Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Can sandbox isolation stop malware?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/154-can-sandbox-isolation-stop-malware?task=poll.vote&format=json
154
radio
0
[{"id":497,"title":"Breaches happen despite container barriers.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":498,"title":"Supply chain flaws exploit trust.","votes":2,"type":"x","order":2,"pct":100,"resources":[]},{"id":499,"title":"Flawed configurations expose vital files.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 36 articles for you...
98

RedHat: RHSA-2022-8841-01 Important: JBoss HTTP Server Security Fixes

An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update Advisory ID: RHSA-2022:8841-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2022:8841 Issue date: 2022-12-08 CVE Names: CVE-2022-1292 CVE-2022-2068 CVE-2022-22721 CVE-2022-23943 CVE-2022-26377 CVE-2022-28330 CVE-2022-28614 CVE-2022-28615 CVE-2022-30522 CVE-2022-31813 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 CVE-2022-32221 CVE-2022-35252 CVE-2022-37434 CVE-2022-40303 CVE-2022-40304 CVE-2022-40674 CVE-2022-42915 CVE-2022-42916 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves asa replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * libxml2: integer overflows with XML_PARSE_HUGE (CVE-2022-40303) * libxml2: dict corruption caused by entity reference cycles (CVE-2022-40304) * expat: a use-after-free in the doContent function in xmlparse.c (CVE-2022-40674) * zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field (CVE-2022-37434) * curl: HSTS bypass via IDN (CVE-2022-42916) * curl: HTTP proxy double-free (CVE-2022-42915) * curl: POST following PUT confusion (CVE-2022-32221) * httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813) * httpd: mod_sed: DoS vulnerability (CVE-2022-30522) * httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615) * httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614) * httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377) * curl: control code in cookie denial of service (CVE-2022-35252) * zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field (CVE-2022-37434) * jbcs-httpd24-httpd: httpd: mod_isapi: out-of-bounds read (CVE-2022-28330) * curl: Unpreserved file permissions (CVE-2022-32207) * curl: various flaws (CVE-2022-32206 CVE-2022-32208) * openssl: the c_rehash script allows command injection (CVE-2022-2068) * openssl: c_rehash script allows command injection (CVE-2022-1292) * jbcs-httpd24-httpd: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721) * jbcs-httpd24-httpd: httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to apply this update, which includesthe changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds 2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody 2081494 - CVE-2022-1292 openssl: c_rehash script allows command injection 2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling 2095000 - CVE-2022-28330 httpd: mod_isapi: out-of-bounds read 2095002 - CVE-2022-28614 httpd: Out-of-bounds read via ap_rwrite() 2095006 - CVE-2022-28615 httpd: Out-of-bounds read in ap_strcmp_match() 2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability 2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism 2097310 - CVE-2022-2068 openssl: the c_rehash script allows command injection 2099300 - CVE-2022-32206 curl: HTTP compression denial of service 2099305 - CVE-2022-32207 curl: Unpreserved file permissions 2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification 2116639 - CVE-2022-37434 zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field 2120718 - CVE-2022-35252 curl: control code in cookie denial of service 2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c 2135411 - CVE-2022-32221 curl: POST following PUT confusion 2135413 - CVE-2022-42915 curl: HTTP proxy double-free 2135416 - CVE-2022-42916 curl: HSTS bypass via IDN 2136266 - CVE-2022-40303 libxml2: integer overflows with XML_PARSE_HUGE 2136288 - CVE-2022-40304 libxml2: dict corruption caused by entity reference cycles 5.References: https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-22721 https://access.redhat.com/security/cve/CVE-2022-23943 https://access.redhat.com/security/cve/CVE-2022-26377 https://access.redhat.com/security/cve/CVE-2022-28330 https://access.redhat.com/security/cve/CVE-2022-28614 https://access.redhat.com/security/cve/CVE-2022-28615 https://access.redhat.com/security/cve/CVE-2022-30522 https://access.redhat.com/security/cve/CVE-2022-31813 https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32207 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/cve/CVE-2022-32221 https://access.redhat.com/security/cve/CVE-2022-35252 https://access.redhat.com/security/cve/CVE-2022-37434 https://access.redhat.com/security/cve/CVE-2022-40303 https://access.redhat.com/security/cve/CVE-2022-40304 https://access.redhat.com/security/cve/CVE-2022-40674 https://access.redhat.com/security/cve/CVE-2022-42915 https://access.redhat.com/security/cve/CVE-2022-42916 https://access.redhat.com/security/updates/classification/#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBY5ISDNzjgjWX9erEAQgEARAAk3AoWC6HmNSunF0rR5yoCDY15obEy2RP yXhkBs62D3xZC8r1ZrA8cVUBQZy0NMmSJx6bQzWNA5gxli8rTvgoppeovTNSCLdu 5wAIhzmWFn8BSZeGH7Rmn/NIQ7aKgO2y461cCg1Nm7/Kl+JYeqUoWyx3tcTw5yPD edmdSxIW9EDKdOWlXd5dx8/zXeT6LeP5x/PTepI8dXQgSDm0fYnMPIrT8Ke+BNQ+ lgl7g7KH9HE8MbCmMROTTOMTpaZxE7B8ISlXcxmjhOiSmZ1uhp6AnDg/flccrI4J l5XF0YXej35npDxLPfFd7uGDGREB9vL2itlkwa4mtqVH6GlYbvPttF5AaiVTHJ5m IE3fJ6B6+HFRntBbrnydTohAxPDM+ne8lGLzqDEiOpZa3DW7+JT4g02uOuKoI+VX dz/498ASzNF1pfAKgUhl+E2I1odTM1zP+rdV+kbZ9EVJ+LgszdPFq9bWWuIpg7hY b0ZD8Wm3nUFMQwSv5DlwdSqcfrK6+08wO9yAAbzZGKVVtRKgAJUQFdjtvuP77+Wr vPOr3tOT0O5NCo7alVOhucn7KOKmPSQkMZ3rtJjdoCs/WLKJAY3jz5/HZEc59o2e 4uhDqFmRdfeXcS3b2MMliv6GYIjAOzfDmRKL9H01wGClNbguHYyFlEiozOKMfz4F RE3AhHs6QXA=9z8i -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Crucial patch release for Red Hat JBoss Core Services addresses multiple security flaws. Maintain your security posture!. Red Hat JBoss Core Services, HTTP Server Security, Important Update, Security Impact, JBoss Security Fixes. . LinuxSecurity.com Team

