Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 4 articles for you...
89
security advisoryfedoraupdateFedora 42: deepin-qt5integration Bugfix Update FEDORA-2025-976ccd79ae
Qt 5.15.18 bugfix release. Qt5 WebEngine update to 5.15.19.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-976ccd79ae 2025-11-06 02:22:59.541317+00:00 -------------------------------------------------------------------------------- Name : deepin-qt5integration Product : Fedora 42 Version : 5.7.5 Release : 7.fc42 URL : https://github.com/linuxdeepin/qt5integration Summary : Qt platform theme integration plugins for DDE Description : Multiple Qt plugins to provide better Qt5 integration for DDE is included. -------------------------------------------------------------------------------- Update Information: Qt 5.15.18 bugfix release. Qt5 WebEngine update to 5.15.19. -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 4 2025 Jan Grulich - 5.7.5-7 - Rebuild (qt5) * Wed Jul 23 2025 Fedora Release Engineering - 5.7.5-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-976ccd79ae' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Nov 06, 2025
•Informational
Fedora
89
security advisorysecurity updatefedoraFedora 41: FEDORA-2025-e97e5c6ce3 moderate: node.js worker thread exposure
update for nodejs22-22.14.0-2 Update to version 22.13.1.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-e97e5c6ce3 2025-03-01 01:22:54.667691+00:00 -------------------------------------------------------------------------------- Name : nodejs22 Product : Fedora 41 Version : 22.14.0 Release : 2.fc41 URL : https://nodejs.org/en/ Summary : JavaScript runtime Description : Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed devices.} -------------------------------------------------------------------------------- Update Information: update for nodejs22-22.14.0-2 Update to version 22.13.1. -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 19 2025 Jan StanÄk - 1:22.14.0-2 - Change the default stream condition to allow for range of Fedoras - Rename the OPENSSL_NO_ENGINE guard patch to achieve the proper ordering * Tue Feb 18 2025 tjuhasz - 1:22.14.0-1 - update to version 22.14.0 (bz#2344862) * Thu Jan 23 2025 Jan StanÄk - 1:22.13.1-1 - Update to version 22.13.1 (rhbz#2330256) * Wed Jan 22 2025 Tomas Juhasz - 1:22.13.0-1 - Updated to version 22.13.0 * Fri Jan 17 2025 Fedora Release Engineering - 1:22.11.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2330256 - nodejs22-22.13.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2330256 [ 2 ] Bug #2341716 - CVE-2025-23083 nodejs22: Node.js Worker Thread Exposure via Diagnostics Channel [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2341716 [ 3 ] Bug #2344862 - nodejs22-22.14.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2344862 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-e97e5c6ce3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- . Upgrade nodejs22 to release 22.13.1 to address serious security flaws in Fedora 41, ensuring improved safety and performance.. Fedora Security Update, Nodejs22 Advisory, JavaScript Runtime Update. . LinuxSecurity.com Team
Mar 01, 2025
Fedora
98
security advisorymoderateupdateRed Hat OpenStack 16.2.4 Moderate Advisory RHSA-2022-8845-01 Race Condition
An update for python-paramiko is now available for Red Hat OpenStack Platform 16.2.4 (Train). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenStack Platform 16.2.4 (python-paramiko) security update Advisory ID: RHSA-2022:8845-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:8845 Issue date: 2022-12-07 CVE Names: CVE-2022-24302 ==================================================================== 1. Summary: An update for python-paramiko is now available for Red Hat OpenStack Platform 16.2.4 (Train). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 16.2 - noarch 3. Description: Paramiko (a combination of the esperanto words for paranoid and friend) is a module for python 2.3 or greater that implements the SSH2 protocol for secure (encrypted and authenticated) connections to remote machines. Unlike SSL (aka TLS), the SSH2 protocol does not require heirarchical certificates signed by a powerful central authority. You may know SSH2 as the protocol that replaced telnet and rsh for secure access to remote shells, but the protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. (This is how sftp works, for example.) Security Fix(es): * Race condition in the write_private_key_file function (CVE-2022-24302) For more details about the security issue(s), including the impact, a CVSS score,acknowledgments, and other related information, refer to the CVE page listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2065665 - CVE-2022-24302 python-paramiko: Race condition in the write_private_key_file function 6. Package List: Red Hat OpenStack Platform 16.2: Source: python-paramiko-2.4.2-8.el8ost.src.rpm noarch: python3-paramiko-2.4.2-8.el8ost.noarch.rpm Red Hat OpenStack Platform 16.2: Source: python-paramiko-2.4.2-8.el8ost.src.rpm noarch: python3-paramiko-2.4.2-8.el8ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-24302 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY5FpTdzjgjWX9erEAQhfBBAAjeyddMGl49zaJIDsMXP+kEGy14JQrH2z iQ5qMmR4+vKGsyHxQ14swkedgOfOa+gMyQAAGEnRTnI5K/NTgOMazPfLIGaxylLD hZDcS+Rt9KwJwwQtKAKFXlkAJex/Qh/DS1iK0T2fYD8V0CVIXf+pvwYbXpPuivEH fC97pt7Ip/NecTs23OeSZm5uwVkQAqvkpaPkOBJoVDR8gBgnm3swVt4JEgEhal+I 5CGe1geJj3yDiIcF9FRz0IHRVTNKDEWyBXW8AKD/X4TATafs1/xry/pGmDnjcS0z pcet7uwqWsQgpEUTbnVjZsITHj2+MMbSLqS97czHNiemK9sUAb4D5F4LxDd7hGnP Pd4ihq0YMSfVJLgqgeLFAHDSa+8BXXgUBBZenOChzSQb+AMsU7K1zV44mTHkUhSs B6qTj807gmC+KEu0x3qQeEKgA+FJVh7yJFpmKd49eIarxKGLPwKsM6mpwEaKQmuF 8WgzzxHEljnfgbdOnjuoqDUMUADNNrEaCmIQoNzD+zaM92Fkz+9GLJWZvT5zPW/v FeSi55IERqrtb56aFg+W+j/aj1j9DRbT/cT+YGxXSwn+fFMwhoQoppne4yUGE8+1 6X2+y/IvE3Kx3wQcZDSkQ+JHxivFIolGscEdjmiLm6+U3GAS/kHe1F3St3l+c1Tu xA6Y1z4sf+A=+D6E -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 08, 2022
