarch: eap7-glassfish-javamail-1.6.7-1.redhat_00001.1.el8eap.noarch.rpm eap7-glassfish-jsf-2.3.14-6.SP07_redhat_00001.1.el8eap.noarch.rpm eap7-hal-console-3.3.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-11.0.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-cachestore-jdbc-11.0.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-cachestore-remote-11.0.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-client-hotrod-11.0.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-commons-11.0.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-component-annotations-11.0.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-core-11.0.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-commons-11.0.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-spi-11.0.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-v53-11.0.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-marshalling-2.0.13-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-marshalling-river-2.0.13-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-remoting-5.0.26-1.SP1_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-server-migration-1.10.0-21.Final_redhat_00020.1.el8eap.noarch.rpm eap7-jboss-server-migration-cli-1.10.0-21.Final_redhat_00020.1.el8eap.noarch.rpm eap7-jboss-server-migration-core-1.10.0-21.Final_redhat_00020.1.el8eap.noarch.rpm eap7-undertow-2.2.20-1.SP1_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-7.4.8-4.GA_redhat_00002.1.el8eap.noarch.rpm eap7-wildfly-javadocs-7.4.8-4.GA_redhat_00002.1.el8eap.noarch.rpm eap7-wildfly-modules-7.4.8-4.GA_redhat_00002.1.el8eap.noarch.rpm eap7-wildfly-naming-client-1.0.15-1.Final_redhat_00002.1.el8eap.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 8. References: https://access.redhat.com/security/cve/CVE-2022-2764 https://access.redhat.com/security/updates/classification#low https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4 https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index 9. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY46TBdzjgjWX9erEAQgKXxAApq15dIVPMxqdVbjer1q8EhKA3ntpZg5Y nZnFTDdrEmpni4kPWbME7UbytSRBLjVMgU6lthZbF8YzkIsSbONmHfko40ZyzjaB LBlY0T/o79IMVxMYdv1nNBxApcjir9sGUBnLDE/GXGUgv/3enAO6XcEkMy4YreW2 i2z/vbXPRFE8wvfnss/nTgFP39beJLQdt9pPQyEhUugsSvd3vWL5QXyXVQUxmpmL GRqP7gG8Mt5LfMXZEz+RkA+43fnt2k0SqibNCK13GZ1EemHuKkm2Wic5Ajs5+Szk 0ruWFP5T/eG20/W9InLJrhiwfEbgW1kg6U6WWY/xnjgF72SwEA1MBoeYd2w6V8gZ VdU8FnO0bmOc3qd+4vlkfo1qmB/FfHgyAiKpLDwmcoh6TBV+AdsglT9i41A3rg9E nyVw4rblRfywU5fXpWyn/BmoIgyqE+fTkGYMd3lEDdtOfOXr1XSb8IxRLCX/GD7K aKtCuOE//+HJON9j5q9YzLGUj7FF2UmH/feeG6vrVQjJC2XYBVfiS9YXknYGH0hk l0ccInr++y2M/I3a7X85DeJ/t/aolSmP2iuUjwW7xqWUWdYwDdpXoAUip2FM1AWK t6oXW7JukKBVBbYPqKOtmw1ExSb5Q/UWv+/pjgvgvK+DDecbB6IPB6RcyM8vX2BY vBU5wkJ++Ak=Hntm -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Minor security patch released for Red Hat JBoss Enterprise Application, remedying DoS flaw identified in CVE-2022-2764.. RedHat JBoss Enterprise Application, Low Security Update, DoS Prevention, Application Security Fixes. . Severity: Low. LinuxSecurity.com Team

Calendar 2 Dec 06, 2022 Low Red Hat
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorysecurity updateimportant

Red Hat: RHSA-2022-6821-01 Important: JBoss EAP DoS Threats

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.4.7 Security update Advisory ID: RHSA-2022:6821-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:6821 Issue date: 2022-10-05 CVE Names: CVE-2022-1259 CVE-2022-2053 CVE-2022-25857 ==================================================================== 1. Summary: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.4 for RHEL 7 Server - noarch, x86_64 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.6, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.7 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * undertow: Large AJP request may cause DoS (CVE-2022-2053) * undertow: potential security issue in flow control over HTTP/2 may lead to DOS. Incomplete fix forCVE-2021-3629 (CVE-2022-1259) * snakeyaml: Denial of Service due missing to nested depth limitation for collections. (CVE-2022-25857) 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2072339 - CVE-2022-1259 undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629) 2095862 - CVE-2022-2053 undertow: Large AJP request may cause DoS 2126789 - CVE-2022-25857 snakeyaml: Denial of Service due to missing nested depth limitation for collections 6. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): JBEAP-23618 - Tracker bug for the EAP 7.4.7 release for RHEL-7 JBEAP-23687 - [GSS](7.4.z) Upgrade Ironjacamar from 1.5.3.SP1-redhat-00001 to 1.5.3.SP2-redhat-00001 JBEAP-23738 - (7.4.z) Upgrade jastow from 2.0.9.Final-redhat-00001 to 2.0.11.Final-redhat-00001 JBEAP-23741 - [GSS](7.4.z) Upgrade Undertow from 2.2.18.SP2-redhat-00001 to 2.2.19.SP2-redhat-00001 JBEAP-23753 - (7.4.z) Upgrade HAL from 3.3.13.Final-redhat-00001 to 3.3.14.Final-redhat-00001 JBEAP-23772 - [GSS](7.4.z) Upgrade Mojarra from 2.3.14.SP05-redhat-00001 to 2.3.14.SP06-redhat-00001 JBEAP-23794 - (7.4.z) Upgrade Elytron from 1.15.13.Final-redhat-00001 to 1.15.14.Final-redhat-00001 JBEAP-23802 - (7.4.z) Upgrade WildFly Core from 15.0.15.Final-redhat-00001 to 15.0.17.Final-redhat-00001 JBEAP-23803 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00042 to 2.16.0.redhat-00045 JBEAP-23805 - (7.4.z) Upgrade jboss-ejb-client from 4.0.44.Final-redhat-00001 to 4.0.45.Final-redhat-00001 JBEAP-23816 - (7.4.z) Upgrade RESTEasy from 3.15.3.Final-redhat-00001 to 3.15.4.Final-redhat-00001 JBEAP-23818 - [GSS](7.4.z) WFLY-16607 - Application deployment fails with EJB components in EAP 7.4 Update 5 and works fine with Update 1 JBEAP-23869 - [GSS](7.4.z) Upgrade JBoss VFS from 3.2.16.Final-redhat-00001 to3.2.17.Final-redhat-00001 JBEAP-23881 - [GSS](7.4.z) Upgrade Hibernate ORM from 5.3.27.Final-redhat-00001 to 5.3.28.Final-redhat-00001 JBEAP-23912 - (7.4.z) Upgrade WildFly Core from 15.0.17.Final-redhat-00001 to 15.0.18.Final-redhat-00001 7. Package List: Red Hat JBoss EAP 7.4 for RHEL 7Server: Source: eap7-activemq-artemis-2.16.0-10.redhat_00045.1.el7eap.src.rpm eap7-glassfish-jsf-2.3.14-5.SP06_redhat_00001.1.el7eap.src.rpm eap7-hal-console-3.3.14-1.Final_redhat_00001.1.el7eap.src.rpm eap7-hibernate-5.3.28-1.Final_redhat_00001.1.el7eap.src.rpm eap7-ironjacamar-1.5.3-3.SP2_redhat_00001.1.el7eap.src.rpm eap7-jboss-ejb-client-4.0.45-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-server-migration-1.10.0-20.Final_redhat_00019.1.el7eap.src.rpm eap7-jboss-vfs-3.2.17-1.Final_redhat_00001.1.el7eap.src.rpm eap7-netty-4.1.77-3.Final_redhat_00001.1.el7eap.src.rpm eap7-netty-tcnative-2.0.52-3.Final_redhat_00001.1.el7eap.src.rpm eap7-netty-transport-native-epoll-4.1.77-3.Final_redhat_00001.1.el7eap.src.rpm eap7-resteasy-3.15.4-1.Final_redhat_00001.1.el7eap.src.rpm eap7-snakeyaml-1.31.0-1.redhat_00001.1.el7eap.src.rpm eap7-undertow-2.2.19-1.SP2_redhat_00001.1.el7eap.src.rpm eap7-undertow-jastow-2.0.11-1.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-7.4.7-3.GA_redhat_00003.1.el7eap.src.rpm eap7-wildfly-elytron-1.15.14-1.