Calendar%202 Dec 08, 2022 Red Hat
98

Red Hat JBoss EAP 7.3.10 Moderate Advisory: DoS and Timing Attacks

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Enterprise Application Platform 7.3.10 security update on RHEL 7 Advisory ID: RHSA-2021:5150-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2021:5150 Issue date: 2021-12-15 CVE Names: CVE-2021-3629 CVE-2021-3642 CVE-2021-3717 CVE-2021-20289 CVE-2021-37714 CVE-2021-40690 ==================================================================== 1. Summary: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.3 for RHEL 7 Server - noarch 3. Description: This release of Red Hat JBoss Enterprise Application Platform 7.3.10 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.9, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.10 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * undertow: potential security issue in flow control over HTTP/2 may lead to DOS (CVE-2021-3629) * wildfly-elytron: possible timing attack in ScramServer (CVE-2021-3642) * wildfly: incorrect JBOSS_LOCAL_USERchallenge location may lead to giving access to all the local users (CVE-2021-3717) * jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck (CVE-2021-37714) * xml-security: XPath Transform abuse allows for information disclosure (CVE-2021-40690) * resteasy: Error message exposes endpoint class information (CVE-2021-20289) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1935927 - CVE-2021-20289 resteasy: Error message exposes endpoint class information 1977362 - CVE-2021-3629 undertow: potential security issue in flow control over HTTP/2 may lead to DOS 1981407 - CVE-2021-3642 wildfly-elytron: possible timing attack in ScramServer 1991305 - CVE-2021-3717 wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users1995259 - CVE-2021-37714 jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck 2011190 - CVE-2021-40690 xml-security: XPath Transform abuse allows for information disclosure 6. JIRA issues fixed (https://issues.redhat.com/): JBEAP-22144 - Tracker bug for the EAP 7.3.10 release for RHEL-7 JBEAP-22314 - [GSS](7.3.z) Upgrade ironjacamar from 1.4.35.Final-redhat-00001 to 1.5.2.Final-redhat-00001 JBEAP-22332 - (7.3.z) Upgrade Elytron from 1.10.13.Final-redhat-00001 to 1.10.15.Final-redhat-00001 JBEAP-22343 - [GSS](7.3.z) Upgrade jboss-ejb-client from 4.0.39.SP1-redhat-00001 to 4.0.43.Final-redhat-00001 JBEAP-22363 - (7.3.z) Upgrade RESTEasy from 3.11.4.Final-redhat-00001 to 3.11.5.Final-redhat-00001 JBEAP-22490 - (7.3.z) Upgrade jakarta.elfrom 3.0.3.redhat-00006 to 3.0.3.redhat-00007 JBEAP-22501 - (7.3.z) Upgrade Apache CXF from 3.3.7 to 3.3.12 JBEAP-22523 - (7.3.z) Upgrade wss4j from 2.2.5.redhat-00001 to 2.2.7.redhat-00001 JBEAP-22734 - (7.3.z) Upgrade Ironjacamar from 1.5.2.Final-redhat-00001 to 1.5.3.Final-redhat-00001 7. Package List: Red Hat JBoss EAP 7.3 for RHEL 7Server: Source: eap7-apache-cxf-3.3.12-1.redhat_00001.1.el7eap.src.rpm eap7-ironjacamar-1.5.3-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jakarta-el-3.0.3-3.redhat_00007.1.el7eap.src.rpm eap7-jboss-ejb-client-4.0.43-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-server-migration-1.7.2-10.Final_redhat_00011.1.el7eap.src.rpm eap7-jsoup-1.14.2-1.redhat_00002.1.el7eap.src.rpm eap7-resteasy-3.11.5-1.Final_redhat_00001.1.el7eap.src.rpm eap7-undertow-2.0.41-1.SP1_redhat_00001.1.el7eap.src.rpm eap7-wildfly-7.3.10-2.GA_redhat_00003.1.el7eap.src.rpm eap7-wildfly-elytron-1.10.15-1.Final_redhat_00001.1.el7eap.src.rpm eap7-wss4j-2.2.7-1.redhat_00001.1.el7eap.src.rpm eap7-xml-security-2.1.7-1.redhat_00001.1.el7eap.src.rpm noarch: eap7-apache-cxf-3.3.12-1.redhat_00001.1.el7eap.noarch.rpm eap7-apache-cxf-rt-3.3.12-1.redhat_00001.1.el7eap.noarch.rpm eap7-apache-cxf-services-3.3.12-1.redhat_00001.1.el7eap.noarch.rpm eap7-apache-cxf-tools-3.3.12-1.redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-api-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-impl-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-spi-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-api-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-impl-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-deployers-common-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-jdbc-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-validator-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jakarta-el-3.0.3-3.redhat_00007.1.el7eap.noarch.rpm eap7-jboss-ejb-client-4.0.43-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-server-migration-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-cli-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-core-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.3-server-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly15.0-server-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly16.0-server-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly17.0-server-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly18.0-server-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.7.2-10.Final_redhat_00011.1.el7eap.noarch.rpm eap7-jsoup-1.14.2-1.redhat_00002.1.el7eap.noarch.rpm eap7-resteasy-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-atom-provider-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-cdi-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-client-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-client-microprofile-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-crypto-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jackson-provider-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jackson2-provider-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jaxb-provider-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jaxrs-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jettison-provider-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jose-jwt-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jsapi-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-json-binding-provider-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-json-p-provider-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-multipart-provider-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-rxjava2-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-spring-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-validator-provider-11-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-yaml-provider-3.11.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-undertow-2.0.41-1.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-7.3.10-2.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wildfly-elytron-1.10.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-elytron-tool-1.10.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-java-jdk11-7.3.10-2.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wildfly-java-jdk8-7.3.10-2.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wildfly-javadocs-7.3.10-2.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wildfly-modules-7.3.10-2.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wss4j-2.2.7-1.redhat_00001.1.el7eap.noarch.rpm eap7-wss4j-bindings-2.2.7-1.redhat_00001.1.el7eap.noarch.rpm eap7-wss4j-policy-2.2.7-1.redhat_00001.1.el7eap.noarch.rpm eap7-wss4j-ws-security-common-2.2.7-1.redhat_00001.1.el7eap.noarch.rpm eap7-wss4j-ws-security-dom-2.2.7-1.redhat_00001.1.el7eap.noarch.rpm eap7-wss4j-ws-security-policy-stax-2.2.7-1.redhat_00001.1.el7eap.noarch.rpm eap7-wss4j-ws-security-stax-2.2.7-1.redhat_00001.1.el7eap.noarch.rpm eap7-xml-security-2.1.7-1.redhat_00001.1.el7eap.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2021-3629 https://access.redhat.com/security/cve/CVE-2021-3642 https://access.redhat.com/security/cve/CVE-2021-3717 https://access.redhat.com/security/cve/CVE-2021-20289 https://access.redhat.com/security/cve/CVE-2021-37714 https://access.redhat.com/security/cve/CVE-2021-40690 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/ 9. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYbpUJtzjgjWX9erEAQjxsxAAgJgO7CZdB2qavrxrAKH3m1epiqo6nFIJ 4DyZdgloFX13/0lIRpItJ7QlPd7rd+xwpP++DywuDX7AQDcAv81VMZYFfQBzFttH HXCx/ZCYmNUtw4qu+dbzLxA5+T41mHwqKG0NmB0Q9+JHc5MtZKj/wgeMP4sWezda iDir6YtmYSgnUoap2uQumHoHw9DlvAqsgkIUrCVhvFoA77K0FkECLd2XFGQeUg03 0UXaPTHAIUv3jijYO04QYydXkWClWOtmugXOUO7jSDssPbMJpg7t4g+Z9g1pPcgb 25tX+4ivrhJFGMqvc2tt8tBCaDjGmi91TnI6zjvqKNSO4Nu3tmD4VdX3uTgqn9cG cw3q3JscoQjQe01oGogWXHt2Zb5wMoIIKFhhpUWWgjjCAu91JAFRiE2t3KYRvsRI hDQPD2ewBiYMUsvF7VmnyDW9XlLbLw40Zxr/nFxbINMFOxnUYyiFFb3joKr8CuIi hlBHjl7rXuyIG/dEjQsKys0V9IwTiidsNJwmIDcU3iJMY9ZFtlvP8VVaO1mKjW8l DKmvEMHgspWQvZyfSAV4t8Gqmf0emdjEf3mwdw0AcsA1iATh3wGosLAQrFikzTAT M75mcnFqpZuvQZ6OatM05XVIGyUp14P+STTPtL4PevFpRFfkznvWDCanbvTP7yaJ ipnFmBXjr94=LPYn -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Oracle WebLogic Server 12.2.1.4 patch release fixes severalvulnerabilities classified as having a moderate risk profile.. Red Hat JBoss EAP, Moderate Security Patch, Enterprise App Security, DoS Vulnerability. . LinuxSecurity.com Team