Red Hat
98
security advisorysecurity updateRed HatRed Hat OpenShift 4.6.9 RHSA-2020:5614-01 Critical Security Patch
Red Hat OpenShift Container Platform release 4.6.9 is now available with updates to packages and images that fix several bugs and add enhancements. This release also includes a security update for Red Hat OpenShift Container Platform 4.6.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: OpenShift Container Platform 4.6.9 security and bug fix update Advisory ID: RHSA-2020:5614-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2020:5614 Issue date: 2020-12-21 CVE Names: CVE-2020-1971 CVE-2020-8177 CVE-2020-15862 CVE-2020-16166 CVE-2020-27836 ==================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.6.9 is now available with updates to packages and images that fix several bugs and add enhancements. This release also includes a security update for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * cluster-ingress-operator: changes to loadBalancerSourceRanges overwritten by operator (CVE-2020-27836) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. This advisory contains the container images for Red Hat OpenShift Container Platform 4.6.9. See the following advisory for the RPM packages forthis release: https://access.redhat.com/errata/RHSA-2020:5615 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.redhat.com/en/documentation/openshift_container_platform/4.6/html/release_notes/ocp-4-6-release-notes This update fixes the following bugs among others: * Previously, pre-flight installer validation for OpenShift Container Platform on OpenStack was performed on the flavor metadata. This could prevent installations to flavors detected as `baremetal`, which might have the required capacity to complete the installation. This is usually caused by OpenStack administrators not setting the appropriate metadata on their bare metal flavors. Validations are now skipped on flavors detected as `baremetal`, to prevent incorrect failures from being reported. (BZ#1889416) * Previously, there was a broken link on the OperatorHub install page of the web console, which was intended to reference the cluster monitoring documentation. This has been fixed. (BZ#1904600) You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.6.9-x86_64 The image digest is sha256:43d5c84169a4b3ff307c29d7374f6d69a707de15e9fa90ad352b432f77c0cead (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.6.9-s390x The image digest is sha256:3d77e9b0fd14a5c4d50995bbb17494a02f27a69f2ffa9771b29d112fe084699f (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.6.9-ppc64le The image digest is sha256:0975188e83f8688f97180b408a447b41f492ee35d1dacd43a826b14db7d486e5 All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShiftConsole or the CLI oc command. Instructions for upgrading a cluster are available at - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor. 3. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.6/html/release_notes/ocp-4-6-release-notes Details on how to access this content are available at - -cli.html. 4. Bugs fixed (https://bugzilla.redhat.com/): 1885442 - Console doesn't load in iOS Safari when using self-signed certificates 1885946 - console-master-e2e-gcp-console test periodically fail due to no Alerts found 1887551 - Unsupported access mode should not be available to select when creating pvc by aws-ebs-csi-driver(gp2-csi) from web-console 1888165 - [release 4.6] IO doesn't recognize namespaces - 2 resources with the same name in 2 namespaces -> only 1 gets collected 1888650 - Fix CVE-2015-7501 affecting agent-maven-3.5 1888717 - Cypress: Fix 'link-name' accesibility violation 1888721 - ovn-masters stuck in crashloop after scale test 1890993 - Selected Capacity is showing wrong size 1890994 - When the user clicked cancel at the Create Storage Class confirmation dialog all the data from the Local volume set goes off 1891427 - CLI does not save login credentials as expected when using the same username in multiple clusters1891454 - EgressNetworkPolicy does not work when setting Allow rule to a dnsName 1891499 - Other machine config pools do not show during update 1891891 - Wrong detail head on network policy detail page. 1896149 - TLS secrets are not able to edit on console. 