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-http-client-1.1.13-1.SP1_redhat_00001.1.el7eap.src.rpm noarch: eap7-activemq-artemis-2.16.0-10.redhat_00045.1.el7eap.noarch.rpm eap7-activemq-artemis-cli-2.16.0-10.redhat_00045.1.el7eap.noarch.rpm eap7-activemq-artemis-commons-2.16.0-10.redhat_00045.1.el7eap.noarch.rpm eap7-activemq-artemis-core-client-2.16.0-10.redhat_00045.1.el7eap.noarch.rpm eap7-activemq-artemis-dto-2.16.0-10.redhat_00045.1.el7eap.noarch.rpm eap7-activemq-artemis-hornetq-protocol-2.16.0-10.redhat_00045.1.el7eap.noarch.rpm eap7-activemq-artemis-hqclient-protocol-2.16.0-10.redhat_00045.1.el7eap.noarch.rpm eap7-activemq-artemis-jdbc-store-2.16.0-10.redhat_00045.1.el7eap.noarch.rpm eap7-activemq-artemis-jms-client-2.16.0-10.redhat_00045.1.el7eap.noarch.rpm eap7-activemq-artemis-jms-server-2.16.0-10.redhat_00045.1.el7eap.noarch.rpm eap7-activemq-artemis-journal-2.16.0-10.redhat_00045.1.el7eap.noarch.rpm eap7-activemq-artemis-ra-2.16.0-10.redhat_00045.1.el7eap.noarch.rpm eap7-activemq-artemis-selector-2.16.0-10.redhat_00045.1.el7eap.noarch.rpm eap7-activemq-artemis-server-2.16.0-10.redhat_00045.1.el7eap.noarch.rpm eap7-activemq-artemis-service-extensions-2.16.0-10.redhat_00045.1.el7eap.noarch.rpm eap7-activemq-artemis-tools-2.16.0-10.redhat_00045.1.el7eap.noarch.rpm eap7-glassfish-jsf-2.3.14-5.SP06_redhat_00001.1.el7eap.noarch.rpm eap7-hal-console-3.3.14-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-5.3.28-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-core-5.3.28-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-entitymanager-5.3.28-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-envers-5.3.28-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-java8-5.3.28-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-1.5.3-3.SP2_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-api-1.5.3-3.SP2_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-impl-1.5.3-3.SP2_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-spi-1.5.3-3.SP2_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-api-1.5.3-3.SP2_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-impl-1.5.3-3.SP2_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-deployers-common-1.5.3-3.SP2_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-jdbc-1.5.3-3.SP2_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-validator-1.5.3-3.SP2_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-ejb-client-4.0.45-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-server-migration-1.10.0-20.Final_redhat_00019.1.el7eap.noarch.rpm eap7-jboss-server-migration-cli-1.10.0-20.Final_redhat_00019.1.el7eap.noarch.rpm eap7-jboss-server-migration-core-1.10.0-20.Final_redhat_00019.1.el7eap.noarch.rpm eap7-jboss-vfs-3.2.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-all-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-buffer-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-dns-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-haproxy-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-http-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-http2-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-memcache-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-mqtt-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-redis-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-smtp-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-socks-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-stomp-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-xml-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-common-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-handler-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-handler-proxy-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-resolver-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-resolver-dns-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-resolver-dns-classes-macos-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-tcnative-2.0.52-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-classes-epoll-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-classes-kqueue-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-native-unix-common-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-rxtx-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-sctp-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-udt-