Calendar%202 Dec 15, 2021 Red Hat
98

Red Hat JBoss: RHSA-2021:3660-01 Important Security Fix for DoS Issues

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.4.1 security update Advisory ID: RHSA-2021:3660-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2021:3660 Issue date: 2021-09-23 CVE Names: CVE-2020-13936 CVE-2021-3536 CVE-2021-3597 CVE-2021-3642 CVE-2021-3644 CVE-2021-3690 CVE-2021-21295 CVE-2021-21409 CVE-2021-28170 CVE-2021-29425 ==================================================================== 1. Summary: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.0 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.1 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * velocity: arbitrary code execution when attacker is able to modify templates (CVE-2020-13936) * undertow: buffer leak on incoming websocket PONG messagemay lead to DoS (CVE-2021-3690) * undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS (CVE-2021-3597) * wildfly-elytron: possible timing attack in ScramServer (CVE-2021-3642) * netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295) * netty: Request smuggling via content-length header (CVE-2021-21409) * jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate (CVE-2021-28170) * apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 (CVE-2021-29425) * wildfly: XSS via admin console when creating roles in domain mode (CVE-2021-3536) * wildfly-core: Invalid Sensitivity Classification of Vault Expression (CVE-2021-3644) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation 1937440 - CVE-2020-13936 velocity: arbitrary code execution when attacker is able to modify templates 1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 1948001 - CVE-2021-3536 wildfly: XSS via admin console when creating roles in domain mode 1948752 - CVE-2021-29425 apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 1965497 - CVE-2021-28170 jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate 1970930 - CVE-2021-3597 undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS 1976052 - CVE-2021-3644 wildfly-core: Invalid Sensitivity Classification of Vault Expression 1981407 - CVE-2021-3642wildfly-elytron: possible timing attack in ScramServer 1991299 - CVE-2021-3690 undertow: buffer leak on incoming websocket PONG message may lead to DoS 5. JIRA issues fixed (https://issues.redhat.com/): JBEAP-21231 - (7.4.x) Upgrade jgroups-kubernetes to 1.0.16.Final JBEAP-21257 - (7.4.z) Upgrade Infinispan from 11.0.9.Final to 11.0.11.Final JBEAP-21258 - (7.4.z) ISPN-12807 - Simple cache does not update eviction statistics JBEAP-21261 - (7.4.z) Upgrade to wildfly-http-client to 1.1.7.Final JBEAP-21263 - [GSS](7.4.z) Upgrade yasson from 1.0.5 to 1.0.9 JBEAP-21270 - [GSS] (7.4.z) Upgrade undertow from 2.2.5.Final to 2.2.8.SP1 JBEAP-21276 - [GSS](7.4.z) Non Transactional Cache needs to be invalidated after commit on JPQL update/delete operation JBEAP-21277 - [GSS](7.4.z) Upgrade Hibernate ORM from 5.3.20.Final-redhat-00001 to 5.3.20.SP1-redhat-00001 JBEAP-21281 - (7.4.z) Upgrade xalan from 2.7.1.redhat-12 to 2.7.1.redhat-13 JBEAP-21300 - (7.4.x) Upgrade velocity from 2.2.0.redhat-00001 to 2.3.0.redhat-00001 JBEAP-21309 - (7.4.z) Upgrade artemis-wildfly-integration from 1.0.2 to 1.0.4 JBEAP-21313 - [GSS](7.4.z) Upgrade Ironjacamar from 1.4.27.Final to 1.4.33.Final JBEAP-21472 - (7.4.z) Upgrade Elytron from 1.15.3.Final-redhat-00001 to 1.15.5.Final-redhat-00001 JBEAP-21569 - [GSS](7.4.z) Upgrade HAL from 3.3.2.Final-redhat-00001 to 3.3.7.Final-redhat-00001 JBEAP-21777 - (7.4.z) Upgrade jberet from 1.3.7.Final-redhat-00001 to 1.3.8.Final-redhat-00001 JBEAP-21781 - [GSS](7.4.z) WFCORE-5185 - Update ProviderDefinition to use optimised service loading API JBEAP-21818 - (7.4.z) Upgrade elytron-web from 1.6.2.Final-redhat-00001 to 1.9.1.Final JBEAP-21961 - (7.4.z) Upgrade remoting from 5.0.20.SP1-redhat-00001 to 5.0.23.Final-redhat-00001 JBEAP-21978 - (7.4.z) Upgrade WildFly Core from 15.0.2.Final-redhat-00001 to 15.0.3.Final-redhat-00001 JBEAP-22009 - [GSS](7.4.z) HAL-1753 - The Locations table is not updated after changing the profile in breadcrumb navigation JBEAP-22084 - [GSS](7.4.z) Upgrade PicketBox from5.0.3.Final-redhat-00007 to 5.0.3.Final-redhat-00008 JBEAP-22088 - (7.4.z) Upgrade wildfly-transaction-client from 1.1.13.Final-redhat-00001 to 1.1.14.Final-redhat-00001 JBEAP-22160 - (7.4.z) Upgrade jakarta.el from 3.0.3.redhat-00002 to 3.0.3.redhat-00006 JBEAP-22209 - (7.4.z) Upgrade commons-io from 2.5 to 2.10.0 JBEAP-22318 - (7.4.z) Upgrade WildFly Core from 15.0.3.Final-redhat-00001 to 15.0.4.Final-redhat-00001 JBEAP-22319 - (7.4.z) Upgrade undertow from 2.2.9.Final-redhat-00001 to 2.2.9.SP1-redhat-00001 6. References: https://access.redhat.com/security/cve/CVE-2020-13936 https://access.redhat.com/security/cve/CVE-2021-3536 https://access.redhat.com/security/cve/CVE-2021-3597 https://access.redhat.com/security/cve/CVE-2021-3642 https://access.redhat.com/security/cve/CVE-2021-3644 https://access.redhat.com/security/cve/CVE-2021-3690 https://access.redhat.com/security/cve/CVE-2021-21295 https://access.redhat.com/security/cve/CVE-2021-21409 https://access.redhat.com/security/cve/CVE-2021-28170 https://access.redhat.com/security/cve/CVE-2021-29425 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=7.4 https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/ 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYUyritzjgjWX9erEAQiXIw/+IHD0Zkz7bJ4NQxmiKGT2+QucZsifqZed HFUuNRGD6tgxQO2o8/7lj8NCqiW7JlzzQA+qyGyrwpq/q/6eqiCzKthPjVK7Ab6z EMXYpM8jrVCWGMyRUah8SGJPxl8wk44qmrapRlNAbKmFu5s6lsewg3uSFhxcbRda YpMsjSqsjJE4NcmhzhK1Opo64fK0taHERU/riFf38mSRH1M0pOCPdoCPHmQad+BG GnQEGRlCOMBxuEeqj3dd+ts0tZTiiIpkZ6SJhHoDhpF4SSLnC4rroDwaV2vsPcpz hACqMfB7CuWhvXN6YhpKn98JczEqg3/gfjXbkGSENSP0tsoralAhDiXIM3Dcyd9/ DQ+riJUGuaxjhh9UqmDshbZjqW/dMiQFhOxFwicFu65Y3Piky7BATJt+PnT9oas6 3Jy1oBOggHLON3bm47EeGRmSQIav6uqnyzf1RMe3vzhtrTIdh623g7tdTrJNsEMF k4brYmitPFsldaRPR1qx3ej6oOGukm5w9QxELVFa5eFTi9mN/ZWAZcaQpMjfNKzR xYaelpAn1P62rgyMXbhwoiupishFX94iBeyM6+cHRFRC79mJhsssWkk/TUAHgxyx EUDPWCwSl0Mf93m3BV63/WGUFqhatEFyczW6oleHiNFjMpibVTkOdo/gTzuV7/LK P0H5mVE/osw=AkOT -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Security update for Red Hat JBoss addresses multiple critical issues including DoS and other vulnerabilities.. Red Hat JBoss Update, Security Advisory, Application Platform, DoS Security Fix. . LinuxSecurity.com Team