1896625 - with Serverless 1.10 version of trigger/subscription/channel/IMC is V1 as latest 1897019 - "Attach to Virtual Machine OS" button should not be visible on old clusters1897766 - [release-4.6]Incorrect instructions in the Serverlessoperator and application quick starts 1898172 - installer missing permission definitions for TagResources and UntagResources when installing in existing VPC 1898302 - E2E test: Use KUBEADM_PASSWORD_FILE by default 1898746 - opm index add cannot batch add multiple bundles that use skips 1899056 - Max unavailable and Max surge value are not shown on Deployment Config Details page 1899382 - Remove TechPreview Badge from Eventing in Serverless version 1.11.0 1899728 - overview filesystem utilization of OCP is showing the wrong values 1901110 - pod donut shows incorrect information 1901871 - catalog-operator repeatedly crashes with "runtime error: index out of range [0] with length 0" 1901877 - linuxptp-daemon crash when enable debug log level [release-4.6] 1902029 - [sig-builds][Feature:Builds][valueFrom] process valueFrom in build strategy environment variables should successfully resolve valueFrom in docker build environment variables 1904014 - (release 4.6) Hostsubnet gatherer produces wrong output 1904028 - [release-4.6] The quota controllers should resync on new resources and make progress 1904065 - [release 4.6] [Openstack] HTTP_PROXY setting for NetworkManager-resolv-prepender not working 1904260 - VPA-operator has version: 1.0.0 every build 1904583 - Operator upgrades can delete existing CSV before completion 1904600 - Cluster monitoring documentation link is broken - 404 not found 1905004 - Use new packages for ipa ramdisks 1905230 - Multus errors when cachefile is not found 1905619 - [4.6.z] usbguard extension fails to install because of missing correct protobuf dependency version 1905622 - [Platform] Remove restriction on disk type selection for LocalVolumeSet 1905746 - Subscription manual approval test is flaky 1905903 - Rules in kube-apiserver.rules are taking too long and consuming too much memory for Prometheus to evaluate them 1906267 - CVE-2020-27836 cluster-ingress-operator: changes to loadBalancerSourceRanges overwritten by operator 1906416 - Errant change to lastupdatetime in copied CSV statuscan trigger runaway csv syncs 5. References: https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/cve/CVE-2020-8177 https://access.redhat.com/security/cve/CVE-2020-15862 https://access.redhat.com/security/cve/CVE-2020-16166 https://access.redhat.com/security/cve/CVE-2020-27836 https://access.redhat.com/security/updates/classification#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX+ClD9zjgjWX9erEAQhC0g/+Luia38AeI9BuO6wyp7Q/zJjPuBKxO+X+ cBx7i8wMWAZZ0Ex/pLDxskKsiz1nYfiCqjph0SohyIe/jfz8ePdB2LrKyDmLP3Pt mknjH68WMZb571RngH1aO+7TzLjrJC9VgWOBlJPii6pt8p74I8ybBtExgchwnLv4 nsyGEmhvylqFDo4ARnF+do/FwKvL1gxDHqtD6gCRfJBx8XUi34WVWpCIXfAkz9mU DrJQ0ib9KJFrzX7s1Sipci4IUfMyW3fmhRvmLU3GXblB/KhCafXWhRuetoQUoUBm DHFdqW6mOm3G2A9yRfqfDf8XZmxmcqu8rTjeQGnH9B4oi3Id7dXrcmpXnX/6LyCY 3nAUg/olKaWSOf5B92dWnS7wrJGDHq17qlKVppRHQy4lXaJ/yKIx3TLLxc/pop+u qgpViJW0qusOXcYuFcVbvXaEZ9HPnpOFZVGiW6xCCsoeJQHnm3WkzUbp8d33LkQ3 +aMxEUtXN34lRTuCC2pK+N9bKTBD8tFxqnVx4GcUZL9nrwNXJGqmGJU1ol0Gszyl +Z59xqXfbKzZuAXr+6+n0xjzojzAlQ/0lOXgrroBAHxmyBKSEino16TNazm8Rbf6 qFC3igMh+XNOs+8aXwoPEm/Gw3hI/2iiypK/2NXeR+GKBY7liCYg4cMvviwS0WpR 9Udm1+DfTgI=WIGA -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 21, 2020
•Important
Red Hat
98
security advisoryRed HatimportantRed Hat JBoss 7.3: RHSA-2020:4923-01 Important Memory Leak Fix
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.3 security update Advisory ID: RHSA-2020:4923-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:4923 Issue date: 2020-11-04 CVE Names: CVE-2020-25644 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3. Security Fix(es): * wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL (CVE-2020-25644) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. The References section of this erratum contains a download link (you must log in to download the update). The JBoss server process must be restarted for the update to take effect. 4.Bugs fixed (https://bugzilla.redhat.com/): 1885485 - CVE-2020-25644 wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL 5. References: https://access.redhat.com/security/cve/CVE-2020-25644 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=7.3 https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/ 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX6LKctzjgjWX9erEAQh/8A/9FAgMi5bZ0Bi4Yhe1MC8cSDa8KuEaWMKV LhXCRJGBBXhJ0zlN9MGRgyXTmPFePUExCO9IzIGl1k7OTuv0fAn3YDozJzLuC64L uFoMrzvtW4DUnmoXOMI4GV91124kQyBG22ojf0RNAW5wZySQiUAGDLGqUt1xzAXe NckpYYueSqTr0gi6pm6XF+NBUAo4ZuyALtmBjzCcD8kNCT61A/X7RCeXYBj4gFn4 TLDs7qCM9+0MgIA5lH0EnmBTxsOsxRNXWNUw9tsgQZfczCN1h91hWNqc2DL+YeaI C3KBaYZpzCqXbGmlSNLCcr7959KZyN/mhdbb6ojLD3ZPogBaCWobsdB1yIQJMdF/ eF15/6+Wn5hjAjAzdj7Hx3PYGnn8pqsrQi59wGEiCXQTiWosgnx1xQFDM/EcMbSm IEo+Z+TPeeJsWmb1jziWbWtbvkBchw+I6LXtq85BBb6UmMMBzMv/EsJCwz9uUFwG W2d4tSoLTf9PsFlrsqcB9JvuTIoznHHL8GyjZUj7YkQgBKGMLpzKonNcwp0PFN2p 0NJVDiqyuULs9arPrX3GSZ8s5rO9iVRpsxXn+B0HEA85EGgJ6HX7VtQow7nC/G2q by4amJ/MtJTI0KTn9o5IBJy8nuyddUOCiAvTE2irMqVUOvVzoz6W/QMxH+7npDvR ZfpkiAmKRvU=3t7j -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 04, 2020
•Important
Red Hat
98
security advisoryRed Hatremote command executionRed Hat: RHSA-2020-3642-01 Important: JBoss Security Update
