Stay Vigilant with Timely Linux Security Advisories

security advisorysoftware updateXSS

Red Hat JBoss EAP 7.4.9 Important Security Update: Multiple Threats

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update Advisory ID: RHSA-2023:0553-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2023:0553 Issue date: 2023-01-31 CVE Names: CVE-2015-9251 CVE-2016-10735 CVE-2017-18214 CVE-2018-14040 CVE-2018-14041 CVE-2018-14042 CVE-2019-8331 CVE-2019-11358 CVE-2020-11022 CVE-2020-11023 CVE-2022-3143 CVE-2022-40149 CVE-2022-40150 CVE-2022-40152 CVE-2022-42003 CVE-2022-42004 CVE-2022-45047 CVE-2022-45693 CVE-2022-46364 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.4 for RHEL 8 - noarch 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements.See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358) * jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251) * bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040) * jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods (CVE-2020-11023) * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * bootstrap: XSS in the data-target attribute (CVE-2016-10735) * bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy (CVE-2018-14041) * sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047) * woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152) * bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042) * bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331) * nodejs-moment: Regular expression denial of service (CVE-2017-18214) * wildfly-elytron: possible timing attacks via use of unsafe comparator (CVE-2022-3143) * jackson-databind: use of deeply nested arrays (CVE-2022-42004) * jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003) * jettison: parser crash by stackoverflow (CVE-2022-40149) * jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150) * jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693) * CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364) 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have beenapplied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1399546 - CVE-2015-9251 jquery: Cross-site scripting via cross-domain ajax requests 1553413 - CVE-2017-18214 nodejs-moment: Regular expression denial of service 1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute 1601616 - CVE-2018-14041 bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy 1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip 1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute 1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1850004 - CVE-2020-11023 jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods 2124682 - CVE-2022-3143 wildfly-elytron: possible timing attacks via use of unsafe comparator 2134291 - CVE-2022-40152 woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays 2135770 - CVE-2022-40150 jettison: memory exhaustion via user-supplied XML or JSON data 2135771 - CVE-2022-40149 jettison: parser crash by stackoverflow 2145194 - CVE-2022-45047 mina-sshd: Java unsafe deserialization vulnerability 2155682 - CVE-2022-46364 Apache CXF: SSRF Vulnerability 2155970 - CVE-2022-45693 jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos 6. JIRA issues fixed ( JBEAP-23864 - (7.4.z) Upgrade xmlsec from 2.1.7.redhat-00001 to2.2.3.redhat-00001 JBEAP-23865 - [GSS](7.4.z) Upgrade Apache CXF from 3.3.13.redhat-00001 to 3.4.10.redhat-00001 JBEAP-23866 - (7.4.z) Upgrade wss4j from 2.2.7.redhat-00001 to 2.3.3.redhat-00001 JBEAP-23927 - Tracker bug for the EAP 7.4.9 release for RHEL-8 JBEAP-24055 - (7.4.z) Upgrade HAL from 3.3.15.Final-redhat-00001 to 3.3.16.Final-redhat-00001 JBEAP-24081 - (7.4.z) Upgrade Elytron from 1.15.14.Final-redhat-00001 to 1.15.15.Final-redhat-00001 JBEAP-24095 - (7.4.z) Upgrade elytron-web from 1.9.2.Final-redhat-00001 to 1.9.3.Final-redhat-00001 JBEAP-24100 - [GSS](7.4.z) Upgrade Undertow from 2.2.20.SP1-redhat-00001 to 2.2.22.SP3-redhat-00001 JBEAP-24127 - (7.4.z) UNDERTOW-2123 - Update AsyncContextImpl.dispatch to use proper value JBEAP-24128 - (7.4.z) Upgrade Hibernate Search from 5.10.7.Final-redhat-00001 to 5.10.13.Final-redhat-00001 JBEAP-24132 - [GSS](7.4.z) Upgrade Ironjacamar from 1.5.3.SP2-redhat-00001 to 1.5.10.Final-redhat-00001 JBEAP-24147 - (7.4.z) Upgrade jboss-ejb-client from 4.0.45.Final-redhat-00001 to 4.0.49.Final-redhat-00001 JBEAP-24167 - (7.4.z) Upgrade WildFly Core from 15.0.19.Final-redhat-00001 to 15.0.21.Final-redhat-00002 JBEAP-24191 - [GSS](7.4.z) Upgrade remoting from 5.0.26.SP1-redhat-00001 to 5.0.27.Final-redhat-00001 JBEAP-24195 - [GSS](7.4.z) Upgrade JSF API from 3.0.0.SP06-redhat-00001 to 3.0.0.SP07-redhat-00001 JBEAP-24207 - (7.4.z) Upgrade Soteria from 1.0.1.redhat-00002 to 1.0.1.redhat-00003 JBEAP-24248 - (7.4.z) ELY-2492 - Upgrade sshd-common in Elytron from 2.7.0 to 2.9.2 JBEAP-24426 - (7.4.z) Upgrade Elytron from 1.15.15.Final-redhat-00001 to 1.15.16.Final-redhat-00001 JBEAP-24427 - (7.4.z) Upgrade WildFly Core from 15.0.21.Final-redhat-00002 to 15.0.22.Final-redhat-00001 7. Package List: Red Hat JBoss EAP 7.4 for RHEL8: Source: eap7-apache-sshd-2.9.2-1.redhat_00001.1.el8eap.src.rpm eap7-elytron-web-1.9.3-1.Final_redhat_00001.1.el8eap.src.rpm eap7-hal-console-3.3.16-1.Final_redhat_00001.1.el8eap.src.rpm eap7-hibernate-search-5.10.13-3.Final_redhat_00001.1.el8eap.src.rpm eap7-ironjacamar-1.5.10-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jackson-annotations-2.12.7-1.redhat_00003.1.el8eap.src.rpm eap7-jackson-core-2.12.7-1.redhat_00003.1.el8eap.src.rpm eap7-jackson-databind-2.12.7-1.redhat_00003.1.el8eap.src.rpm eap7-jackson-jaxrs-providers-2.12.7-1.redhat_00003.1.el8eap.src.rpm eap7-jackson-modules-base-2.12.7-1.redhat_00003.1.el8eap.src.rpm eap7-jackson-modules-java8-2.12.7-1.redhat_00003.1.el8eap.src.rpm eap7-javaee-security-soteria-1.0.1-3.redhat_00003.1.el8eap.src.rpm eap7-jboss-ejb-client-4.0.49-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-6.SP07_redhat_00001.1.el8eap.src.rpm eap7-jboss-jsp-api_2.3_spec-2.0.0-3.