Calendar%202 Sep 23, 2021 Red Hat
98

Red Hat JBoss EAP 7.4 Important: RHSA-2021-3219 DoS Buffer Leak

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7 and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.4 security update Advisory ID: RHSA-2021:3219-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2021:3219 Issue date: 2021-08-18 CVE Names: CVE-2021-3690 ==================================================================== 1. Summary: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7 and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.4 for BaseOS-8 - noarch Red Hat JBoss EAP 7.4 for RHEL 7 Server - noarch 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7 and 8. Security Fix(es): * undertow: buffer leak on incoming websocket PONG message may lead to DoS (CVE-2021-3690) For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously-released errata relevant to yoursystem have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1991299 - CVE-2021-3690 undertow: buffer leak on incoming websocket PONG message may lead to DoS 6. Package List: Red Hat JBoss EAP 7.4 for RHEL 7 Server: Source: eap7-undertow-2.2.5-2.SP1_redhat_00001.1.el7eap.src.rpm noarch: eap7-undertow-2.2.5-2.SP1_redhat_00001.1.el7eap.noarch.rpm Red Hat JBoss EAP 7.4 for BaseOS-8: Source: eap7-undertow-2.2.5-2.SP1_redhat_00001.1.el8eap.src.rpm noarch: eap7-undertow-2.2.5-2.SP1_redhat_00001.1.el8eap.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3690 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYR1PVNzjgjWX9erEAQgAlg//SFXS/ArPRR9alho9lROC2luN+1O026UL Xh3uBxiRXt4j9g1D2LgoiCaByAwLqugnXzTqBKxXQo0YfqKdKC8MjrYnZ3Wv8vyM FahaLb33lYueoSyVZjVs1rSdW3nSb7IbaRn/IgH50GEd7XIl/ZJk4+zB0mCT9abg X3wMVR+h4VcV6yA/RQ2yVdWhlL321E+OzFc0a2j64dcHRdb0JqG3VjDs+6E043oF mwOMeAjphzQ6ZFXZq+eR6SWze6W/nbhD+pRHqko/ynMAlSeTKryvLCgtDPkcCX7t IOivOf3JOAhM/PcVM2XA+RQ/vc6PqlyixVyG+ao8I26dKG98ba7jENfs+vhc3jMq TEWdjPJpk+dieORnfOcGP/xYtaFMLyiru63b+QctUydxJmEmzMa3OD9gkgW3G+Z4 wqkHy4I60pAuebb8SA4HRcxetYBzU9fpA1DQAi6IvuyldMZlPEiYXPv41SmwGbvJ Dd++HqKmKHRJyqsaPXhVY2mPqfQ+Fm0B2ECid9eeVy1J08XLjlvOCjClsLN16NPO V5DVGutsDBydZI6wawvbJs0eVu3ppCF+u0cqGArcz21ZZd0XxX0Y2ZMjolP0/cgb J+2u9XdVlu9edboGfSl04BkfsE9xXG6YsOIAHVamhWcMR658aBYfgGFvJM/MYUPs nDY/plKchN0=I0Nl -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Critical security patch released for Red Hat JBoss EAP 7.4 addressing severe buffer overflow vulnerability affecting vital functionalities.. Red Hat JBoss, security update, application platform. . LinuxSecurity.com Team

Calendar%202 Aug 18, 2021 Red Hat
98

Red Hat JBoss Web Server 5.5.0 RHSA-2021:2562-01 Moderate SQL Injection

Red Hat JBoss Web Server 5.5.0 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8 and Windows. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Web Server 5.5.0 security release Advisory ID: RHSA-2021:2562-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2021:2562 Issue date: 2021-06-29 CVE Names: CVE-2020-25638 CVE-2021-25122 CVE-2021-25329 ==================================================================== 1. Summary: Red Hat JBoss Web Server 5.5.0 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8 and Windows. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.5.0 serves as a replacement for Red Hat JBoss Web Server 5.4.2, and includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Security Fix(es): * hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used (CVE-2020-25638) * tomcat: Request mix-up with h2c (CVE-2021-25122) * tomcat: Incomplete fix forCVE-2020-9484 (RCE via session persistence) (CVE-2021-25329) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. 4. Bugs fixed (https://bugzilla.redhat.com/): 1881353 - CVE-2020-25638 hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used 1934032 - CVE-2021-25122 tomcat: Request mix-up with h2c 1934061 - CVE-2021-25329 tomcat: Incomplete fix for CVE-2020-9484 (RCE via session persistence) 5. References: https://access.redhat.com/security/cve/CVE-2020-25638 https://access.redhat.com/security/cve/CVE-2021-25122 https://access.redhat.com/security/cve/CVE-2021-25329 https://access.redhat.com/security/updates/classification#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYNrcrtzjgjWX9erEAQhXHg/+NLmULnl9nDpjvxDOAGcSERv7KfYUw4pX Qtkw0Z8zfyuR7woW7IYujqpPAgg9NEDQGnVbO3gsyJ6BO95yEyCrKCt54R4kJHGC tBOBXZafI6qpDtwWuXAlHr78gLryCYy86rI+9vegng6aGk5jm7/c7HjhU/+Fytvv JWsvhVqPW0Ft+mF8IVl4TppNRY8Yr0xHR3d+vanTB2icznrpF1vBtfZnjHztPt+E SnkHHkTfYvWAV++u4MXjN0yEHSH5CTST+jjcHgqLZFK2LjU//AGmMPDxJRdMK4Fa pAxaf73p9aPOigXh4FIK9WTgHHzjpBd8R45PIeBUHT+6L7MQ1SixbajMmjrLhSiV NHN+8MywcU0MMyQQ/T5eAKTkrKNkwQzbM+wJCHxhcRDRh+RO7hA5NqykI+Q8r5/F xeRLuhG92GXZhJarrAnqPbuCgi1yrBEJ/hF0H/8M6gHdqeNpf0jA3V8FlOOpj41w ycv2LWX4mMzHnADASOldwGZm6RorWXQYXrAoQmtojFhG4sSaPXrYlMQDV1w1yRyK cyjY2bbyEsfnJRvPz2E6D7B/fATt81c/YyTUkKAgKo9yRXfzRbSRyeG26RplOGrp ITjt1oeOwa1SNAKsdvGdAwymNKePTf2oVkg76FeiO8n7b2MpDNv1B5lft1sM8UYr 9GLDYE/OgWg=DwhA -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Cautionary note for users of Red Hat JBoss Web Server 5.5.0: Potential vulnerabilities identified, including risks of SQL injection and request ambiguity. Address these concerns promptly.. Red Hat JBoss, SQL Injection, Moderate Threat, Security Update, Web Server. . LinuxSecurity.com Team

