Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
98
security advisorycritical issuesecurity updateRHEL 7: Urgent Apache Tomcat Patch - RHSA-2022-1502-01 Details
An update is now available for Red Hat JBoss Web Server 3.1, for RHEL 7 and Windows. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Web Server 3.1 Service Pack 12 security update Advisory ID: RHSA-2021:1203-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2021:1203 Issue date: 2021-04-14 CVE Names: CVE-2021-3449 CVE-2021-3450 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Web Server 3.1, for RHEL 7 and Windows. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 12 serves as a replacement for Red Hat JBoss Web Server 3.1.11, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es): * openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449) * openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to theCVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. 4. Bugs fixed (https://bugzilla.redhat.com/): 1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT 1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing 5. References: https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/updates/classification/#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYHctPtzjgjWX9erEAQjTRA/6A7nKJ6OpTPIdsQtcDDh0qfF1ywcF8jRi w/g56lpEEokPfqvrphEd2Bul4d73OpKPBk0HS2jRJ1HrtF0rwafUzGNhPNte8aCd 23Tc3h6643PGfxHJ0q8i5APPmgHIUOusmVTT9XoHCMzAjtB08evKOE3wrPwecgtN 0XL0zf0p7w1zMdugsdiyECAh7bBG3lU3SROJw1D4dhfXu8vxi4YacQLFi8KjYGGT pYEsVAJfBRBxYYJHcdB4P78MMtIZ/5rx0y/XnWqO8d5un3xCgOSXkkEtMNIGeZiY KmEbEr98p7gJbBFvCglkHfvykBzTLDiwjzw6OC8B769gym0ueu3TURvrm6POnaJn no7z5J/qL39JAnrc+yOUKBnNbVcMK9kgzfrQHE860ZjCs5KUGrqRM9+RjATtcLFn GaxPPtTnjEWzTbf1GfFQZCt3vJVec0Z/9bNei67W1t0biajRKe9VDyibf8qeqaj9 ENjQt1wK1pjE+C65KJfEbwczoX07N53pPEvNDcpg63wTXjZ93GDppI4JH2l1Pvc0 nGqAaMMLc4TE/ZZkE6RhLivHnZcGbvg8w+6sYUE9ClVkJrzKPwWZpfITzkJbqXWA VuNdHVCma2SwwZNsUPCcJH6Beu7YUe05xTKBnxFSNwmbYMJASuaM6x83f3HQ0WfJ 2hQUY5Yr1bE=jWZG -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 14, 2021
•Important
Red Hat
98
security advisorymoderatesecurity updateRed Hat JBoss Web Server Update RHSA-2021-0494-01 Moderate Threat
Updated Red Hat JBoss Web Server 5.4.1 packages are now available for Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Web Server 5.4.1 Security Update Advisory ID: RHSA-2021:0494-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2021:0494 Issue date: 2021-02-11 CVE Names: CVE-2020-1971 CVE-2020-13943 CVE-2020-17527 CVE-2021-24122 ==================================================================== 1. Summary: Updated Red Hat JBoss Web Server 5.4.1 packages are now available for Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Web Server 5.4 for RHEL 7 Server - noarch, x86_64 Red Hat JBoss Web Server 5.4 for RHEL 8 - noarch, x86_64 3. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.4.1 serves as a replacement for Red Hat JBoss Web Server 5.4.0, and includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Security Fix(es): * tomcat: Apache Tomcat HTTP/2 Requestmix-up (CVE-2020-13943) * tomcat: HTTP/2 request header mix-up (CVE-2020-17527) * tomcat: Information disclosure when using NTFS file system (CVE-2021-24122) * openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1887648 - CVE-2020-13943 tomcat: Apache Tomcat HTTP/2 Request mix-up 1903409 - CVE-2020-1971 openssl: EDIPARTYNAME NULL pointer de-reference 1904221 - CVE-2020-17527 tomcat: HTTP/2 request header mix-up 1917209 - CVE-2021-24122 tomcat: Information disclosure when using NTFS file system 6. Package List: Red Hat JBoss Web Server 