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-remoting-5.0.27-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-server-migration-1.10.0-24.Final_redhat_00023.1.el8eap.src.rpm eap7-jettison-1.5.2-1.redhat_00002.1.el8eap.src.rpm eap7-undertow-2.2.22-1.SP3_redhat_00001.1.el8eap.src.rpm eap7-wildfly-7.4.9-4.GA_redhat_00003.1.el8eap.src.rpm eap7-wildfly-elytron-1.15.16-1.Final_redhat_00001.1.el8eap.src.rpm eap7-woodstox-core-6.4.0-1.redhat_00001.1.el8eap.src.rpm noarch: eap7-apache-sshd-2.9.2-1.redhat_00001.1.el8eap.noarch.rpm eap7-hal-console-3.3.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-search-5.10.13-3.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-search-backend-jgroups-5.10.13-3.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-search-backend-jms-5.10.13-3.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-search-engine-5.10.13-3.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-search-orm-5.10.13-3.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-search-serialization-avro-5.10.13-3.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-1.5.10-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-common-api-1.5.10-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-common-impl-1.5.10-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-common-spi-1.5.10-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-core-api-1.5.10-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-core-impl-1.5.10-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-deployers-common-1.5.10-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-jdbc-1.5.10-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-validator-1.5.10-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jackson-annotations-2.12.7-1.redhat_00003.1.el8eap.noarch.rpm eap7-jackson-core-2.12.7-1.redhat_00003.1.el8eap.noarch.rpm eap7-jackson-databind-2.12.7-1.redhat_00003.1.el8eap.noarch.rpm eap7-jackson-datatype-jdk8-2.12.7-1.redhat_00003.1.el8eap.noarch.rpm eap7-jackson-datatype-jsr310-2.12.7-1.redhat_00003.1.el8eap.noarch.rpm eap7-jackson-jaxrs-base-2.12.7-1.redhat_00003.1.el8eap.noarch.rpm eap7-jackson-jaxrs-json-provider-2.12.7-1.redhat_00003.1.el8eap.noarch.rpm eap7-jackson-module-jaxb-annotations-2.12.7-1.redhat_00003.1.el8eap.noarch.rpm eap7-jackson-modules-base-2.12.7-1.redhat_00003.1.el8eap.noarch.rpm eap7-jackson-modules-java8-2.12.7-1.redhat_00003.1.el8eap.noarch.rpm eap7-javaee-security-soteria-1.0.1-3.redhat_00003.1.el8eap.noarch.rpm eap7-javaee-security-soteria-enterprise-1.0.1-3.redhat_00003.1.el8eap.noarch.rpm eap7-jboss-ejb-client-4.0.49-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-6.SP07_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-jsp-api_2.3_spec-2.0.0-3.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-remoting-5.0.27-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-server-migration-1.10.0-24.Final_redhat_00023.1.el8eap.noarch.rpm eap7-jboss-server-migration-cli-1.10.0-24.Final_redhat_00023.1.el8eap.noarch.rpm eap7-jboss-server-migration-core-1.10.0-24.Final_redhat_00023.1.el8eap.noarch.rpm eap7-jettison-1.5.2-1.redhat_00002.1.el8eap.noarch.rpm eap7-undertow-2.2.22-1.SP3_redhat_00001.1.el8eap.noarch.rpm eap7-undertow-server-1.9.3-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-7.4.9-4.GA_redhat_00003.1.el8eap.noarch.rpm eap7-wildfly-elytron-1.15.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-elytron-tool-1.15.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-javadocs-7.4.9-4.GA_redhat_00003.1.el8eap.noarch.rpm eap7-wildfly-modules-7.4.9-4.GA_redhat_00003.1.el8eap.noarch.rpm eap7-woodstox-core-6.4.0-1.redhat_00001.1.el8eap.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 8. References: https://access.redhat.com/security/cve/CVE-2015-9251 https://access.redhat.com/security/cve/CVE-2016-10735 https://access.redhat.com/security/cve/CVE-2017-18214 https://access.redhat.com/security/cve/CVE-2018-14040 https://access.redhat.com/security/cve/CVE-2018-14041 https://access.redhat.com/security/cve/CVE-2018-14042 https://access.redhat.com/security/cve/CVE-2019-8331 https://access.redhat.com/security/cve/CVE-2019-11358 https://access.redhat.com/security/cve/CVE-2020-11022 https://access.redhat.com/security/cve/CVE-2020-11023 https://access.redhat.com/security/cve/CVE-2022-3143 https://access.redhat.com/security/cve/CVE-2022-40149 https://access.redhat.com/security/cve/CVE-2022-40150 https://access.redhat.com/security/cve/CVE-2022-40152 https://access.redhat.com/security/cve/CVE-2022-42003 https://access.redhat.com/security/cve/CVE-2022-42004 https://access.redhat.com/security/cve/CVE-2022-45047 https://access.redhat.com/security/cve/CVE-2022-45693 https://access.redhat.com/security/cve/CVE-2022-46364 https://access.redhat.com/security/updates/classification#important https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4 https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index 9.Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY9lDHtzjgjWX9erEAQhkgw/9ErQe5kAdnHoGisF2rHzfWS5NoLmISZwP fy6ZPNQtLvT3WDJIdZ+/8vgjxvE7AIsA4wgZNpwAEdpICwvMv44MOqOd0xEv1vx3 YJPkkjHZwLLP6II2KT61djQoQZMgrtRaJC/zI7QaQaG2PMoz1bOvGLRuF23QIOI3 pw3cxw/Fe0QKSi1ejYcm4HoFu00SkreFB6gFwZGPCYCnx6ZeO/tTtqeqPbQfl4Iv inq6c3JCzQr9RY6Phj3LMWMUb9+0POZDr8CqHFZKvpcy6Ue7gyeOOalqff5Esk3h BPfI9KoYgE/vb9CqoOq6R4HS9Hl1XaY6hSFJxTmtXiWIatLh4wCMPn0Qc5EbFCpc rextHQXuNY0zS8ahZBgbBBgnTcDSvE3knsm75zUtXZArforumjlPWaGCkSbUbWil rHXQV4QCTSw7PJtrQI3W0jBAhXzKdWs9KvrJmqho1PEvfblCyGkGQJL3B81tFsw1 75uyRIw1953wVH08EqYX5pbEOly/pCGKgG3D/kLOffN0AGjSyrxx7OQTeb39SmP2 wp8H5DmfkC3n9apNsJKoaj2siUo3p8NYptN1sgDCnFxqnsxWTBiekAuasri42x97 QvGZv27zlf4LhuFkCzRrSMGszrdtr/+P/6JOy5hi+JKo7SuKcvDHI0IcImWq0HBi Wb9PIkTxF9A=bqBh -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A critical security patch has been released for Red Hat JBoss Enterprise Application Platform 7.4, targeting significant vulnerabilities.. Red Hat JBoss Update, Security Advisory, Enterprise Application, XSS Fix, DoS Vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Jan 31, 2023 •Important Red Hat