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 security update Advisory ID: RHSA-2020:3642-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:3642 Issue date: 2020-09-07 CVE Names: CVE-2019-14900 CVE-2020-1695 CVE-2020-1710 CVE-2020-1748 CVE-2020-6950 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10672 CVE-2020-10673 CVE-2020-10683 CVE-2020-10687 CVE-2020-10693 CVE-2020-10714 CVE-2020-10718 CVE-2020-10740 CVE-2020-14297 CVE-2020-14307 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547) * jackson-databind: Lackscertain xbean-reflect/JNDI blocking (CVE-2020-8840) * jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548) * jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672) * jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673) * jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546) * undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710) * wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687) * jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950) * resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695) * wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714) * dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683) * wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748) * hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693) * hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900) * wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718) • wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740) * jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307) * jboss-ejb-client: wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297) For more details about the security issue(s), including the impact, a CVSS score, and other relatedinformation, see the CVE page(s) listed in the References section. 3. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. The References section of this erratum contains a download link (you must log in to download the update). The JBoss server process must be restarted for the update to take effect. 4. Bugs fixed (https://bugzilla.redhat.com/): 1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM 1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1785049 - CVE-2020-10687 Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests 1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230 1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORMauthentication 1828476 - CVE-2020-10718 wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API 1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans 1851327 - CVE-2020-14307 wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service 1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): JBEAP-18366 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.15 to 5.3.16 JBEAP-18667 - [GSS](7.2.z) Upgrade wildfly-http-client from 1.0.20.Final-redhat-00001 to 1.0.21.Final-redhat-00001 JBEAP-18849 - [GSS](7.2.z) Upgrade RESTEasy from 3.6.1.SP8 to 3.6.1.SP9 JBEAP-18880 - [GSS](7.2.z) Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00009 to 2.3.5.SP4-redhat-00001 JBEAP-18906 - [GSS](7.2.z) Upgrade weld from 3.0.6.Final-redhat-00003 to 3.0.7.Final-redhat-00001 JBEAP-18919 - [GSS](7.2.z) Upgrade HAL from 3.0.21.Final to 3.0.22.Final JBEAP-18965 - (7.2.z) Upgrade IronJacamar from 1.4.20.Final to 1.4.21.Final JBEAP-19058 - [GSS] (7.2.z) Upgrade Undertow from 2.0.30.SP1-redhat-00001 to 2.0.30.SP2-redhat-00001 JBEAP-19120 - [GSS](7.2.z) Upgrade org.jboss.genericjms from 2.0.2.Final-redhat-00001 to 2.0.4.Final-redhat-00001 JBEAP-19163 - [GSS](7.2.z) Upgrade Infinispan from 9.3.8.Final-redhat-00001 to 9.3.9.Final-redhat-00001 JBEAP-19255 - (7.2.z) Upgrade jboss-logmanager from 2.1.14.Final to 2.1.15.Final JBEAP-19271 - (7.2.z) Upgrade WildFly Core from 6.0.27.Final-redhat-00001 to 6.0.28.Final-redhat-00001 JBEAP-19315 - [GSS](7.2.z) Upgrade XNIO from 3.7.6.SP2 to 3.7.6.SP3 JBEAP-19463 - (7.2.z) Upgrade wildfly-transaction-client from 1.1.10.Final-redhat-00001 to 1.1.11.Final-redhat-00001 JBEAP-19565 - (7.2.z) Upgrade jboss-ejb-client from 4.0.31.Final-redhat-00001 to 4.0.33.Final-redhat-00001 JBEAP-19587 - [GSS](7.2.z) Upgrade org.jboss.genericjms from 2.0.2.Final-redhat-00001 to2.0.6.Final-redhat-00001 JBEAP-19620 - (7.2.z) Upgrade JBoss JSF API from 2.3.5.SP2-redhat-00003 to 2.3.5.SP2-redhat-00005 JBEAP-19624 - (7.2.z) Upgrade wildfly-naming-client from 1.0.12.Final-redhat-00001 to 1.0.13.Final-redhat-00001 JBEAP-19703 - [GSS](7.2.z) Upgrade JBoss Modules from 1.8.9 to 1.8.10 JBEAP-19704 - (7.2.z) Upgrade WildFly Core from 6.0.28.Final-redhat-00001 to 6.0.29.Final-redhat-00001 JBEAP-19798 - [GSS](7.2.z) Upgrade HAL from 3.0.22.Final to 3.0.23.Final JBEAP-19837 - (7.2.z) Upgrade WildFly Core from 6.0.29.Final-redhat-00001 to 6.0.30.Final-redhat-00001 JBEAP-19875 - [GSS](7.2.z) Upgrade wildfly-http-ejb-client from 1.0.21.Final to 1.0.22.Final 6. References: https://access.redhat.com/security/cve/CVE-2019-14900 https://access.redhat.com/security/cve/CVE-2020-1695 https://access.redhat.com/security/cve/CVE-2020-1710 https://access.redhat.com/security/cve/CVE-2020-1748 https://access.redhat.com/security/cve/CVE-2020-6950 https://access.redhat.com/security/cve/CVE-2020-8840 https://access.redhat.com/security/cve/CVE-2020-9546 https://access.redhat.com/security/cve/CVE-2020-9547 https://access.redhat.com/security/cve/CVE-2020-9548 https://access.redhat.com/security/cve/CVE-2020-10672 https://access.redhat.com/security/cve/CVE-2020-10673 https://access.redhat.com/security/cve/CVE-2020-10683 https://access.redhat.com/security/cve/CVE-2020-10687 https://access.redhat.com/security/cve/CVE-2020-10693 https://access.redhat.com/security/cve/CVE-2020-10714 https://access.redhat.com/security/cve/CVE-2020-10718 https://access.redhat.com/security/cve/CVE-2020-10740 https://access.redhat.com/security/cve/CVE-2020-14297 https://access.redhat.com/security/cve/CVE-2020-14307 https://access.redhat.com/security/updates/classification#important https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.2 https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/index 7. Contact: The Red Hat security contact is .More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX1YwztzjgjWX9erEAQhFBRAApxRyoGhD7PzD7TQF2NOTcSoPWkjzbn3U McWeQQ2t07dphjCP3naI14FHkfJ6Gt6qHRluyRlJiZA9A66TrZEYb+hfSDP4wlvl 5l1vnCEVKLRs4hOX7/+bTKtXAgbEj2r2py9XLCfCQOem4lAOC3Hur+HCFa+pG1fl wHE7zFUsAoRH5yST8bXyN5PMJqQPILMExBojVBwZOEqUBXXrwdJuui2bjPylJ2ny i3bhhFbQV5pck9D4EjDCVKYqp0y1x0T1At+8yD70L2R+vLUemMrgIo2Qaii1Mf5U Tvya9vDrqtFbpNxaLW6J0dktn7HwFnKvIrVCaKGncg4mTYJRJTams/83Y6wBLKd9 eln6M8yyU8mjMpekSAHwrjDTm/BM+9hFL5u8QJECn8rU8/LfLKzLW0O9qV5AgECp GHQi7eUAw6XNUf68NaFRF8ZA2HojrSvdU/n+zWavfig5oYeqml5VoPKzq1kbt1HE IzLq7rW92FGO375XEqPTOs7vmZun8CwMOy0i5opkj3/RTjofig7DJfMIJKMhigGj R5GXPkTzomsaxPZIcBsQ0guYduKLyVrE9+a3M4/qoVjL5nSs15Il6c1aef/MNq71 RkB/DbHx7oxn2N6kPTXgtVFlVrBEKGZkxSTKoRdfixAm4unIgcUCLQ5B3ThOVxn6 IcZ+IbS6llY=ikt+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 07, 2020