5.4 for RHEL 7 Server: Source: jws5-tomcat-9.0.36-9.redhat_8.1.el7jws.src.rpm jws5-tomcat-native-1.2.25-3.redhat_3.el7jws.src.rpm noarch: jws5-tomcat-9.0.36-9.redhat_8.1.el7jws.noarch.rpm jws5-tomcat-admin-webapps-9.0.36-9.redhat_8.1.el7jws.noarch.rpm jws5-tomcat-docs-webapp-9.0.36-9.redhat_8.1.el7jws.noarch.rpm jws5-tomcat-el-3.0-api-9.0.36-9.redhat_8.1.el7jws.noarch.rpm jws5-tomcat-javadoc-9.0.36-9.redhat_8.1.el7jws.noarch.rpm jws5-tomcat-jsp-2.3-api-9.0.36-9.redhat_8.1.el7jws.noarch.rpm jws5-tomcat-lib-9.0.36-9.redhat_8.1.el7jws.noarch.rpm jws5-tomcat-selinux-9.0.36-9.redhat_8.1.el7jws.noarch.rpm jws5-tomcat-servlet-4.0-api-9.0.36-9.redhat_8.1.el7jws.noarch.rpm jws5-tomcat-webapps-9.0.36-9.redhat_8.1.el7jws.noarch.rpm x86_64: jws5-tomcat-native-1.2.25-3.redhat_3.el7jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.25-3.redhat_3.el7jws.x86_64.rpm Red Hat JBoss Web Server 5.4 for RHEL8: Source: jws5-tomcat-9.0.36-9.redhat_8.1.el8jws.src.rpm jws5-tomcat-native-1.2.25-3.redhat_3.el8jws.src.rpm noarch: jws5-tomcat-9.0.36-9.redhat_8.1.el8jws.noarch.rpm jws5-tomcat-admin-webapps-9.0.36-9.redhat_8.1.el8jws.noarch.rpm jws5-tomcat-docs-webapp-9.0.36-9.redhat_8.1.el8jws.noarch.rpm jws5-tomcat-el-3.0-api-9.0.36-9.redhat_8.1.el8jws.noarch.rpm jws5-tomcat-javadoc-9.0.36-9.redhat_8.1.el8jws.noarch.rpm jws5-tomcat-jsp-2.3-api-9.0.36-9.redhat_8.1.el8jws.noarch.rpm jws5-tomcat-lib-9.0.36-9.redhat_8.1.el8jws.noarch.rpm jws5-tomcat-selinux-9.0.36-9.redhat_8.1.el8jws.noarch.rpm jws5-tomcat-servlet-4.0-api-9.0.36-9.redhat_8.1.el8jws.noarch.rpm jws5-tomcat-webapps-9.0.36-9.redhat_8.1.el8jws.noarch.rpm x86_64: jws5-tomcat-native-1.2.25-3.redhat_3.el8jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.25-3.redhat_3.el8jws.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/cve/CVE-2020-13943 https://access.redhat.com/security/cve/CVE-2020-17527 https://access.redhat.com/security/cve/CVE-2021-24122 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYCU2ktzjgjWX9erEAQgbVhAApvQsmnCGPuAPf0CNAwKteY0i+2j78mxR SZlICmXTNYE/L9LCBqyG60Ya8XGahVoZdoeWi9Ez4fuH1jZi1dw4vn7BhYB41Qpj daTuCKjNp/wuKPAF3n4meZ0xleC2wTOGDHiXhh9mCMugVSgU9Hu9SC3VEIvug52O nGCcdn7B+7+QUlg8hitVSAFDYxexKBX33AWx4ylKDOmdinC27eXN5j5Y8ChBEz11 i6mhAdmCGfC4/fqsM6qZSQjECZBx2D1ZQvKGfNYluGZYty20QV2YzBK4w7lLmfSj bFB34bWt6kI0bnwBojuZcPD6X//AP0EbDDrZvMLM/z0f8LLAldT74dcKghd2mjMP nAMnYM2VKUE9h7PTfnH7elS249BOvm6MjTUZDV443TaL0JcbegJUvbsQJncp0v9S oBW7cypecOUtVjosUV6AOWuIptEkHG3HtsxCvrvPO6m5dDQBMkgTKOQTgrDa7FGi /3DgPvofjY2+wdR9YbY73Fy/Y15qm8KAiEzsm9i8zLoMvZ3mJeiMcSpL/O5MU/+q f6rizcErIU0j2H7y2sBRD3dp8mHfgkxhXLYV5x5jJBomZHl31wWKst8FM3+gu27p LleKKXRjkIzCQbBBBnhVycdYdYTy1MxXjYdBG59HO+YmimYC1P4QE+FysCkKPGAv 3QJLVipYpGE=ir9P -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 11, 2021
Red Hat
98
security advisorysecurity updatered hatRed Hat JBoss Web Server 3.1 Update: RHSA-2020-0860-01 Major Security Patch
An update is now available for Red Hat JBoss Web Server 3.1. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Web Server 3.1 Service Pack 8 security update Advisory ID: RHSA-2020:0860-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2020:0860 Issue date: 2020-03-17 CVE Names: CVE-2019-0221 CVE-2019-12418 CVE-2019-17563 CVE-2020-1938 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Web Server 3.1. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 8 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es): * tomcat: session fixation (CVE-2019-17563) * tomcat: local privilege escalation (CVE-2019-12418) * tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938) * tomcat: XSS in SSI printenv (CVE-2019-0221) For more details aboutthe security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1713275 - CVE-2019-0221 tomcat: XSS in SSI printenv 1785699 - CVE-2019-12418 tomcat: local privilege escalation 1785711 - CVE-2019-17563 tomcat: session fixation when using FORM authentication 1806398 - CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability 5. References: https://access.redhat.com/security/cve/CVE-2019-0221 https://access.redhat.com/security/cve/CVE-2019-12418 https://access.redhat.com/security/cve/CVE-2019-17563 https://access.redhat.com/security/cve/CVE-2020-1938 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver&downloadType=securityPatches&version=3.1 https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/3.1/html/3.1.0_release_notes/index 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXnDMptzjgjWX9erEAQjrdQ/+IapBuneDq6LpbBTAOPCG5CWZJyvgWtnc /Q8/A/sppuUEFPEYcI/vPr+kaaI6NeKNr1ITdqPXGTKOb+0lHjnSAoy3hRQsqlg/ I7nw6t9BhQ8cBwkoSR5f1OM9YdltpzNZ/ZAJwOYO4QlK4UAw5s8JtRHCJdIqEbDB 8k5vwRJkEQe4PYoct8H7xY5kdCP9NjqV+rHBPDnJakWX1vShfPiNHTRwLe62BtfO kxhudqlfplxxSr6sN7ZJxP5eJsOSCmwdVW9VcR+hgdSGzeZsKYb0EwM9tlODU+Sf yx7HVNd0rV+XryrUSScEmtyRBYMDJp7oGTdY1Lfi8ursPz5GfGP9QfEZGiowxNXH SD+9wCXzS+QIQgLcTfYKns6tj8ElulQV3/iobWD3SU0DvZjg3iOMws7XJ09JMvYt FhwIvCtByUMna05uye7ZsC9vm7QrvdiKaq5RJ2s6Xw1p9fvW/dTeMuBwkxgbrARp mJ4vUknGTfSUCySUf3AC1droh/yyE9/5UHbtzz4pgXNLwdmFJZlIR8sfedU1998k /UK+fCb7yvlUgkdmSG9psLDkLyokQ0VwDyfV8F/JqeqCEA6jRjUQJF/vhrRRY7/X /ARDwgYJAtNvkOloY8Mm9rvlAOoffpJDJvgjQdy6BdBcPKLloIPBc2vMeh4YwhN6 HUmyucXNc9M=TKsJ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 17, 2020
•Important
Red Hat
98
security advisoryred hatbug fixRed Hat JBoss Web Server 3.1: RHSA-2018:2700-01 Important DoS Risk
An update is now available for Red Hat JBoss Web Server 3.1. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Web Server 3.1.0 Service Pack 5 security and bug fix update Advisory ID: RHSA-2018:2700-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2018:2700 Issue date: 2018-09-12 CVE Names: CVE-2018-1336 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Web Server 3.1. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 5 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es): * tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying theupdate, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1607591 - CVE-2018-1336 tomcat: A bug in the UTF-8 decoder can lead to DoS 5. References: https://access.redhat.com/security/cve/CVE-2018-1336 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver&downloadType=securityPatches&version=3.1 https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/3.1/html-single/red_hat_jboss_web_server_3.1_service_pack_5_release_notes/index 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW5lHBtzjgjWX9erEAQg74w/+PZWmU0IqHxOqPa/jbjNPy5SRmWNMQMYk KrW/7MGg6lCHlgxvBoX5iwLTPkwVI/b288yjJNAjmYVqZOm1KxyS6X7vXME+/Gku shiTI6P7uYFRLA6WuqCdGeY/nf4GBHumoxzolSbgAhY+h+3YtzMlpBQ54lpHn8M3 AYqvk6PMM6SpSuErQZeIPpApLa/uNAEbhCkDud5sise18KqQfXhAaWKnoorOg/zu LGadtZjQUbH2w+rYSO3zXD1h/VWQ7ShB940oMhRKm2ELXwTF3LQPqxiNNR2RchL6 ejjEDBGet4qzlB1aRyQl5i9y/Rf9cQnlCoTlZfJA77VG7X8t41hY+EOv88GNaGgF Lf9FTP/grPrs26ZF/8Ag4cidwCWV2NXOI993HiZTr+bZbw1bof/V1extv21FyQPe nWKBELOjNYuA/P9lzoGREEehIn65WfJu4gPALR0qAROTWP/8yQUWISwIp3+c04Li mvQz1ZV72qTMjc/pMcDnSn4gN8LnbBspgAf86IAmPz+egTG+z9sVeVUgYbAHJxQO 4Mdj/Y0XjTa/X2M0wI0PNFtr72Hz0v9FDClXJFQmRnHqUuHDAYQY7ICzDgGbuYk2 x3i+0XeVhiu7a/w+M8v50MRDoPKX27zbY50ttL01d4dJm0V4phULV7HPMVSqEl8R sG1+vabuims=OBI/ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 12, 2018
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!