security advisorysecurity updateimportant

Red Hat JBoss 7.4 Important Advisory: RHSA-2022-0400 Security Update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.4.3 security update Advisory ID: RHSA-2022:0400-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:0400 Issue date: 2022-02-02 CVE Names: CVE-2021-3859 CVE-2021-20318 ==================================================================== 1. Summary: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.4 for RHEL 7 Server - noarch 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.3 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.2, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.3 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * undertow: client side invocation timeout raised when calling over HTTP2 (CVE-2021-3859) * EAP 7: Incomplete fix of CVE-2016-4978 in HornetQ library (CVE-2021-20318) For moredetails about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2010378 - CVE-2021-3859 undertow: client side invocation timeout raised when calling over HTTP2 2010559 - CVE-2021-20318 EAP 7: Incomplete fix of CVE-2016-4978 in HornetQ library 6. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): JBEAP-22100 - (7.4.z) Upgrade galleon-plugins to a 5.1.x version with WFGP-195 fixed JBEAP-22104 - (7.4.z) Upgrade JBoss Classfilewriter from 1.2.4.Final-redhat-00001 to 1.2.5.Final-redhat-00001 JBEAP-22106 - (7.4.z) Upgrade to JBoss Marshalling from 2.0.11.Final-redhat-00001 to 2.0.12.Final-redhat-00001 JBEAP-22108 - (7.4.z) Upgrade to Byteman from 4.0.14 to 4.0.16 JBEAP-22373 - (7.4.z) Upgrade galleon-plugins in wildfly-core-eap from 5.1.0.Final to 5.1.4.Final JBEAP-22505 - [GSS](7.4.z) WFLY-14923 - Update JPA handling to support `initialize-in-order` JBEAP-22575 - (7.4.z) Upgrade mod_cluster from 1.4.3.Final-redhat-00002 to 1.4.4.Final JBEAP-22582 - (7.4.z) Upgrade WildFly Core from 15.0.5.Final-redhat-00001 to 15.0.6.Final-redhat-00001 JBEAP-22586 - (7.4.z) Upgrade RESTEasy from 3.15.2.Final-redhat-00001 to 3.15.3.Final-redhat-00001 JBEAP-22587 - (7.4.z) Upgrade Hibernate ORM from 5.3.23.Final-redhat-00001 to 5.3.24.Final-redhat-00001 JBEAP-22590 - (7.4.z) Upgrade Mockito from 2.18.0 to 3.10.0 JBEAP-22609 - (7.4.z) Upgrade XNIO from 3.8.4.Final-redhat-00001 to 3.8.5.SP1-redhat-00001 JBEAP-22641 - Tracker bug for the EAP 7.4.3 release for RHEL-7 JBEAP-22668 - (7.4.z) Upgrade Elytron from 1.15.6.Final-redhat-00001 to 1.15.9.Final JBEAP-22679 -[GSS](7.4.z) UNDERTOW-1984 - GOAWAY sent by HTTP2 server when a RST is sent after upgrade JBEAP-22692 - (7.4.z) Upgrade Ironjacamar from 1.5.2.Final-redhat-00001 to 1.5.3.Final-redhat-00001 JBEAP-22693 - (7.4.z) Upgrade jboss-ejb-client from 4.0.43.Final-redhat-00001 to 4.0.44.Final-redhat-00001 JBEAP-22740 - (7.4.z) Upgrade jgroups_azure from 1.3.0.Final-redhat-00001 to 1.3.1.Final JBEAP-22754 - (7.4.z) Upgrade azure-storage 8.6.6 JBEAP-22793 - (7.4.z) Update elytron-tool scripts to make use of jboss-modules JBEAP-22822 - (7.4.z) Update ElytronHttpExchange#getRequestURI to no longer use the 7 argument URI constructor JBEAP-22823 - (7.4.z) Upgrade undertow from 2.2.13.SP1 to 2.2.13.SP2 JBEAP-22833 - (7.4.z) Upgrade elytron-web from 1.9.1.Final-redhat-00001 to 1.9.2.Final-redhat-00001 JBEAP-22851 - (7.4.z) Upgrade WildFly Http Client from 1.1.8.Final-redhat-00001 to 1.1.10.Final-redhat-00001 7. Package List: Red Hat JBoss EAP 7.4 for RHEL 7Server: Source: eap7-azure-storage-8.6.6-1.redhat_00001.1.el7eap.src.rpm eap7-elytron-web-1.9.2-2.Final_redhat_00001.1.el7eap.src.rpm eap7-hibernate-5.3.24-1.Final_redhat_00001.1.el7eap.src.rpm eap7-hornetq-2.4.8-1.Final_redhat_00001.1.el7eap.src.rpm eap7-ironjacamar-1.5.3-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-classfilewriter-1.2.5-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-ejb-client-4.0.44-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-marshalling-2.0.12-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-server-migration-1.10.0-13.Final_redhat_00012.1.el7eap.src.rpm eap7-jboss-xnio-base-3.8.5-1.SP1_redhat_00001.1.el7eap.src.rpm eap7-jgroups-4.2.15-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jgroups-azure-1.3.1-1.Final_redhat_00001.1.el7eap.src.rpm eap7-mod_cluster-1.4.4-1.Final_redhat_00001.1.el7eap.src.rpm eap7-resteasy-3.15.3-1.Final_redhat_00001.1.el7eap.src.rpm eap7-undertow-2.2.13-1.SP2_redhat_00001.1.el7eap.src.rpm eap7-wildfly-7.4.3-5.GA_redhat_00002.1.el7eap.src.rpm eap7-wildfly-elytron-1.15.9-2.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-http-client-1.1.10-1.Final_redhat_00001.1.el7eap.src.rpm noarch: eap7-azure-storage-8.6.6-1.redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-5.3.24-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-core-5.3.24-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-entitymanager-5.3.24-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-envers-5.3.24-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-java8-5.3.24-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hornetq-2.4.8-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hornetq-commons-2.4.8-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hornetq-core-client-2.4.8-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hornetq-jms-client-2.4.8-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-api-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-impl-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-spi-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-api-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-impl-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-deployers-common-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-jdbc-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-validator-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-classfilewriter-1.2.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-ejb-client-4.0.44-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-marshalling-2.0.12-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-marshalling-river-2.0.12-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-server-migration-1.10.0-13.Final_redhat_00012.1.el7eap.noarch.rpm eap7-jboss-server-migration-cli-1.10.0-13.Final_redhat_00012.1.el7eap.noarch.rpm eap7-jboss-server-migration-core-1.10.0-13.Final_redhat_00012.1.el7eap.noarch.rpm eap7-jboss-xnio-base-3.8.5-1.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-jgroups-4.2.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jgroups-azure-1.3.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-mod_cluster-1.4.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-atom-provider-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-cdi-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-client-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-crypto-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jackson-provider-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jackson2-provider-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jaxb-provider-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jaxrs-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jettison-provider-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jose-jwt-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jsapi-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-json-binding-provider-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-json-p-provider-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-multipart-provider-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-rxjava2-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-spring-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-validator-provider-11-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-yaml-provider-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-undertow-2.2.13-1.SP2_redhat_00001.1.el7eap.noarch.rpm eap7-undertow-server-1.9.2-2.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-7.4.3-5.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-elytron-1.15.9-2.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-elytron-tool-1.15.9-2.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-client-common-1.1.10-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-ejb-client-1.1.10-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-naming-client-1.1.10-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-transaction-client-1.1.10-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-java-jdk11-7.4.3-5.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-java-jdk8-7.4.3-5.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-javadocs-7.4.3-5.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-modules-7.4.3-5.GA_redhat_00002.1.el7eap.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 8.References: https://access.redhat.com/security/cve/CVE-2021-3859 https://access.redhat.com/security/cve/CVE-2021-20318 https://access.redhat.com/security/updates/classification#important https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4 https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index 9. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYfsRV9zjgjWX9erEAQgd2g/+PH98JXIAKYXEm9mbGRHZSE7b41L3szWD JKX4o/m3Cry1bWyXcZDRZpb1WqMLvSoOcjk6qqgtXl6pk5QfdjAxBE7RX2gBA8u7 HypuvLFubaUmNwMYHQWqiT6o0s5tR6dxzKWdWY5AMVYzmDpoliOJljIK+y+wBOQI 1sK0XjL/wVJtnevNmTd3jAD1aP2x7l7Da8/ti/NUhYr1zi+dBzLs/TwVh84aHW6z ojdgurRhzyyFqhecI1tFayiSYPmwwYhEUgju5dIWbb3KU8ow26N8heturH8yOZJ8 HZX2px3S8sbulbV3CvbE8oxp/f8cw2p+NoydtfALO6xsdY32TThU4l1ORNGQWOgj G5+oiZZDduiT3ERp39P5OMUcAQV7HooEE1UpR5dp9CpjqcpH8hbO9tUwIBJJmAKK cVL9pqtH/kPT5IGOE14mvU6Z89SPZ0Gz3ty3pEYzMlt9kj68Lyj8eicBM7nwfMSR dyHs9ZrLXFeA1y6Gt0WVsOlt9Er263X4XvDaHWxsTWSXTCnEdpwd1pFBSTDVck3N eLyN5LgLI0QCFCfqyKHTsuFFnkpnXlSOe0/XH0DnjA07/xWoiG94Xx34WGGsqNb5 DPSOP3rDeeiyVcBmhyuZYeXOfllFQxuEcZompS0O3TTh4bo9ilZkNVc4z2YSrYgh S35s4niI7G4=g6fX -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A recent security patch for Red Hat JBoss EAP 7.4 addresses critical vulnerabilities that may compromise application integrity, urging prompt application for compliance.. Red Hat JBoss Update, Application Security, Enterprise Application Fix, Java Application Platform, JBoss Security Advisory. . Severity: Important. LinuxSecurity.com Team