Calendar%202 Jun 29, 2021 Red Hat
98

Red Hat JBoss EAP: RHSA-2021-2047-01 Moderate: Code Execution Risk

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Enterprise Application Platform 7.3.7 security update on RHEL 7 Advisory ID: RHSA-2021:2047-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2021:2047 Issue date: 2021-05-19 CVE Names: CVE-2020-13936 CVE-2021-21290 CVE-2021-21295 ==================================================================== 1. Summary: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.3 for RHEL 7 Server - noarch 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.6, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.7 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * velocity: arbitrary code execution when attacker is able to modify templates (CVE-2020-13936) * netty: Information disclosure via the local systemtemporary directory (CVE-2021-21290) * netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1927028 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory 1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation 1937440 - CVE-2020-13936 velocity: arbitrary code execution when attacker is able to modify templates 6. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): JBEAP-20478 - (7.3.z) Upgrade artemis-wildfly-integration from 1.0.2 to 1.0.4 JBEAP-20869 - Tracker bug for the EAP 7.3.7 release for RHEL-7 JBEAP-20927 - [GSS](7.3.z) Upgrade weld from 3.1.4.Final to 3.1.6.Final and weld-api to 3.1.0.SP3 JBEAP-20935 - [GSS](7.3.z) Upgrade generic jms from 2.0.8.Final-redhat-00001 to 2.0.9.Final-redhat-00001 JBEAP-20940 - (7.3.z) Upgrade WildFly Elytron from 1.10.11.Final-redhat-00001 to 1.10.12.Final-redhat-00001 JBEAP-21093 - [GSS] (7.3.z) Upgrade undertow from 2.0.34.SP1-redhat-00001 to 2.0.35.SP1-redhat-00001 JBEAP-21094 - (7.3.z) Upgrade WildFly Core from 10.1.18.Final-redhat-00001 to 10.1.19.Final-redhat-00001 JBEAP-21095 - [GSS](7.3.z) Upgrade HAL from 3.2.13.Final-redhat-00001 to 3.2.14.Final-redhat-00001 JBEAP-21096 - (7.3.z) (Core) Upgrade xalan from 2.7.1.jbossorg-2 to 2.7.1.jbossorg-5 JBEAP-21121 - (7.3.z) Upgrade wildfly-http-client from 1.0.25.Final-redhat-00001 to 1.0.26.Final-redhat-00001 JBEAP-21185 - [GSS](7.3.z) ISPN-12807 - Simple cache does not update eviction statistics JBEAP-21186 - [GSS](7.3.z) Upgrade Infinispan from9.4.19.Final-redhat-00001 to 9.4.22.Final-redhat-00001 JBEAP-21193 - (7.3.z) Upgrade RESTEasy from 3.11.3.Final-redhat-00001 to 3.11.4.Final-redhat-00001 JBEAP-21196 - [GSS](7.3.z) Upgrade JBoss Marshalling from 2.0.10.Final to 2.0.11.Final JBEAP-21203 - [GSS](7.3.z) Upgrade jgroups-kubernetes from 1.0.13.Final to 1.0.16.Final JBEAP-21262 - [GSS](7.3.z) Upgrade yasson from 1.0.5.redhat-00001 to 1.0.9.redhat-00001 JBEAP-21279 - (7.3.z) Upgrade xalan from 2.7.1.redhat-12 to 2.7.1.redhat-13 JBEAP-21312 - [GSS](7.3.z) Upgrade Ironjacamar from 1.4.27 to 1.4.30 JBEAP-21322 - [GSS](7.3.z) 7.3 Update 6 patch breaks samesite-cookie in Undertow JBEAP-21351 - (7.3.z) Upgrade WildFly Core from 10.1.19.Final-redhat-00001 to 10.1.20.Final-redhat-00001 JBEAP-21390 - (7.3.z) Upgrade Bouncy Castle from 1.68.0.redhat-00001 to 1.68.0.redhat-00005 JBEAP-21479 - (7.3.z) Upgrade mod_cluster from 1.4.3.Final-redhat-00001 to 1.4.3.Final-redhat-00002 7. Package List: Red Hat JBoss EAP 7.3 for RHEL 7Server: Source: eap7-artemis-wildfly-integration-1.0.4-1.redhat_00001.1.el7eap.src.rpm eap7-bouncycastle-1.68.0-2.redhat_00005.1.el7eap.src.rpm eap7-hal-console-3.2.14-1.Final_redhat_00001.1.el7eap.src.rpm eap7-infinispan-9.4.22-3.Final_redhat_00001.1.el7eap.src.rpm eap7-ironjacamar-1.4.30-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-genericjms-2.0.9-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-marshalling-2.0.11-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-server-migration-1.7.2-6.Final_redhat_00007.1.el7eap.src.rpm eap7-jboss-weld-3.1-api-3.1.0-6.SP3_redhat_00001.1.el7eap.src.rpm eap7-jgroups-kubernetes-1.0.16-1.Final_redhat_00001.1.el7eap.src.rpm eap7-mod_cluster-1.4.3-2.Final_redhat_00002.1.el7eap.src.rpm eap7-netty-4.1.60-1.Final_redhat_00001.1.el7eap.src.rpm eap7-resteasy-3.11.4-1.Final_redhat_00001.1.el7eap.src.rpm eap7-undertow-2.0.35-1.SP1_redhat_00001.1.el7eap.src.rpm eap7-velocity-2.3.0-1.redhat_00001.1.el7eap.src.rpm eap7-weld-core-3.1.6-1.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-7.3.7-1.GA_redhat_00002.1.el7eap.src.rpm eap7-wildfly-elytron-1.10.12-1.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-http-client-1.0.26-1.Final_redhat_00001.1.el7eap.src.rpm eap7-xalan-j2-2.7.1-36.redhat_00013.1.el7eap.src.rpm eap7-yasson-1.0.9-1.redhat_00001.1.el7eap.src.rpm noarch: eap7-artemis-wildfly-integration-1.0.4-1.redhat_00001.1.el7eap.noarch.rpm eap7-bouncycastle-1.68.0-2.redhat_00005.1.el7eap.noarch.rpm eap7-bouncycastle-mail-1.68.0-2.redhat_00005.1.el7eap.noarch.rpm eap7-bouncycastle-pkix-1.68.0-2.redhat_00005.1.el7eap.noarch.rpm eap7-bouncycastle-prov-1.68.0-2.redhat_00005.1.el7eap.noarch.rpm eap7-hal-console-3.2.14-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-9.4.22-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-cachestore-jdbc-9.4.22-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-cachestore-remote-9.4.22-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-client-hotrod-9.4.22-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-commons-9.4.22-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-core-9.4.22-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-hibernate-cache-commons-9.4.22-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-hibernate-cache-spi-9.4.22-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-hibernate-cache-v53-9.4.22-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-1.4.30-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-api-1.4.30-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-impl-1.4.30-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-spi-1.4.30-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-api-1.4.30-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-impl-1.4.30-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-deployers-common-1.4.30-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-jdbc-1.4.30-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-validator-1.4.30-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-genericjms-2.0.9-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-marshalling-2.0.11-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-marshalling-river-2.0.11-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-server-migration-1.7.2-6.Final_redhat_00007.1.el7eap.noarch.rpm eap7-jboss-server-migration-cli-1.7.2-6.Final_redhat_00007.1.el7eap.noarch.rpm eap7-jboss-server-migration-core-1.7.2-6.Final_redhat_00007.