•Important
Red Hat
98
security advisoryupdatered hatRed Hat JBoss EAP 7.2.9 Security Update RHSA-2020:3639-01 Important
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 8 security update Advisory ID: RHSA-2020:3639-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:3639 Issue date: 2020-09-07 CVE Names: CVE-2019-14900 CVE-2020-1695 CVE-2020-1710 CVE-2020-1748 CVE-2020-6950 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10672 CVE-2020-10673 CVE-2020-10683 CVE-2020-10687 CVE-2020-10693 CVE-2020-10714 CVE-2020-10718 CVE-2020-10740 CVE-2020-14297 CVE-2020-14307 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.2 for RHEL 8 - noarch 3. Description: This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancementsincluded in this release. Security Fix(es): * jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547) * jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840) * jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548) * jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672) * jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673) * jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546) * undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710) * wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687) * jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950) * resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695) * wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714) * dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683) * wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748) * hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693) * hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900) * wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718) • wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740) * jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307) * jboss-ejb-client: wildfly: Some EJB transaction objects may get accumulatedcausing Denial of Service (CVE-2020-14297) For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM 1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1785049 - CVE-2020-10687 Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests 1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230 1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1825714 - CVE-2020-10714 wildfly-elytron: session fixation whenusing FORM authentication 1828476 - CVE-2020-10718 wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API 1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans 1851327 - CVE-2020-14307 wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service 1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service 6. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): JBEAP-18366 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.15 to 5.3.16 JBEAP-18667 - [GSS](7.2.z) Upgrade wildfly-http-client from 1.0.20.Final-redhat-00001 to 1.0.21.Final-redhat-00001 JBEAP-18849 - [GSS](7.2.z) Upgrade RESTEasy from 3.6.1.SP8 to 3.6.1.SP9 JBEAP-18880 - [GSS](7.2.z) Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00009 to 2.3.5.SP4-redhat-00001 JBEAP-18906 - [GSS](7.2.z) Upgrade weld from 3.0.6.Final-redhat-00003 to 3.0.7.Final-redhat-00001 JBEAP-18919 - [GSS](7.2.z) Upgrade HAL from 3.0.21.Final to 3.0.22.Final JBEAP-18965 - (7.2.z) Upgrade IronJacamar from 1.4.20.Final to 1.4.21.Final JBEAP-19040 - Tracker bug for the EAP 7.2.9 release for RHEL-8 JBEAP-19058 - [GSS] (7.2.z) Upgrade Undertow from 2.0.30.SP1-redhat-00001 to 2.0.30.SP2-redhat-00001 JBEAP-19120 - [GSS](7.2.z) Upgrade org.jboss.genericjms from 2.0.2.Final-redhat-00001 to 2.0.4.Final-redhat-00001 JBEAP-19163 - [GSS](7.2.z) Upgrade Infinispan from 9.3.8.Final-redhat-00001 to 9.3.9.Final-redhat-00001 JBEAP-19255 - (7.2.z) Upgrade jboss-logmanager from 2.1.14.Final to 2.1.15.Final JBEAP-19271 - (7.2.z) Upgrade WildFly Core from 6.0.27.Final-redhat-00001 to 6.0.28.Final-redhat-00001 JBEAP-19315 - [GSS](7.2.z) Upgrade XNIO from 3.7.6.SP2 to 3.7.6.SP3 JBEAP-19463 - (7.2.z) Upgrade wildfly-transaction-client from 1.1.10.Final-redhat-00001 to 1.1.11.Final-redhat-00001 JBEAP-19565 - (7.2.z) Upgrade jboss-ejb-client from 4.0.31.Final-redhat-00001 to 4.0.33.Final-redhat-00001 JBEAP-19587 - [GSS](7.2.z) Upgradeorg.jboss.genericjms from 2.0.2.Final-redhat-00001 to 2.0.6.Final-redhat-00001 JBEAP-19620 - (7.2.z) Upgrade JBoss JSF API from 2.3.5.SP2-redhat-00003 to 2.3.5.SP2-redhat-00005 JBEAP-19624 - (7.2.z) Upgrade wildfly-naming-client from 1.0.12.Final-redhat-00001 to 1.0.13.Final-redhat-00001 JBEAP-19703 - [GSS](7.2.z) Upgrade JBoss Modules from 1.8.9 to 1.8.10 JBEAP-19704 - (7.2.z) Upgrade WildFly Core from 6.0.28.Final-redhat-00001 