Feb 02, 2022 •Important Red Hat

security advisorymoderatered hat

Red Hat JBoss EAP 7.3.10 Moderate Advisory: DoS and Timing Attacks

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Enterprise Application Platform 7.3.10 security update on RHEL 7 Advisory ID: RHSA-2021:5150-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2021:5150 Issue date: 2021-12-15 CVE Names: CVE-2021-3629 CVE-2021-3642 CVE-2021-3717 CVE-2021-20289 CVE-2021-37714 CVE-2021-40690 ==================================================================== 1. Summary: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.3 for RHEL 7 Server - noarch 3. Description: This release of Red Hat JBoss Enterprise Application Platform 7.3.10 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.9, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.10 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * undertow: potential security issue in flow control over HTTP/2 may lead to DOS (CVE-2021-3629) * wildfly-elytron: possible timing attack in ScramServer (CVE-2021-3642) * wildfly: incorrect JBOSS_LOCAL_USERchallenge location may lead to giving access to all the local users (CVE-2021-3717) * jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck (CVE-2021-37714) * xml-security: XPath Transform abuse allows for information disclosure (CVE-2021-40690) * resteasy: Error message exposes endpoint class information (CVE-2021-20289) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1935927 - CVE-2021-20289 resteasy: Error message exposes endpoint class information 1977362 - CVE-2021-3629 undertow: potential security issue in flow control over HTTP/2 may lead to DOS 1981407 - CVE-2021-3642 wildfly-elytron: possible timing attack in ScramServer 1991305 - CVE-2021-3717 wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users1995259 - CVE-2021-37714 jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck 2011190 - CVE-2021-40690 xml-security: XPath Transform abuse allows for information disclosure 6. JIRA issues fixed (https://issues.redhat.com/): JBEAP-22144 - Tracker bug for the EAP 7.3.10 release for RHEL-7 JBEAP-22314 - [GSS](7.3.z) Upgrade ironjacamar from 1.4.35.Final-redhat-00001 to 1.5.2.Final-redhat-00001 JBEAP-22332 - (7.3.z) Upgrade Elytron from 1.10.13.Final-redhat-00001 to 1.10.15.Final-redhat-00001 JBEAP-22343 - [GSS](7.3.z) Upgrade jboss-ejb-client from 4.0.39.SP1-redhat-00001 to 4.0.43.Final-redhat-00001 JBEAP-22363 - (7.3.z) Upgrade RESTEasy from 3.11.4.Final-redhat-00001 to 3.11.5.Final-redhat-00001 JBEAP-22490 - (7.3.z) Upgrade jakarta.elfrom 3.0.3.redhat-00006 to 3.0.3.redhat-00007 JBEAP-22501 - (7.3.z) Upgrade Apache CXF from 3.3.7 to 3.3.12 JBEAP-22523 - (7.3.z) Upgrade wss4j from 2.2.5.redhat-00001 to 2.2.7.redhat-00001 JBEAP-22734 - (7.3.z) Upgrade Ironjacamar from 1.5.2.Final-redhat-00001 to 1.5.3.Final-redhat-00001 7. Package List: Red Hat JBoss EAP 7.3 for RHEL 7Server: Source: eap7-apache-cxf-3.3.12-1.redhat_00001.1.el7eap.src.rpm eap7-ironjacamar-1.5.3-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jakarta-el-3.0.3-3.redhat_00007.1.el7eap.src.rpm eap7-jboss-ejb-client-4.0.43-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-server-migration-1.7.2-10.Final_redhat_00011.1.el7eap.src.rpm eap7-jsoup-1.14.2-1.redhat_00002.1.el7eap.src.rpm eap7-resteasy-3.11.5-1.Final_redhat_00001.1.el7eap.src.rpm eap7-undertow-2.0.41-1.SP1_redhat_00001.1.el7eap.src.rpm eap7-wildfly-7.3.10-2.GA_redhat_00003.1.el7eap.src.rpm eap7-wildfly-elytron-1.10.15-1.Final_redhat_00001.1.el7eap.src.rpm eap7-wss4j-2.2.7-1.redhat_00001.1.el7eap.src.rpm eap7-xml-security-2.1.7-1.redhat_00001.1.el7eap.src.rpm noarch: eap7-apache-cxf-3.3.12-1.redhat_00001.1.el7eap.noarch.rpm eap7-apache-cxf-rt-3.3.12-1.redhat_00001.1.el7eap.noarch.rpm eap7-apache-cxf-services-3.3.12-1.redhat_00001.1.el7eap.noarch.rpm eap7-apache-cxf-tools-3.3.12-1.redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-api-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-impl-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-spi-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-api-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-impl-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-deployers-common-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-jdbc-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-validator-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jakarta-el-3.0.3-3.redhat_00007.1.el7eap.noarch.rpm eap7-jboss-ejb-client-4.0.43-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-server-migration-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-cli-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-core-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.3-server-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly15.0-server-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly16.0-server-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly17.0-server-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly18.0-server-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jsoup-1.14.2-1.redhat_00002.1.el7eap.noarch.rpm eap7-resteasy-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-atom-provider-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-cdi-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-client-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-client-microprofile-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-crypto-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jackson-provider-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jackson2-provider-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jaxb-provider-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jaxrs-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jettison-provider-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jose-jwt-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jsapi-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-json-binding-provider-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-json-p-provider-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-multipart-provider-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-rxjava2-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-spring-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-validator-provider-11-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-yaml-provider-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-undertow-2.0.41-1.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-7.3.10-2.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wildfly-elytron-1.10.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-elytron-tool-1.10.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-java-jdk11-7.3.10-2.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wildfly-java-jdk8-7.3.10-2.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wildfly-javadocs-7.3.10-2.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wildfly-modules-7.3.10-2.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wss4j-2.2.7-1.redhat_00001.1.el7eap.noarch.rpm eap7-wss4j-bindings-2.2.7-1.redhat_00001.1.el7eap.noarch.rpm eap7-wss4j-policy-2.2.7-1.redhat_00001.1.el7eap.noarch.rpm eap7-wss4j-ws-security-common-2.2.7-1.redhat_00001.1.el7eap.noarch.rpm eap7-wss4j-ws-security-dom-2.2.7-1.redhat_00001.1.el7eap.noarch.rpm eap7-wss4j-ws-security-policy-stax-2.2.7-1.redhat_00001.1.el7eap.noarch.rpm eap7-wss4j-ws-security-stax-2.2.7-1.redhat_00001.1.el7eap.noarch.rpm eap7-xml-security-2.1.7-1.redhat_00001.1.el7eap.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2021-3629 https://access.redhat.com/security/cve/CVE-2021-3642 https://access.redhat.com/security/cve/CVE-2021-3717 https://access.redhat.com/security/cve/CVE-2021-20289 https://access.redhat.com/security/cve/CVE-2021-37714 https://access.redhat.com/security/cve/CVE-2021-40690 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/ 9. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYbpUJtzjgjWX9erEAQjxsxAAgJgO7CZdB2qavrxrAKH3m1epiqo6nFIJ 4DyZdgloFX13/0lIRpItJ7QlPd7rd+xwpP++DywuDX7AQDcAv81VMZYFfQBzFttH HXCx/ZCYmNUtw4qu+dbzLxA5+T41mHwqKG0NmB0Q9+JHc5MtZKj/wgeMP4sWezda iDir6YtmYSgnUoap2uQumHoHw9DlvAqsgkIUrCVhvFoA77K0FkECLd2XFGQeUg03 0UXaPTHAIUv3jijYO04QYydXkWClWOtmugXOUO7jSDssPbMJpg7t4g+Z9g1pPcgb 25tX+4ivrhJFGMqvc2tt8tBCaDjGmi91TnI6zjvqKNSO4Nu3tmD4VdX3uTgqn9cG cw3q3JscoQjQe01oGogWXHt2Zb5wMoIIKFhhpUWWgjjCAu91JAFRiE2t3KYRvsRI hDQPD2ewBiYMUsvF7VmnyDW9XlLbLw40Zxr/nFxbINMFOxnUYyiFFb3joKr8CuIi hlBHjl7rXuyIG/dEjQsKys0V9IwTiidsNJwmIDcU3iJMY9ZFtlvP8VVaO1mKjW8l DKmvEMHgspWQvZyfSAV4t8Gqmf0emdjEf3mwdw0AcsA1iATh3wGosLAQrFikzTAT M75mcnFqpZuvQZ6OatM05XVIGyUp14P+STTPtL4PevFpRFfkznvWDCanbvTP7yaJ ipnFmBXjr94=LPYn -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Oracle WebLogic Server 12.2.1.4 patch release fixes severalvulnerabilities classified as having a moderate risk profile.. Red Hat JBoss EAP, Moderate Security Patch, Enterprise App Security, DoS Vulnerability. . LinuxSecurity.com Team