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.7.2-6.Final_redhat_00007.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.2-6.Final_redhat_00007.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.7.2-6.Final_redhat_00007.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.7.2-6.Final_redhat_00007.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.7.2-6.Final_redhat_00007.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.2-6.Final_redhat_00007.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.3-server-1.7.2-6.Final_redhat_00007.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.7.2-6.Final_redhat_00007.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.7.2-6.Final_redhat_00007.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.7.2-6.Final_redhat_00007.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.7.2-6.Final_redhat_00007.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.7.2-6.Final_redhat_00007.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.7.2-6.Final_redhat_00007.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly15.0-server-1.7.2-6.Final_redhat_00007.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly16.0-server-1.7.2-6.Final_redhat_00007.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly17.0-server-1.7.2-6.Final_redhat_00007.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly18.0-server-1.7.2-6.Final_redhat_00007.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.7.2-6.Final_redhat_00007.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.7.2-6.Final_redhat_00007.1.el7eap.noarch.rpm eap7-jboss-weld-3.1-api-3.1.0-6.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-weld-3.1-api-weld-api-3.1.0-6.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-weld-3.1-api-weld-spi-3.1.0-6.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-jgroups-kubernetes-1.0.16-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-mod_cluster-1.4.3-2.Final_redhat_00002.1.el7eap.noarch.rpm eap7-netty-4.1.60-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-all-4.1.60-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-3.11.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-atom-provider-3.11.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-cdi-3.11.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-client-3.11.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-client-microprofile-3.11.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-crypto-3.11.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jackson-provider-3.11.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jackson2-provider-3.11.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jaxb-provider-3.11.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jaxrs-3.11.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jettison-provider-3.11.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jose-jwt-3.11.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jsapi-3.11.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-json-binding-provider-3.11.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-json-p-provider-3.11.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-multipart-provider-3.11.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-rxjava2-3.11.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-spring-3.11.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-validator-provider-11-3.11.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-yaml-provider-3.11.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-undertow-2.0.35-1.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-velocity-2.3.0-1.redhat_00001.1.el7eap.noarch.rpm eap7-velocity-engine-core-2.3.0-1.redhat_00001.1.el7eap.noarch.rpm eap7-weld-core-3.1.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-weld-core-impl-3.1.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-weld-core-jsf-3.1.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-weld-ejb-3.1.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-weld-jta-3.1.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-weld-probe-core-3.1.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-weld-web-3.1.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-7.3.7-1.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-elytron-1.10.12-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-elytron-tool-1.10.12-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-client-common-1.0.26-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-ejb-client-1.0.26-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-naming-client-1.0.26-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-transaction-client-1.0.26-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-java-jdk11-7.3.7-1.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-java-jdk8-7.3.7-1.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-javadocs-7.3.7-1.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-modules-7.3.7-1.GA_redhat_00002.1.el7eap.noarch.rpm eap7-xalan-j2-2.7.1-36.redhat_00013.1.el7eap.noarch.rpm eap7-yasson-1.0.9-1.redhat_00001.1.el7eap.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 8. References: https://access.redhat.com/security/cve/CVE-2020-13936 https://access.redhat.com/security/cve/CVE-2021-21290 https://access.redhat.com/security/cve/CVE-2021-21295 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3 https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index 9. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYKUw69zjgjWX9erEAQhEBg/+MuNB70DlIe7VJ6wcvRB9kg12oBwg8itX f079IUCla7IHQLP9bvJnseiI3XjHH61yZpkERqFo2wSRaIufoPKi9KuJpMkPQkyu CR0kiNsxkWp+SSGqUlcYTzz8ly0Mq1OCZAO8hhuzqcrvIoD8B2K/rqWGGUvn4q+K mrMFicpg/qIFe8tDql/hGjx9HOQUDY7w6yiwKTxENpMFMYRgVqXCO92tZRcoMqC/ dnadu87xnmdmFal+H5YwZwaxzm/Jy6ZPDWFpx50PkH3xIsiSnAjFPyhpOJAspywR kpozy9IGSWQW5YyuAx2iJ9KTPl7Tx7ajdN1KrXH0fTfI8qivPNd7AH+ng3PBfAIg ErDRX6hZz8jR9Z/pGbxRcEBzsvFs/Rf2cvy0sndzC23Bzr0UlieLqEQyxrwJ++dY Cu2RkhBKi+zt3vy+6ySKEMhj4B/Xzhq5MbiYPWggNuezeExY8r+UPIqx0U4BApdM HQ3ylCpUGqvWPVMB5R0iqx75sMiTD/fB/CQqIeuTjk/dqfeAjhgGDCb1JpC4Fq1b hjDBhfpsbIOJLyxk4Oj0tcu84eB3gWG5kf0pE8+1tKVJqmBMqrc6verc8YeDBIwR LeUT08vJbBL9DQfQ93K2epzvaIU+HDe3SZHzdzMzF9fCy5DPDVR/roB35VK4iUBv Jpo3zg51ECI=dFfw -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://listman.redhat.com/mailman/listinfo/rhsa-announce . A significant security patch for Red Hat JBoss addresses various vulnerabilities, encompassing potential code execution risks and data exposure.. Red Hat JBoss, Enterprise Application, Security Update. . LinuxSecurity.com Team