to 6.0.29.Final-redhat-00001 JBEAP-19798 - [GSS](7.2.z) Upgrade HAL from 3.0.22.Final to 3.0.23.Final JBEAP-19837 - (7.2.z) Upgrade WildFly Core from 6.0.29.Final-redhat-00001 to 6.0.30.Final-redhat-00001 JBEAP-19875 - [GSS](7.2.z) Upgrade wildfly-http-ejb-client from 1.0.21.Final to 1.0.22.Final 7. Package List: Red Hat JBoss EAP 7.2 for RHEL8: Source: eap7-dom4j-2.1.3-1.redhat_00001.1.el8eap.src.rpm eap7-elytron-web-1.2.5-1.Final_redhat_00001.1.el8eap.src.rpm eap7-glassfish-jsf-2.3.5-13.SP3_redhat_00011.1.el8eap.src.rpm eap7-hal-console-3.0.23-1.Final_redhat_00001.1.el8eap.src.rpm eap7-hibernate-5.3.17-1.Final_redhat_00001.1.el8eap.src.rpm eap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el8eap.src.rpm eap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jackson-databind-2.9.10.4-1.redhat_00001.1.el8eap.src.rpm eap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-jsf-api_2.3_spec-2.3.5-7.SP2_redhat_00005.1.el8eap.src.rpm eap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-modules-1.8.10-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-server-migration-1.3.1-13.Final_redhat_00014.1.el8eap.src.rpm eap7-jboss-xnio-base-3.7.6-4.SP3_redhat_00001.1.el8eap.src.rpm eap7-resteasy-3.6.1-10.SP9_redhat_00001.1.el8eap.src.rpm eap7-undertow-2.0.30-4.SP4_redhat_00001.1.el8eap.src.rpm eap7-weld-core-3.0.6-4.Final_redhat_00004.1.el8eap.src.rpm eap7-wildfly-7.2.9-4.GA_redhat_00003.1.el8eap.src.rpm eap7-wildfly-elytron-1.6.8-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-http-client-1.0.22-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-transaction-client-1.1.11-1.Final_redhat_00001.1.el8eap.src.rpm noarch: eap7-dom4j-2.1.3-1.redhat_00001.1.el8eap.noarch.rpm eap7-glassfish-jsf-2.3.5-13.SP3_redhat_00011.1.el8eap.noarch.rpm eap7-hal-console-3.0.23-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-5.3.17-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-core-5.3.17-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-entitymanager-5.3.17-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-envers-5.3.17-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-java8-5.3.17-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-validator-cdi-6.0.20-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-common-api-1.4.22-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-common-impl-1.4.22-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-common-spi-1.4.22-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-core-api-1.4.22-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-core-impl-1.4.22-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-deployers-common-1.4.22-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-jdbc-1.4.22-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-validator-1.4.22-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jackson-databind-2.9.10.4-1.redhat_00001.1.el8eap.noarch.rpm eap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-jsf-api_2.3_spec-2.3.5-7.SP2_redhat_00005.1.el8eap.noarch.rpm eap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-modules-1.8.10-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-server-migration-1.3.1-13.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-cli-1.3.1-13.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-core-1.3.1-13.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.3.1-13.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.2-1.3.1-13.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.3.1-13.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.0-to-eap7.2-1.3.1-13.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.3.1-13.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.1-to-eap7.2-1.3.1-13.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.3.1-13.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.3.1-13.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-to-eap7.2-1.3.1-13.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.3.1-13.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-to-eap7.2-1.3.1-13.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.3.1-13.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-to-eap7.2-1.3.1-13.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.3.1-13.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-to-eap7.2-1.3.1-13.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.3.1-13.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.3.1-13.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.3.1-13.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-to-eap7.2-1.3.1-13.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.3.1-13.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-to-eap7.2-1.3.1-13.