Dec 15, 2021 Red Hat

security advisorymoderatecode execution

Red Hat JBoss EAP 7.3 Update: RHSA-2021-2046 Moderate Security Flaws

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Enterprise Application Platform 7.3.7 security update on RHEL 6 Advisory ID: RHSA-2021:2046-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2021:2046 Issue date: 2021-05-19 CVE Names: CVE-2020-13936 CVE-2021-21290 CVE-2021-21295 ==================================================================== 1. Summary: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.3 for RHEL 6 Server - noarch 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.6, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.7 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * velocity: arbitrary code execution when attacker is able to modify templates (CVE-2020-13936) * netty: Information disclosure via the local systemtemporary directory (CVE-2021-21290) * netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1927028 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory 1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation 1937440 - CVE-2020-13936 velocity: arbitrary code execution when attacker is able to modify templates 6. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): JBEAP-20478 - (7.3.z) Upgrade artemis-wildfly-integration from 1.0.2 to 1.0.4 JBEAP-20868 - Tracker bug for the EAP 7.3.7 release for RHEL-6 JBEAP-20927 - [GSS](7.3.z) Upgrade weld from 3.1.4.Final to 3.1.6.Final and weld-api to 3.1.0.SP3 JBEAP-20935 - [GSS](7.3.z) Upgrade generic jms from 2.0.8.Final-redhat-00001 to 2.0.9.Final-redhat-00001 JBEAP-20940 - (7.3.z) Upgrade WildFly Elytron from 1.10.11.Final-redhat-00001 to 1.10.12.Final-redhat-00001 JBEAP-21093 - [GSS] (7.3.z) Upgrade undertow from 2.0.34.SP1-redhat-00001 to 2.0.35.SP1-redhat-00001 JBEAP-21094 - (7.3.z) Upgrade WildFly Core from 10.1.18.Final-redhat-00001 to 10.1.19.Final-redhat-00001 JBEAP-21095 - [GSS](7.3.z) Upgrade HAL from 3.2.13.Final-redhat-00001 to 3.2.14.Final-redhat-00001 JBEAP-21096 - (7.3.z) (Core) Upgrade xalan from 2.7.1.jbossorg-2 to 2.7.1.jbossorg-5 JBEAP-21121 - (7.3.z) Upgrade wildfly-http-client from 1.0.25.Final-redhat-00001 to 1.0.26.Final-redhat-00001 JBEAP-21185 - [GSS](7.3.z) ISPN-12807 - Simple cache does not update eviction statistics JBEAP-21186 - [GSS](7.3.z) Upgrade Infinispan from9.4.19.Final-redhat-00001 to 9.4.22.Final-redhat-00001 JBEAP-21193 - (7.3.z) Upgrade RESTEasy from 3.11.3.Final-redhat-00001 to 3.11.4.Final-redhat-00001 JBEAP-21196 - [GSS](7.3.z) Upgrade JBoss Marshalling from 2.0.10.Final to 2.0.11.Final JBEAP-21203 - [GSS](7.3.z) Upgrade jgroups-kubernetes from 1.0.13.Final to 1.0.16.Final JBEAP-21262 - [GSS](7.3.z) Upgrade yasson from 1.0.5.redhat-00001 to 1.0.9.redhat-00001 JBEAP-21279 - (7.3.z) Upgrade xalan from 2.7.1.redhat-12 to 2.7.1.redhat-13 JBEAP-21312 - [GSS](7.3.z) Upgrade Ironjacamar from 1.4.27 to 1.4.30 JBEAP-21322 - [GSS](7.3.z) 7.3 Update 6 patch breaks samesite-cookie in Undertow JBEAP-21351 - (7.3.z) Upgrade WildFly Core from 10.1.19.Final-redhat-00001 to 10.1.20.Final-redhat-00001 JBEAP-21390 - (7.3.z) Upgrade Bouncy Castle from 1.68.0.redhat-00001 to 1.68.0.redhat-00005 JBEAP-21479 - (7.3.z) Upgrade mod_cluster from 1.4.3.Final-redhat-00001 to 1.4.3.Final-redhat-00002 7. Package List: Red Hat JBoss EAP 7.3 for RHEL 6Server: Source: eap7-artemis-wildfly-integration-1.0.4-1.redhat_00001.1.el6eap.src.rpm eap7-bouncycastle-1.68.0-2.redhat_00005.1.el6eap.src.rpm eap7-hal-console-3.2.14-1.Final_redhat_00001.1.el6eap.src.rpm eap7-infinispan-9.4.22-3.Final_redhat_00001.1.el6eap.src.rpm eap7-ironjacamar-1.4.30-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-genericjms-2.0.9-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-marshalling-2.0.11-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-server-migration-1.7.2-6.Final_redhat_00007.1.el6eap.src.rpm eap7-jboss-weld-3.1-api-3.1.0-6.SP3_redhat_00001.1.el6eap.src.rpm eap7-jgroups-kubernetes-1.0.16-1.Final_redhat_00001.1.el6eap.src.rpm eap7-mod_cluster-1.4.3-2.Final_redhat_00002.1.el6eap.src.rpm eap7-netty-4.1.60-1.Final_redhat_00001.1.el6eap.src.rpm eap7-resteasy-3.11.4-1.Final_redhat_00001.1.el6eap.src.rpm eap7-undertow-2.0.35-1.SP1_redhat_00001.1.el6eap.src.rpm eap7-velocity-2.3.0-1.redhat_00001.1.el6eap.src.rpm eap7-weld-core-3.1.6-1.Final_redhat_00001.1.el6eap.src.rpm eap7-wildfly-7.3.7-1.GA_redhat_00002.1.el6eap.src.rpm eap7-wildfly-elytron-1.10.12-1.Final_redhat_00001.1.el6eap.src.rpm eap7-wildfly-http-client-1.0.26-1.Final_redhat_00001.1.el6eap.src.rpm eap7-xalan-j2-2.7.1-36.redhat_00013.1.el6eap.src.rpm eap7-yasson-1.0.9-1.redhat_00001.1.el6eap.src.rpm noarch: eap7-artemis-wildfly-integration-1.0.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-bouncycastle-1.68.0-2.redhat_00005.1.el6eap.noarch.rpm eap7-bouncycastle-mail-1.68.0-2.redhat_00005.1.el6eap.noarch.rpm eap7-bouncycastle-pkix-1.68.0-2.redhat_00005.1.el6eap.noarch.rpm eap7-bouncycastle-prov-1.68.0-2.redhat_00005.1.el6eap.noarch.rpm eap7-hal-console-3.2.14-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-9.4.22-3.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-cachestore-jdbc-9.4.22-3.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-cachestore-remote-9.4.22-3.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-client-hotrod-9.4.22-3.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-commons-9.4.22-3.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-core-9.4.22-3.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-commons-9.4.22-3.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-spi-9.4.22-3.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-v53-9.4.22-3.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-1.4.30-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-api-1.4.30-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-impl-1.4.30-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-spi-1.4.30-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-core-api-1.4.30-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-core-impl-1.4.30-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-deployers-common-1.4.30-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-jdbc-1.4.30-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-validator-1.4.30-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-genericjms-2.0.9-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-marshalling-2.0.11-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-marshalling-river-2.0.11-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-server-migration-1.7.2-6.Final_redhat_00007.1.el6eap.noarch.rpm eap7-jboss-server-migration-cli-1.7.2-6.Final_redhat_00007.1.el6eap.noarch.rpm eap7-jboss-server-migration-core-1.7.2-6.Final_redhat_00007.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.7.2-6.Final_redhat_00007.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.2-6.Final_redhat_00007.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.7.2-6.Final_redhat_00007.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.7.2-6.Final_redhat_00007.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.7.2-6.Final_redhat_00007.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.2-6.Final_redhat_00007.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.3-server-1.7.2-6.Final_redhat_00007.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.7.2-6.Final_redhat_00007.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.7.2-6.Final_redhat_00007.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.7.2-6.Final_redhat_00007.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.7.2-6.Final_redhat_00007.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.7.2-6.Final_redhat_00007.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.7.2-6.Final_redhat_00007.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly15.0-server-1.7.2-6.Final_redhat_00007.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly16.0-server-1.7.2-6.Final_redhat_00007.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly17.0-server-1.7.2-6.Final_redhat_00007.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly18.0-server-1.7.2-6.Final_redhat_00007.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.7.2-6.Final_redhat_00007.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.7.2-6.Final_redhat_00007.1.el6eap.noarch.rpm eap7-jboss-weld-3.1-api-3.1.0-6.SP3_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-weld-3.1-api-weld-api-3.1.0-6.SP3_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-weld-3.1-api-weld-spi-3.1.0-6.SP3_redhat_00001.1.el6eap.noarch.rpm eap7-jgroups-kubernetes-1.0.16-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-mod_cluster-1.4.3-2.Final_redhat_00002.1.el6eap.noarch.rpm eap7-netty-4.1.60-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-netty-all-4.1.60-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-3.11.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-atom-provider-3.11.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-cdi-3.11.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-client-3.11.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-client-microprofile-3.11.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-crypto-3.11.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-jackson-provider-3.11.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-jackson2-provider-3.11.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-jaxb-provider-3.11.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-jaxrs-3.11.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-jettison-provider-3.11.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-jose-jwt-3.11.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-jsapi-3.11.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-json-binding-provider-3.11.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-json-p-provider-3.11.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-multipart-provider-3.11.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-rxjava2-3.11.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-spring-3.11.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-validator-provider-11-3.11.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-yaml-provider-3.11.4-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-undertow-2.0.35-1.SP1_redhat_00001.1.el6eap.noarch.rpm eap7-velocity-2.3.0-1.redhat_00001.1.el6eap.noarch.rpm eap7-velocity-engine-core-2.3.0-1.redhat_00001.1.el6eap.noarch.rpm eap7-weld-core-3.1.6-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-weld-core-impl-3.1.6-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-weld-core-jsf-3.1.6-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-weld-ejb-3.1.6-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-weld-jta-3.1.6-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-weld-probe-core-3.1.6-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-weld-web-3.1.6-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-7.3.7-1.GA_redhat_00002.1.el6eap.noarch.rpm eap7-wildfly-elytron-1.10.12-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-elytron-tool-1.10.12-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-client-common-1.0.26-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-ejb-client-1.0.26-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-naming-client-1.0.26-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-transaction-client-1.0.26-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-javadocs-7.3.7-1.GA_redhat_00002.1.el6eap.noarch.rpm eap7-wildfly-modules-7.3.7-1.GA_redhat_00002.1.el6eap.noarch.rpm eap7-xalan-j2-2.7.1-36.redhat_00013.1.el6eap.noarch.rpm eap7-yasson-1.0.9-1.redhat_00001.1.el6eap.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 8. References: https://access.redhat.com/security/cve/CVE-2020-13936 https://access.redhat.com/security/cve/CVE-2021-21290 https://access.redhat.com/security/cve/CVE-2021-21295 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3 https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index 9. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYKUxIdzjgjWX9erEAQgmMw//UYg4rqfLDXCHqDnjS4gCI44QJZFprPMM Lxr6AKkdN41z2T3opq5DJPEdUsechKYIXQ6zeZLrTikkEJkEoVznTkKqymkDyWPi vUhcy3sN4RWPyoumbV817MdBMqyH4L6Fi8jPzmupp0CFq3ffuriHaVEEFVZojK76 DbasiebiwW1xrywNRna5iy5RBnUtdXNxXJ6XKHfXgfkz7BDq6mbGmzgYpS2dsUtp 0DqPOzRPRxjHitepswAVbL5q8BJE+C8Nhc7Dx+vVcVOfc2sP9lYouYATSeyJXQeW kwsCHBj8EEU8IuK/2461hCdhm9ZkO+69+TzNCKN+I+bp18bmE9ynvf7QKWk4y7QI J/UWOr//kWH4PPCvDbvNpcrsEp470w8+B80lYTprPCtMPX9uZ0M+DLRbsT6UgpQ8 NupomctFwFryoaQhggc+V8P8SVcVC9gfcjmhRzQS6zY0jj+5GwFK0X5ay6pwcfK2 KxNMds4hCRQfiJHXflT3bv5VREw3KDj9k27iNICX9TQcFOGDdK10y3iem5KjBpNB EUT4mtt05zZt4bcoOfUE1Q6zARM+egdG8UPcmlA9aTaf0dNyB54MC6oh8/oM7ol2 5MNKWweBDc9NBCbxLJfprLVoDxjS6cCkUx667M3H3ZuQ27FYSDvT81sLhTx2B2l0 1CBHAk3aI2k=HZpI -----END PGP SIGNATURE----- -- RHSA-announce mailinglist This email address is being protected from spambots. You need JavaScript enabled to view it. https://listman.redhat.com/mailman/listinfo/rhsa-announce . Oracle WebLogic Server 14.1.1 undergoes a significant security patch focusing on vulnerability remediation, accidental data exposure, and system stability improvements.. Red Hat JBoss, Security Updates, Application Platform. . LinuxSecurity.com Team