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-atom-provider-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-cdi-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-client-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-crypto-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jackson-provider-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jackson2-provider-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jaxb-provider-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jaxrs-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jettison-provider-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jose-jwt-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jsapi-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-json-binding-provider-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-json-p-provider-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-multipart-provider-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-rxjava2-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-spring-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-validator-provider-11-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-yaml-provider-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-snakeyaml-1.31.0-1.redhat_00001.1.el7eap.noarch.rpm eap7-undertow-2.2.19-1.SP2_redhat_00001.1.el7eap.noarch.rpm eap7-undertow-jastow-2.0.11-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-7.4.7-3.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wildfly-elytron-1.15.14-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-elytron-tool-1.15.14-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-client-common-1.1.13-1.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-ejb-client-1.1.13-1.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-naming-client-1.1.13-1.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-transaction-client-1.1.13-1.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-java-jdk11-7.4.7-3.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wildfly-java-jdk8-7.4.7-3.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wildfly-javadocs-7.4.7-3.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wildfly-modules-7.4.7-3.GA_redhat_00003.1.el7eap.noarch.rpm x86_64: eap7-netty-transport-native-epoll-4.1.77-3.Final_redhat_00001.1.el7eap.x86_64.rpm eap7-netty-transport-native-epoll-debuginfo-4.1.77-3.Final_redhat_00001.1.el7eap.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2022-1259 https://access.redhat.com/security/cve/CVE-2022-2053 https://access.redhat.com/security/cve/CVE-2022-25857 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/ 9. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYz3vktzjgjWX9erEAQgvNQ//RUh4+WGNUN6p8Rm+/FdBq9wHIHnGArNu 9pCaFNRygqw5PeP+vCb1a3gXhaDwh1IynkMYDNRP0J40OVI4E6wUjsTQUNB2Z4K8 PAMPBdQ1AClqPq3z/8ApThtJFHzkLEfWc/4ulF7fcMVObkJpu+2gviizUQkvLvpk 6x1nFec7tKtpsfXwOyt8DgNrGz8GTpOrELHA9+JDunE7YcsFaI7ZiholZswrcor2 o8ZFzu6+fMXaTl99POh9oygwwZyaUSeivGazMwzvdr8vqnHbUu/T9YiRSR4iPsWd 0uzcuLY8w596nKvWCCBPGcOvYFVoq0AqsYw3zA+cIKh/h7VDcZDe0FAPOGVOVAVU lA/d/SSOG7eJqZuNZ/bJPXbSpx540IScmw4SpN8gMa1hwbg98RHr8a/piPPnDlIy 11bKNCc/++CCNZbWF9ajESzDCbiQg8HDTX2v0y1Fe4SdstzewcVAhiAYserBv+9w DUj7E7lJgfaWpjXe051gqC/qm6bCzK9mKFQFsoU65zK57+snX0KAMvdGG2JhMMF4 D8L7yBP/g09v9REJw74sAs/IFCp0t8eddZF5ig9lxQd9exx5wTgcQ+gSIN5zgg83 mbVG3oMybYNxS6f3eqXCd+bVofOlDK3CDsx3acEKCU8R6DsYzJ5OFALio6LFiFHo 3ekpF6MFU3E=11j2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Oracle unveils a significant patch for WebLogic Server 14.1, tackling severe vulnerabilities.. JBossSecurity Update, Red Hat Advisory, JBoss Application Security, Red Hat EAP Threats. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Oct 05, 2022 Important Red Hat
Banner 1 1028x280 1708121660 1771599717
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here