Calendar%202 May 19, 2021 Red Hat
98

Advisory RHSA-2021:0489-01 for Low Risk OpenSSL Issue in JBoss 3.1

An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 7. Red Hat Product Security has rated this release as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat JBoss Web Server 3.1 Service Pack 11 security update Advisory ID: RHSA-2021:0489-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2021:0489 Issue date: 2021-02-11 CVE Names: CVE-2020-1971 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 7. Red Hat Product Security has rated this release as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Web Server 3.1 for RHEL 7 - x86_64 3. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 11 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es): * openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to theCVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1903409 - CVE-2020-1971 openssl: EDIPARTYNAME NULL pointer de-reference 6. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): JWS-1938 - Update to the latest JBCS version - Drop RHEL6 7. Package List: Red Hat JBoss Web Server 3.1 for RHEL 7: Source: tomcat-native-1.2.23-23.redhat_23.ep7.el7.src.rpm x86_64: tomcat-native-1.2.23-23.redhat_23.ep7.el7.x86_64.rpm tomcat-native-debuginfo-1.2.23-23.redhat_23.ep7.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 8. References: https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/updates/classification#low 9. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYCUzSdzjgjWX9erEAQhezg//aTexLHlDGTrqV+pOKk3IAlauE8Pd7+DJ hxifoGNalrgXYhY/8bWREEa/o4MO8QeJdvPSwtG/MJ9WETeGYRoofp3cMIP0J+nt 7MxOMm9ZyOuAgM9COERsOykyddEMF1b3Xl5rjuDICrSiPMjp5AExbHmOdMH5l44c RcRExhmlL6i+/aLSNDfO5QjGae6oXZnDKaMVavbhv2gllHDQ4lewIP+omgiiV72c bjALMk6QulenYJ69ClqONDBKJbnu1/zfj2V3OOkQG5VbvlhzxQ6JYmXixDNNEC3p U/KhdhaD0E2MGz92SCRvj6AvO3UdTRIkb2heby896J41YcnypGSrmDurjcUDJ3u2 NpWF+p5BEEFiHkzRuP5e8PgTNjxy7Ye7WtR1KhCLFK/OcI4R8Hs5qu0ufQHqcHGF cJNaOmKObdZ6vhees45s9mv6K6EJi6G5oY+82VzUPm1HOxjLU+gkxEws8uJTpKc4 goRzO7rCdsgFXXFcniLYJKn70jj0ngGG/3X4YgxlJHrJiEMRuuiQvRCbqRwkcYA7 ViCJ/pPqh0KxqtkFTGNtIHJUvEelSNcizlWu+gmE3BclLihD5x+8R9g3Zfo0xW7f B0hy/QhSoc+UXwBYJ03TvCvy2Z3CA14g3Q28x6v42tY+QUzwzGwwot0NWHcWCbxQ 8WOFuknf+mY=It3J -----END PGP SIGNATURE----- -- RHSA-announce mailinglist This email address is being protected from spambots. You need JavaScript enabled to view it. . Red Hat JBoss Web Server 3.1 Service Pack 11 has issued a security patch that rectifies a minor vulnerability in OpenSSL. Discover further details.. Red Hat JBoss Web, Security Advisory, OpenSSL Issue, Server Update. . LinuxSecurity.com Team