May 19, 2021 Red Hat

security advisorysecurity issueupdate

Red Hat JBoss 7.3: RHSA-2021:0246-01 Important: Security Update Details

An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.5 security update Advisory ID: RHSA-2021:0246-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2021:0246 Issue date: 2021-01-25 CVE Names: CVE-2020-13956 CVE-2020-25633 CVE-2020-25640 CVE-2020-25689 CVE-2020-27782 CVE-2020-27822 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.3 for RHEL 6 Server - noarch 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.4, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * wildfly: Potential Memory leak in Wildfly when using OpenTracing (CVE-2020-27822) * undertow: special character inquery results in server errors(CVE-2020-27782) * wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-controller (CVE-2020-25689) * httpclient: apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956) * wildfly: resource adapter logs plaintext JMS password at warning level on connection error (CVE-2020-25640) * resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling (CVE-2020-25633) For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1879042 - CVE-2020-25633 resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling 1881637 - CVE-2020-25640 wildfly: resource adapter logs plaintext JMS password at warning level on connection error 1886587 - CVE-2020-13956 apache-httpclient: incorrect handling of malformed authority component in request URIs 1893070 - CVE-2020-25689 wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-controller 1901304 - CVE-2020-27782 undertow: special character in query results in server errors1904060 - CVE-2020-27822 wildfly: Potential Memory leak in Wildfly when using OpenTracing 6. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): JBEAP-19788 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.22.Final-redhat-00001 to 1.0.24.Final-redhat-00001 JBEAP-19790 - [GSS](7.3.z) Upgrade jboss-ejb-client from 4.0.33.SP1-redhat-00001 to 4.0.37.Final-redhat-00001 JBEAP-19816 - [GSS](7.3.z) UNDERTOW-1745 - Undertow access-log does not workfor HTTP/2 POST request on HTTP Upgrade based connection JBEAP-20240 - (7.3.z) Upgrade Narayana from 5.9.9.Final to 5.9.10.Final JBEAP-20268 - (7.3.z) Upgrade generic jms from 2.0.6 to 2.0.8 JBEAP-20269 - Tracker bug for the EAP 7.3.5 release for RHEL-6 JBEAP-20286 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.18.Final-redhat-00002 to 5.3.20.Final-redhat-00001 JBEAP-20288 - [GSS] (7.3.z) Upgrade undertow from 2.0.32.SP1-redhat to 2.0.33.SP2-redhat JBEAP-20333 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP12-redhat-00001 to 2.3.9.SP13-redhat-00001 JBEAP-20373 - (7.3.z) Upgrade Apache HTTP Client to 4.5.13 JBEAP-20376 - (7.3.z) Upgrade WildFly Elytron from 1.10.9.Final-redhat-00001 to 1.10.10.Final-redhat JBEAP-20399 - (7.3.z) Upgrade RESTEasy from 3.11.2.Final.redhat-00001 to 3.11.3.Final.redhat-00001 JBEAP-20403 - [GSS](7.3.z) Upgrade XNIO from 3.7.11.Final to 3.7.12.Final JBEAP-20405 - [GSS](7.3.z) Upgrade Artemis from 2.9.0.redhat-00016 to 2.9.0.redhat-00017 JBEAP-20438 - [GSS](7.3.z) Upgrade JBoss Remoting from 5.0.19.Final-redhat-00001 to 5.0.20.Final-redhat-00001 JBEAP-20480 - [GSS](7.3.z) Upgrade HAL from 3.2.11.Final-redhat-00001 to 3.2.12.Final JBEAP-20502 - (7.3.z) Upgrade JBoss Modules from 1.10.0.Final to 1.11.0.Final JBEAP-20521 - (7.3.z) Upgrade wildfly-discovery-client to 1.2.1.Final JBEAP-20591 - (7.3.z) Upgrade opentracing-interceptors from 0.0.4.redhat-00004 to 0.0.4.1.redhat-00002 7. Package List: Red Hat JBoss EAP 7.3 for RHEL 6Server: Source: eap7-activemq-artemis-2.9.0-7.redhat_00017.1.el6eap.src.rpm eap7-glassfish-jsf-2.3.9-12.SP13_redhat_00001.1.el6eap.src.rpm eap7-hal-console-3.2.12-1.Final_redhat_00001.1.el6eap.src.rpm eap7-hibernate-5.3.20-1.Final_redhat_00001.1.el6eap.src.rpm eap7-httpcomponents-client-4.5.13-1.redhat_00001.1.el6eap.src.rpm eap7-jboss-ejb-client-4.0.37-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-genericjms-2.0.8-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-modules-1.11.0-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-remoting-5.0.20-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-server-migration-1.7.2-4.Final_redhat_00005.1.el6eap.src.rpm eap7-jboss-xnio-base-3.7.12-1.Final_redhat_00001.1.el6eap.src.rpm eap7-narayana-5.9.10-1.Final_redhat_00001.1.el6eap.src.rpm eap7-opentracing-interceptors-0.0.4.1-2.redhat_00002.1.el6eap.src.rpm eap7-resteasy-3.11.3-1.Final_redhat_00001.1.el6eap.src.rpm eap7-undertow-2.0.33-1.SP2_redhat_00001.1.el6eap.src.rpm eap7-wildfly-7.3.5-2.GA_redhat_00001.1.el6eap.src.rpm eap7-wildfly-discovery-1.2.1-1.Final_redhat_00001.1.el6eap.src.rpm eap7-wildfly-elytron-1.10.10-1.Final_redhat_00001.1.el6eap.src.rpm eap7-wildfly-http-client-1.0.24-1.Final_redhat_00001.1.el6eap.src.rpm noarch: eap7-activemq-artemis-2.9.0-7.redhat_00017.1.el6eap.noarch.rpm eap7-activemq-artemis-cli-2.9.0-7.redhat_00017.1.el6eap.noarch.rpm eap7-activemq-artemis-commons-2.9.0-7.redhat_00017.1.el6eap.noarch.rpm eap7-activemq-artemis-core-client-2.9.0-7.redhat_00017.1.el6eap.noarch.rpm eap7-activemq-artemis-dto-2.9.0-7.redhat_00017.1.el6eap.noarch.rpm eap7-activemq-artemis-hornetq-protocol-2.9.0-7.redhat_00017.1.el6eap.noarch.rpm eap7-activemq-artemis-hqclient-protocol-2.9.0-7.redhat_00017.1.el6eap.noarch.rpm eap7-activemq-artemis-jdbc-store-2.9.0-7.redhat_00017.1.el6eap.noarch.rpm eap7-activemq-artemis-jms-client-2.9.0-7.redhat_00017.1.el6eap.noarch.rpm eap7-activemq-artemis-jms-server-2.9.0-7.redhat_00017.1.el6eap.noarch.rpm eap7-activemq-artemis-journal-2.9.0-7.redhat_00017.1.el6eap.noarch.rpm eap7-activemq-artemis-ra-2.9.0-7.redhat_00017.1.el6eap.noarch.rpm eap7-activemq-artemis-selector-2.9.0-7.redhat_00017.1.el6eap.noarch.rpm eap7-activemq-artemis-server-2.9.0-7.redhat_00017.1.el6eap.noarch.rpm eap7-activemq-artemis-service-extensions-2.9.0-7.redhat_00017.1.el6eap.noarch.rpm eap7-activemq-artemis-tools-2.9.0-7.redhat_00017.1.el6eap.noarch.rpm eap7-glassfish-jsf-2.3.9-12.SP13_redhat_00001.1.el6eap.noarch.rpm eap7-hal-console-3.2.12-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-5.3.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-core-5.3.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-entitymanager-5.3.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-envers-5.3.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-java8-5.3.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-httpcomponents-client-4.5.13-1.redhat_00001.1.el6eap.noarch.rpm eap7-jboss-ejb-client-4.0.37-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-genericjms-2.0.8-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-modules-1.11.0-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-remoting-5.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-server-migration-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-cli-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-core-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.3-server-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly15.0-server-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly16.0-server-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly17.0-server-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly18.0-server-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-xnio-base-3.7.12-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-5.9.10-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-compensations-5.9.10-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-jbosstxbridge-5.9.10-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-jbossxts-5.9.10-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-jts-idlj-5.9.10-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-jts-integration-5.9.10-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-restat-api-5.9.10-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-restat-bridge-5.9.10-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-restat-integration-5.9.10-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-restat-util-5.9.10-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-txframework-5.9.10-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-opentracing-interceptors-0.0.4.1-2.redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-atom-provider-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-cdi-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-client-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-client-microprofile-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-crypto-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-jackson-provider-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-jackson2-provider-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-jaxb-provider-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-jaxrs-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-jettison-provider-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-jose-jwt-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-jsapi-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-json-binding-provider-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-json-p-provider-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-multipart-provider-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-rxjava2-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-spring-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-validator-provider-11-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-yaml-provider-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-undertow-2.0.33-1.SP2_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-7.3.5-2.GA_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-discovery-client-1.2.1-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-elytron-1.10.10-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-elytron-tool-1.10.10-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-client-common-1.0.24-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-ejb-client-1.0.24-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-naming-client-1.0.24-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-transaction-client-1.0.24-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-javadocs-7.3.5-2.GA_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-modules-7.3.5-2.GA_redhat_00001.1.el6eap.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2020-13956 https://access.redhat.com/security/cve/CVE-2020-25633 https://access.redhat.com/security/cve/CVE-2020-25640 https://access.redhat.com/security/cve/CVE-2020-25689 https://access.redhat.com/security/cve/CVE-2020-27782 https://access.redhat.com/security/cve/CVE-2020-27822 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/ 9. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYA71QdzjgjWX9erEAQj0ow//Vo2rA/MX6px74GHR/1CIGqnz5jjf1Twu 6YOGIejWEPU/igNs9O7Wpm8n9u4hPUlNTz2/lRq8Vifh9ZG6vZm76zS9kXGi25w1 LWpehWvmc1uzpqERP7q67keN2kQhTZoEAJdOC4Qm67aIDUb0btpzLUUK0LhtShtX SgFwSB+9Ai6G7YiEzrEbWMGdHxqBW2Oy0Es9ypzT3o7ftJ2OGlrn6s6r0h+FAVxW 22gMQ8S2t3Q/rsvOs8y0D+5yF5K1rIcCUmTwpdED6H0PC4AlUfz6m7709FZf8Svn Vv/Y7yuNLf881e+gxg/tSwpWfQLN8P/x99GqKE4jOBMZO7m4QolYSr7sPpmZGOug ueO1frP2Rh96iKkpKcXTbjftNCOZkAyI00RDmd64AP+NPRjPn25J9f3nQ1wrg3y5 iWnltR0P0pj2JZMWtHTus8FtL4LPP5wodswHFcp94I5ITx3GVmRhKwwTIyfQthZL hSw614eKelQB6WqEKyblmyv+StIRl9JaOEoU/p3+k9q41Lui/cq3rpPQ/He5TrPR kEQde0xuo3KrTngtjrgCwRfXYme+nnh0ZD5dJtIEN6MaBf6G8e32TB9W4o1bEw6l rrGInWZ93pqJVy17QC7FaXHnuIjljdX97V6k6WkrGA8Q0Wv4Coexo47MawZyXrRd E8zC1WAJlLk=Zzv9 -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Important security enhancement for RedHat JBoss Enterprise Application Platform tackling multiple critical vulnerabilities.. Red Hat JBoss, Enterprise Application, Security Advisory, JBoss Update, Java Application. . Severity: Important. LinuxSecurity.com Team