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-xnio-base-3.7.6-4.SP3_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-3.6.1-10.SP9_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-atom-provider-3.6.1-10.SP9_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-cdi-3.6.1-10.SP9_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-client-3.6.1-10.SP9_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-client-microprofile-3.6.1-10.SP9_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-crypto-3.6.1-10.SP9_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-jackson-provider-3.6.1-10.SP9_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-jackson2-provider-3.6.1-10.SP9_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-jaxb-provider-3.6.1-10.SP9_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-jaxrs-3.6.1-10.SP9_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-jettison-provider-3.6.1-10.SP9_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-jose-jwt-3.6.1-10.SP9_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-jsapi-3.6.1-10.SP9_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-json-binding-provider-3.6.1-10.SP9_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-json-p-provider-3.6.1-10.SP9_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-multipart-provider-3.6.1-10.SP9_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-rxjava2-3.6.1-10.SP9_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-spring-3.6.1-10.SP9_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-validator-provider-11-3.6.1-10.SP9_redhat_00001.1.el8eap.noarch.rpm eap7-resteasy-yaml-provider-3.6.1-10.SP9_redhat_00001.1.el8eap.noarch.rpm eap7-undertow-2.0.30-4.SP4_redhat_00001.1.el8eap.noarch.rpm eap7-undertow-server-1.2.5-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-weld-core-3.0.6-4.Final_redhat_00004.1.el8eap.noarch.rpm eap7-weld-core-impl-3.0.6-4.Final_redhat_00004.1.el8eap.noarch.rpm eap7-weld-core-jsf-3.0.6-4.Final_redhat_00004.1.el8eap.noarch.rpm eap7-weld-ejb-3.0.6-4.Final_redhat_00004.1.el8eap.noarch.rpm eap7-weld-jta-3.0.6-4.Final_redhat_00004.1.el8eap.noarch.rpm eap7-weld-probe-core-3.0.6-4.Final_redhat_00004.1.el8eap.noarch.rpm eap7-weld-web-3.0.6-4.Final_redhat_00004.1.el8eap.noarch.rpm eap7-wildfly-7.2.9-4.GA_redhat_00003.1.el8eap.noarch.rpm eap7-wildfly-elytron-1.6.8-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-client-common-1.0.22-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-ejb-client-1.0.22-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-naming-client-1.0.22-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-transaction-client-1.0.22-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-javadocs-7.2.9-4.GA_redhat_00003.1.el8eap.noarch.rpm eap7-wildfly-modules-7.2.9-4.GA_redhat_00003.1.el8eap.noarch.rpm eap7-wildfly-transaction-client-1.1.11-1.Final_redhat_00001.1.el8eap.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 8.References: https://access.redhat.com/security/cve/CVE-2019-14900 https://access.redhat.com/security/cve/CVE-2020-1695 https://access.redhat.com/security/cve/CVE-2020-1710 https://access.redhat.com/security/cve/CVE-2020-1748 https://access.redhat.com/security/cve/CVE-2020-6950 https://access.redhat.com/security/cve/CVE-2020-8840 https://access.redhat.com/security/cve/CVE-2020-9546 https://access.redhat.com/security/cve/CVE-2020-9547 https://access.redhat.com/security/cve/CVE-2020-9548 https://access.redhat.com/security/cve/CVE-2020-10672 https://access.redhat.com/security/cve/CVE-2020-10673 https://access.redhat.com/security/cve/CVE-2020-10683 https://access.redhat.com/security/cve/CVE-2020-10687 https://access.redhat.com/security/cve/CVE-2020-10693 https://access.redhat.com/security/cve/CVE-2020-10714 https://access.redhat.com/security/cve/CVE-2020-10718 https://access.redhat.com/security/cve/CVE-2020-10740 https://access.redhat.com/security/cve/CVE-2020-14297 https://access.redhat.com/security/cve/CVE-2020-14307 https://access.redhat.com/security/updates/classification#important https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.2 https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/index 9. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBX1Ywh9zjgjWX9erEAQiVaQ/+PM2ToYZylyb+ktXUaNjLgOmrTPpRT9sq AlpygJ6e2JyhU2o4N1MW74pl8fwuT4Atg3vIJlCXwS6e5OqY1/e3ijLKsl+4LCRV VeYvHoZ/hyOXn+TG2PbpBqh7soy8YJxNEebkBpbsZhtvvAJZngLPIJv0ORS3SGK+ K0QcN7r2tIFd3v/ZUfW40vVwTbtziRWBJ/Y1MmP84DhaeZ3ksj5AR7tV/xWc1lBC mIGEOBypmXo/+72h113kaKTTekL83qwYb4z4ejRz6mVggpHdJTd3oVDxTy32KFJ/ Ev3R9RJspPuVJ/VbxU9XfhpS1YFBqa4P0/GSDEZqzhPlSktYhnq+zjCHx+tCCpEs Xsa4caKbgCEub4f9+HIrvzlhkAbR4NYG0q4ePC0txWnV/tfZTW+lRFx+3HY31jPp QmCDN0VhIH4lXVS1Se5uFCyIrAkO0JHd+Si4v1yjJumniCrTuf57q5e5IadVm+mt oMyrJSCIoRsv84FNtta7Dc/tpTU8BY8cD8JF4D9rgFO+4KRKh/Zr0/5/vk8MZoGx hPrebqVVQCiXk/YIjwKoO3VMo9XsxzrOMKSpfAjyz3+S6305vzwNRSJRT4liRxiW cCTfd4gfFCjcQsJAHqSwTxjWrE7NxWDPICE+DrMDZ1tII1QIJ2DvvK+QqwhaAmw5 E53LD/ndIVM=u2CZ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 07, 2020
•Important
Red Hat
98
security advisoryRed HatimportantRed Hat JBoss: Important Security Update RHSA-2020-2779-01 for Apps
An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 6.4.23 security update Advisory ID: RHSA-2020:2779-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:2779 Issue date: 2020-07-01 CVE Names: CVE-2019-14885 CVE-2020-1938 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server - noarch 3. Description: Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.22, and includes bug fixes and enhancements, which are documented in the Release Notes document listed in the References section. Security Fix(es): * jbossweb: tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938) * JBoss EAP: Vault system property security attribute value is revealed on CLI 'reload' command (CVE-2019-14885) For more details about the security issue(s),including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 5 are advised to upgrade to these updated packages. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258 You must restart the JBoss server process for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1700855 - [GSS](6.4.z) Upgrade HornetQ from 2.3.25.SP29 to 2.3.25.SP31 1708467 - [GSS](6.4.z) Upgrade Remoting JMX from 1.1.3 to 1.1.4 1710433 - Tracker bug for the EAP 6.4.23 release for RHEL-6. 