Calendar%202 Feb 11, 2021 Red Hat
98

Red Hat JBoss 7.3: RHSA-2021:0246-01 Important: Security Update Details

An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.5 security update Advisory ID: RHSA-2021:0246-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2021:0246 Issue date: 2021-01-25 CVE Names: CVE-2020-13956 CVE-2020-25633 CVE-2020-25640 CVE-2020-25689 CVE-2020-27782 CVE-2020-27822 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.3 for RHEL 6 Server - noarch 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.4, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * wildfly: Potential Memory leak in Wildfly when using OpenTracing (CVE-2020-27822) * undertow: special character inquery results in server errors(CVE-2020-27782) * wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-controller (CVE-2020-25689) * httpclient: apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956) * wildfly: resource adapter logs plaintext JMS password at warning level on connection error (CVE-2020-25640) * resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling (CVE-2020-25633) For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1879042 - CVE-2020-25633 resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling 1881637 - CVE-2020-25640 wildfly: resource adapter logs plaintext JMS password at warning level on connection error 1886587 - CVE-2020-13956 apache-httpclient: incorrect handling of malformed authority component in request URIs 1893070 - CVE-2020-25689 wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-controller 1901304 - CVE-2020-27782 undertow: special character in query results in server errors1904060 - CVE-2020-27822 wildfly: Potential Memory leak in Wildfly when using OpenTracing 6. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): JBEAP-19788 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.22.Final-redhat-00001 to 1.0.24.Final-redhat-00001 JBEAP-19790 - [GSS](7.3.z) Upgrade jboss-ejb-client from 4.0.33.SP1-redhat-00001 to 4.0.37.Final-redhat-00001 JBEAP-19816 - [GSS](7.3.z) UNDERTOW-1745 - Undertow access-log does not workfor HTTP/2 POST request on HTTP Upgrade based connection JBEAP-20240 - (7.3.z) Upgrade Narayana from 5.9.9.Final to 5.9.10.Final JBEAP-20268 - (7.3.z) Upgrade generic jms from 2.0.6 to 2.0.8 JBEAP-20269 - Tracker bug for the EAP 7.3.5 release for RHEL-6 JBEAP-20286 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.18.Final-redhat-00002 to 5.3.20.Final-redhat-00001 JBEAP-20288 - [GSS] (7.3.z) Upgrade undertow from 2.0.32.SP1-redhat to 2.0.33.SP2-redhat JBEAP-20333 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP12-redhat-00001 to 2.3.9.SP13-redhat-00001 JBEAP-20373 - (7.3.z) Upgrade Apache HTTP Client to 4.5.13 JBEAP-20376 - (7.3.z) Upgrade WildFly Elytron from 1.10.9.Final-redhat-00001 to 1.10.10.Final-redhat JBEAP-20399 - (7.3.z) Upgrade RESTEasy from 3.11.2.Final.redhat-00001 to 3.11.3.Final.redhat-00001 JBEAP-20403 - [GSS](7.3.z) Upgrade XNIO from 3.7.11.Final to 3.7.12.Final JBEAP-20405 - [GSS](7.3.z) Upgrade Artemis from 2.9.0.redhat-00016 to 2.9.0.redhat-00017 JBEAP-20438 - [GSS](7.3.z) Upgrade JBoss Remoting from 5.0.19.Final-redhat-00001 to 5.0.20.Final-redhat-00001 JBEAP-20480 - [GSS](7.3.z) Upgrade HAL from 3.2.11.Final-redhat-00001 to 3.2.12.Final JBEAP-20502 - (7.3.z) Upgrade JBoss Modules from 1.10.0.Final to 1.11.0.Final JBEAP-20521 - (7.3.z) Upgrade wildfly-discovery-client to 1.2.1.Final JBEAP-20591 - (7.3.z) Upgrade opentracing-interceptors from 0.0.4.redhat-00004 to 0.0.4.1.redhat-00002 7. Package List: Red Hat JBoss EAP 7.3 for RHEL 6Server: Source: eap7-activemq-artemis-2.9.0-7.redhat_00017.1.el6eap.src.rpm eap7-glassfish-jsf-2.3.9-12.SP13_redhat_00001.1.el6eap.src.rpm eap7-hal-console-3.2.12-1.Final_redhat_00001.1.el6eap.src.rpm eap7-hibernate-5.3.20-1.Final_redhat_00001.1.el6eap.src.rpm eap7-httpcomponents-client-4.5.13-1.redhat_00001.1.el6eap.src.rpm eap7-jboss-ejb-client-4.0.37-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-genericjms-2.0.8-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-modules-1.11.0-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-remoting-5.0.20-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-server-migration-1.7.2-4.Final_redhat_00005.1.el6eap.src.rpm eap7-jboss-xnio-base-3.7.12-1.Final_redhat_00001.1.el6eap.src.rpm eap7-narayana-5.9.10-1.Final_redhat_00001.1.el6eap.src.rpm eap7-opentracing-interceptors-0.0.4.1-2.redhat_00002.1.el6eap.src.rpm eap7-resteasy-3.11.3-1.Final_redhat_00001.1.el6eap.src.rpm eap7-undertow-2.0.33-1.SP2_redhat_00001.1.el6eap.src.rpm eap7-wildfly-7.3.5-2.GA_redhat_00001.1.el6eap.src.rpm eap7-wildfly-discovery-1.2.1-1.Final_redhat_00001.1.el6eap.src.rpm eap7-wildfly-elytron-1.10.10-1.Final_redhat_00001.1.el6eap.src.rpm eap7-wildfly-http-client-1.0.24-1.Final_redhat_00001.1.el6eap.src.rpm noarch: eap7-activemq-artemis-2.9.0-7.redhat_00017.1.el6eap.noarch.rpm eap7-activemq-artemis-cli-2.9.0-7.redhat_00017.1.el6eap.noarch.rpm eap7-activemq-artemis-commons-2.9.0-7.redhat_00017.1.el6eap.noarch.rpm eap7-activemq-artemis-core-client-2.9.0-7.redhat_00017.1.el6eap.noarch.rpm eap7-activemq-artemis-dto-2.9.0-7.redhat_00017.1.el6eap.noarch.rpm eap7-activemq-artemis-hornetq-protocol-2.9.0-7.redhat_00017.1.el6eap.noarch.rpm eap7-activemq-artemis-hqclient-protocol-2.9.0-7.redhat_00017.1.el6eap.noarch.rpm eap7-activemq-artemis-jdbc-store-2.9.0-7.redhat_00017.1.el6eap.noarch.rpm eap7-activemq-artemis-jms-client-2.9.0-7.redhat_00017.1.el6eap.noarch.rpm eap7-activemq-artemis-jms-server-2.9.0-7.redhat_00017.1.el6eap.noarch.rpm eap7-activemq-artemis-journal-2.9.0-7.redhat_00017.1.el6eap.noarch.rpm eap7-activemq-artemis-ra-2.9.0-7.redhat_00017.1.el6eap.noarch.rpm eap7-activemq-artemis-selector-2.9.0-7.redhat_00017.1.el6eap.noarch.rpm eap7-activemq-artemis-server-2.9.0-7.redhat_00017.1.el6eap.noarch.rpm eap7-activemq-artemis-service-extensions-2.9.0-7.redhat_00017.1.el6eap.noarch.rpm eap7-activemq-artemis-tools-2.9.0-7.redhat_00017.1.el6eap.noarch.rpm eap7-glassfish-jsf-2.3.9-12.SP13_redhat_00001.1.el6eap.noarch.rpm eap7-hal-console-3.2.12-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-5.3.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-core-5.3.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-entitymanager-5.3.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-envers-5.3.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-java8-5.3.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-httpcomponents-client-4.5.13-1.redhat_00001.1.el6eap.noarch.rpm eap7-jboss-ejb-client-4.0.37-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-genericjms-2.0.8-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-modules-1.11.0-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-remoting-5.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-server-migration-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-cli-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-core-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.3-server-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly15.0-server-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly16.0-server-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly17.0-server-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly18.0-server-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.7.2-4.Final_redhat_00005.1.el6eap.noarch.rpm eap7-jboss-xnio-base-3.7.12-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-5.9.10-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-compensations-5.9.10-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-jbosstxbridge-5.9.10-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-jbossxts-5.9.10-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-jts-idlj-5.9.10-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-jts-integration-5.9.10-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-restat-api-5.9.10-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-restat-bridge-5.9.10-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-restat-integration-5.9.10-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-restat-util-5.9.10-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-txframework-5.9.10-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-opentracing-interceptors-0.0.4.1-2.redhat_00002.1.el6eap.noarch.rpm eap7-resteasy-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-atom-provider-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-cdi-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-client-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-client-microprofile-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-crypto-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-jackson-provider-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-jackson2-provider-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-jaxb-provider-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-jaxrs-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-jettison-provider-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-jose-jwt-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-jsapi-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-json-binding-provider-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-json-p-provider-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-multipart-provider-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-rxjava2-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-spring-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-validator-provider-11-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-resteasy-yaml-provider-3.11.3-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-undertow-2.0.33-1.SP2_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-7.3.5-2.GA_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-discovery-client-1.2.1-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-elytron-1.10.10-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-elytron-tool-1.10.10-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-client-common-1.0.24-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-ejb-client-1.0.24-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-naming-client-1.0.24-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-transaction-client-1.0.24-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-javadocs-7.3.5-2.GA_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-modules-7.3.5-2.GA_redhat_00001.1.el6eap.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2020-13956 https://access.redhat.com/security/cve/CVE-2020-25633 https://access.redhat.com/security/cve/CVE-2020-25640 https://access.redhat.com/security/cve/CVE-2020-25689 https://access.redhat.com/security/cve/CVE-2020-27782 https://access.redhat.com/security/cve/CVE-2020-27822 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/ 9. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYA71QdzjgjWX9erEAQj0ow//Vo2rA/MX6px74GHR/1CIGqnz5jjf1Twu 6YOGIejWEPU/igNs9O7Wpm8n9u4hPUlNTz2/lRq8Vifh9ZG6vZm76zS9kXGi25w1 LWpehWvmc1uzpqERP7q67keN2kQhTZoEAJdOC4Qm67aIDUb0btpzLUUK0LhtShtX SgFwSB+9Ai6G7YiEzrEbWMGdHxqBW2Oy0Es9ypzT3o7ftJ2OGlrn6s6r0h+FAVxW 22gMQ8S2t3Q/rsvOs8y0D+5yF5K1rIcCUmTwpdED6H0PC4AlUfz6m7709FZf8Svn Vv/Y7yuNLf881e+gxg/tSwpWfQLN8P/x99GqKE4jOBMZO7m4QolYSr7sPpmZGOug ueO1frP2Rh96iKkpKcXTbjftNCOZkAyI00RDmd64AP+NPRjPn25J9f3nQ1wrg3y5 iWnltR0P0pj2JZMWtHTus8FtL4LPP5wodswHFcp94I5ITx3GVmRhKwwTIyfQthZL hSw614eKelQB6WqEKyblmyv+StIRl9JaOEoU/p3+k9q41Lui/cq3rpPQ/He5TrPR kEQde0xuo3KrTngtjrgCwRfXYme+nnh0ZD5dJtIEN6MaBf6G8e32TB9W4o1bEw6l rrGInWZ93pqJVy17QC7FaXHnuIjljdX97V6k6WkrGA8Q0Wv4Coexo47MawZyXrRd E8zC1WAJlLk=Zzv9 -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Important security enhancement for RedHat JBoss Enterprise Application Platform tackling multiple critical vulnerabilities.. Red Hat JBoss, Enterprise Application, Security Advisory, JBoss Update, Java Application. . LinuxSecurity.com Team

Calendar%202 Jan 25, 2021 Red Hat
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Can sandbox isolation stop malware?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/154-can-sandbox-isolation-stop-malware?task=poll.vote&format=json
154
radio
0
[{"id":497,"title":"Breaches happen despite container barriers.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":498,"title":"Supply chain flaws exploit trust.","votes":2,"type":"x","order":2,"pct":100,"resources":[]},{"id":499,"title":"Flawed configurations expose vital files.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Your message here