Jan 25, 2021 •Important Red Hat

security advisoryupdatesecurity impact

RedHat: RHSA-2020-4402-01 Important: JBoss App XML Issue With Score

An update is now available for Red Hat JBoss Enterprise Application Platform 7.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3 security update Advisory ID: RHSA-2020:4402-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:4402 Issue date: 2020-10-28 CVE Names: CVE-2020-25649 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Enterprise Application Platform 7.3 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3. Security Fix(es): * jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (CVE-2020-25649) For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section. 3. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. The References section of this erratum contains a download link (you must log in to download the update). You must restart the JBoss server process for the update to takeeffect. 4. Bugs fixed (https://bugzilla.redhat.com/): 1887664 - CVE-2020-25649 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) 5. References: https://access.redhat.com/security/cve/CVE-2020-25649 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=7.3 https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/ 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX5ndwtzjgjWX9erEAQgz7A/9Hw+5aHyk/aTUOSFWRpcciEElbi5gYPPp GHZulnix0sYM5kCoPe31D99IJWzwHUUejDCiPg1NsFO8lZeGHMO9wKjQico/ZAOe T40+F/jIuYVMvzy6gHYN6h7FkazSuYwdUo7j1rpPnq0HmxmNa1iSiz1XGykGtI3G wXOHtJsWG7OihWOhOxCGERP0VqhSBO3Bp2RJHp1heHiAdO1FDp8BHMIhuiM/7TlO tXtKpBNOilTo+aCIldGclwEfdQjQtCc8O8Kqj5VhAoNrNMpJf6AW7CBmaRaTX/PO XVnaIFwn5AaxP5RhhlM/E/ED1fIbPuGzMhNgOq3aQGQS4x/i9JUxGI4MZNXVEqE4 /XGIy7pOBWKJBNZ4q7TQ5t2yObUPWMG44BRL1mKH7m6+Bgm17dX6AsgTHmSgXwVg 7nR4JAJlXWmoNVg9UlF+Uid0BIDaT7SwPgmKrziy4xW6hIkVjc8/9+pzqgc+SC10 ri+FapZh7UIIveJqcpqrascsBpvLHfO5GRAcJfX6fk2KhrBX5LannK5qhXlaIUl6 y5TzbNQ8dwNvM5VcnG7CH9OemcwFmUiENdPVsY5jzZ6ZO89dITL8gANOurVnOMOU njRR6sOVY0FltUS0FvnaNIwXF4vz1SNlqxEwmwHaek8feiPiBCXTsH3DbtiOaF1P /FvjqMUvZQ8=8kdW -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Red Hat has issued an important alert concerning security vulnerabilities in JBoss Enterprise Application Platform 7.3, particularly focusing on a significant XML external entity (XXE) risk.. Red Hat JBoss, XML entity expansion, security update, application platform, Red Hat advisory. . Severity: Important. LinuxSecurity.com Team

Oct 28, 2020 •Important Red Hat

security advisoryRed HatDenial of Service

Red Hat: RHSA-2020-3142-01 Important: JBoss EAP 7.2 Denial of Service

An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6, 7, and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.2 security update Advisory ID: RHSA-2020:3142-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:3142 Issue date: 2020-07-23 CVE Names: CVE-2020-10740 CVE-2020-14297 CVE-2020-14307 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6, 7, and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.2 for RHEL 6 Server - noarch Red Hat JBoss EAP 7.2 for RHEL 7 Server - noarch Red Hat JBoss EAP 7.2 for RHEL 8 - noarch 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for the Infinispan package in Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6, 7, and 8. Security Fix(es): * wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740) * jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307) * jboss-ejb-client:wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297) For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section. 4. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. You must restart the JBoss server process for the update to take effect. For details about how to apply this update, see: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans 1851327 - CVE-2020-14307 wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service 1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service 6. Package List: Red Hat JBoss EAP 7.2 for RHEL 6 Server: Source: eap7-jboss-ejb-client-4.0.33-2.SP1_redhat_00001.1.el6eap.src.rpm eap7-wildfly-7.2.8-6.GA_redhat_00003.1.el6eap.src.rpm eap7-wildfly-http-client-1.0.21-1.Final_redhat_00001.1.el6eap.src.rpm eap7-wildfly-naming-client-1.0.13-1.Final_redhat_00001.1.el6eap.src.rpm noarch: eap7-jboss-ejb-client-4.0.33-2.SP1_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-7.2.8-6.GA_redhat_00003.1.el6eap.noarch.rpm eap7-wildfly-http-client-common-1.0.21-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-ejb-client-1.0.21-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-naming-client-1.0.21-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-transaction-client-1.0.21-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-javadocs-7.2.8-6.GA_redhat_00003.1.el6eap.noarch.rpm eap7-wildfly-modules-7.2.8-6.GA_redhat_00003.1.el6eap.noarch.rpm eap7-wildfly-naming-client-1.0.13-1.Final_redhat_00001.1.el6eap.noarch.rpm Red Hat JBoss EAP 7.2 for RHEL 7Server: Source: eap7-jboss-ejb-client-4.0.33-2.SP1_redhat_00001.1.el7eap.src.rpm eap7-wildfly-7.2.8-6.GA_redhat_00003.1.el7eap.src.rpm eap7-wildfly-http-client-1.0.21-1.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-naming-client-1.0.13-1.Final_redhat_00001.1.el7eap.src.rpm noarch: eap7-jboss-ejb-client-4.0.33-2.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-7.2.8-6.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wildfly-http-client-common-1.0.21-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-ejb-client-1.0.21-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-naming-client-1.0.21-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-transaction-client-1.0.21-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-java-jdk11-7.2.8-6.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wildfly-java-jdk8-7.2.8-6.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wildfly-javadocs-7.2.8-6.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wildfly-modules-7.2.8-6.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wildfly-naming-client-1.0.13-1.Final_redhat_00001.1.el7eap.noarch.rpm Red Hat JBoss EAP 7.2 for RHEL8: Source: eap7-jboss-ejb-client-4.0.33-2.SP1_redhat_00001.1.el8eap.src.rpm eap7-wildfly-7.2.8-6.GA_redhat_00003.1.el8eap.src.rpm eap7-wildfly-http-client-1.0.21-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-naming-client-1.0.13-1.Final_redhat_00001.1.el8eap.src.rpm noarch: eap7-jboss-ejb-client-4.0.33-2.SP1_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-7.2.8-6.GA_redhat_00003.1.el8eap.noarch.rpm eap7-wildfly-http-client-common-1.0.21-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-ejb-client-1.0.21-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-naming-client-1.0.21-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-transaction-client-1.0.21-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-javadocs-7.2.8-6.GA_redhat_00003.1.el8eap.noarch.rpm eap7-wildfly-modules-7.2.8-6.GA_redhat_00003.1.el8eap.noarch.rpm eap7-wildfly-naming-client-1.0.13-1.Final_redhat_00001.1.el8eap.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-10740 https://access.redhat.com/security/cve/CVE-2020-14297 https://access.redhat.com/security/cve/CVE-2020-14307 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXxn1OtzjgjWX9erEAQiuiQ//SzDWtCxVqoQVUg+hYh5JoR5oQeV7H4c4 MmrkkU5H9jRvRKLeXFwVYVKQrhSNkL3rQA6IS8nBqAGmFBuQWDPTxK6306KYyPvM G//BNIVsuLpxFZ4XPwZpHh4n+WSTZMgVAc1TZnAkLIYzpSc1YOPvWTfLb2r4Z/mU KiBUUpfGH1PqU2WfJ+78k1RHioNfseUjWKGfdBtXJjvf3tVl3/BRpgMfKVEPYDCd 7GXM7kCGbXdHHZXlYIcMd/48xCsIy0O7wOuG4MFrcH7tHLt82Du0joPGODzZ5jt1 CauozIeZ3V/wbdza9pLrHPZ1RxjXs/pQSNhPoRRFtnHLwSNEPWHRwYLOcnyLNrFU +I306ZV6pIzDvWalGxd3aJjl13mOEa8FvhhAxpbwmosTbmPq9tLeeNOYgjYyTtDs KLAHtxEweTXjxSzN5CJYTgEcfa1uu2Z2mSM2EvfI5/g0z8Xjegn6lyBCVGq5Mxgg IeyVlO5+foNFUNcPPpMMi+7YqarLikDPOrXME+y7zPpCDP8ka1mFU5d8zjDbzpum ougQIARymDoc/LXl1VKq4EbuABd3Sgz3gH+NIyiLqar5DfXOOIZoBcq+kfWS592M gPFbqWw5VfDjkwAuUaUSEqa9DNbdulFDvpCnD69esWikRGvsaaZMSVAKpUlr6F7X vAqkHmrfU84=6gE+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Crucial patch released for Red Hat JBoss Enterprise Application Platform 7.2 targeting severe vulnerabilities.. Red Hat JBoss, security update, Denial of Service, enterprise application. . Severity: Important. LinuxSecurity.com Team

Jul 23, 2020 •Important Red Hat

security advisorysecurity issueRed Hat

Red Hat: RHSA-2020-2783-01 Important: JBoss Platform Security Update

An update is now available for Red Hat JBoss Enterprise Application Platform 6.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 6.4.23 security update Advisory ID: RHSA-2020:2783-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:2783 Issue date: 2020-07-01 CVE Names: CVE-2019-14885 CVE-2020-1938 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 6.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.22, and includes bug fixes and enhancements, which are documented in the Release Notes document listed in the References section. Security Fix(es): * jbossweb: tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938) * JBoss EAP: Vault system property security attribute value is revealed on CLI 'reload' command (CVE-2019-14885) For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4on Red Hat Enterprise Linux 5 are advised to upgrade to these updated packages. 3. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. The References section of this erratum contains a download link (you must log in to download the update). You must restart the JBoss server process for the update to take effect. 4. Bugs fixed (https://bugzilla.redhat.com/): 1700855 - [GSS](6.4.z) Upgrade HornetQ from 2.3.25.SP29 to 2.3.25.SP31 1708467 - [GSS](6.4.z) Upgrade Remoting JMX from 1.1.3 to 1.1.4 1770615 - CVE-2019-14885 JBoss EAP: Vault system property security attribute value is revealed on CLI 'reload' command 1772542 - [GSS](6.4.z) Upgrade Mojarra from 1.2.15.b01-SP2 to 1.2.15.b01-SP2-redhat-2 1806398 - CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability 1816579 - [GSS](6.4.z) Upgrade IronJacamar from 1.0.43.Final-redhat-1 to 1.0.44.Final-redhat-1 1816629 - [GSS](6.4.z) Upgrade Weld from 1.1.34 to 1.1.34.Final-redhat-2 1819214 - (6.4.z) Update JBOSGI Core Repository from 2.1.0.Final-redhat-2 to 2.1.0.Final-redhat-3 5. References: https://access.redhat.com/security/cve/CVE-2019-14885 https://access.redhat.com/security/cve/CVE-2020-1938 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=6.4 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXvxx6tzjgjWX9erEAQg+NQ//R+MGHYyRkntygY828Y3DNnGzlbOaEqE1 6gr28SqVC/keWLq/xZfxuwwIjBaUBO25d5d0ToAmCymbqfRGMeU09MGFdUM7HCY8 jyry3oTVAN/ANyCldSrY/cepOnit1fok8o551OO8Q2cVYpGQzCSpgvJXXQJN+7pe jT09OoIDRbfKPHWUDJ/Lk0Hb908UpStO0+W+ZanZQf2ZfXNco/+qNREfCNH/Aiid J2JcLGfGpdH6/8s2iNyPSCVvwgT/bDPGRNMIMqTi6tQkPdQxTL/Tr7NTAcYIixan kVM55P4uSx8MuNkRlBhAiK2w7xSfAyUraHhElk0JrQJZtgTSJBcf7FqIaEghlxRo N6n6fs2uZ/w+ObYKaIwCQZwkfEyZxLQjOFYanJUrfDCl8nzMsqT0qBJobqdsMBgL kNYykjV/i5vDhEYSVmlI8JzHZs+5yGgU8GO9Fb9K4yFstBSJJYrrDW4U8+Erug4k HAwH6JS9gzHb+EqIDRCox3cDdzJLE2m/ZxknUKwMJ8K6s+Y+brQvaaODnrlzBaiO pJ32vNpVf7AE6d2wrC1Kdxe/unwjvWd1cnZMzgOdbvTDqbmgQF6r5pMnBJgQHOEx 5dSA+JA5bu6LaErlyIYL2I7BKyw1hU6W7PNnoMqvhnNdGF89obOIX4ZE3Z6a8D2P xnOGl/2Frt0=P37D -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A critical security patch has been released for Red Hat JBoss EAP 6.4. Update immediately!. Red Hat JBoss, application security, enterprise application, security updates. . Severity: Important. LinuxSecurity.com Team

Jul 01, 2020 •Important Red Hat

Community Poll

More Polls

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

Red Hat JBoss EAP 7.4.9 Important Security Update: Multiple Threats

Red Hat JBoss 7.4 Important Advisory: RHSA-2022-0400 Security Update

Red Hat JBoss EAP 7.3.10 Moderate Advisory: DoS and Timing Attacks

Red Hat JBoss EAP 7.3 Update: RHSA-2021-2046 Moderate Security Flaws

Red Hat JBoss 7.3: RHSA-2021:0246-01 Important: Security Update Details

RedHat: RHSA-2020-4402-01 Important: JBoss App XML Issue With Score

Red Hat: RHSA-2020-3142-01 Important: JBoss EAP 7.2 Denial of Service

Red Hat: RHSA-2020-2783-01 Important: JBoss Platform Security Update

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

severity

Topics

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!