1770615 - CVE-2019-14885 JBoss EAP: Vault system property security attribute value is revealed on CLI 'reload' command 1772542 - [GSS](6.4.z) Upgrade Mojarra from 1.2.15.b01-SP2 to 1.2.15.b01-SP2-redhat-2 1806398 - CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability 1816579 - [GSS](6.4.z) Upgrade IronJacamar from 1.0.43.Final-redhat-1 to 1.0.44.Final-redhat-1 1816629 - [GSS](6.4.z) Upgrade Weld from 1.1.34 to 1.1.34.Final-redhat-2 1819214 - (6.4.z) Update JBOSGI Core Repository from 2.1.0.Final-redhat-2 to 2.1.0.Final-redhat-3 6. Package List: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6Server: Source: glassfish-jsf12-eap6-1.2.15-11.b01_SP2_redhat_2.1.ep6.el6.src.rpm hornetq-2.3.25-29.SP31_redhat_00001.1.ep6.el6.src.rpm ironjacamar-eap6-1.0.44-1.Final_redhat_00001.1.ep6.el6.src.rpm jbosgi-repository-2.1.0-3.Final_redhat_3.1.ep6.el6.src.rpm jboss-as-appclient-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-cli-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-client-all-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-clustering-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-cmp-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-configadmin-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-connector-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-controller-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-controller-client-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-core-security-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-deployment-repository-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-deployment-scanner-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-domain-http-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-domain-management-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-ee-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-ee-deployment-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-ejb3-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-embedded-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-host-controller-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-jacorb-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-jaxr-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-jaxrs-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-jdr-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-jmx-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-jpa-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-jsf-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-jsr77-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-logging-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-mail-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-management-client-content-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-messaging-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-modcluster-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-naming-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-network-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-osgi-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-osgi-configadmin-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-osgi-service-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-picketlink-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-platform-mbean-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-pojo-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-process-controller-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-protocol-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-remoting-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-sar-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-security-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-server-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-system-jmx-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-threads-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-transactions-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-version-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-web-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-webservices-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-weld-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-as-xts-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jboss-remoting3-jmx-1.1.4-2.Final_redhat_00001.1.ep6.el6.src.rpm jbossas-appclient-7.5.23-4.Final_redhat_00002.1.ep6.el6.src.rpm jbossas-bundles-7.5.23-4.Final_redhat_00002.1.ep6.el6.src.rpm jbossas-core-7.5.23-4.Final_redhat_00002.1.ep6.el6.src.rpm jbossas-domain-7.5.23-4.Final_redhat_00002.1.ep6.el6.src.rpm jbossas-javadocs-7.5.23-2.Final_redhat_00002.1.ep6.el6.src.rpm jbossas-modules-eap-7.5.23-3.Final_redhat_00002.1.ep6.el6.src.rpm jbossas-product-eap-7.5.23-4.Final_redhat_00002.1.ep6.el6.src.rpm jbossas-standalone-7.5.23-4.Final_redhat_00002.1.ep6.el6.src.rpm jbossas-welcome-content-eap-7.5.23-4.Final_redhat_00002.1.ep6.el6.src.rpm jbossweb-7.5.31-1.Final_redhat_1.1.ep6.el6.src.rpm weld-core-1.1.34-2.Final_redhat_2.1.ep6.el6.src.rpm noarch: glassfish-jsf12-eap6-1.2.15-11.b01_SP2_redhat_2.1.ep6.el6.noarch.rpm hornetq-2.3.25-29.SP31_redhat_00001.1.ep6.el6.noarch.rpm ironjacamar-common-api-eap6-1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch.rpm ironjacamar-common-impl-eap6-1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch.rpm ironjacamar-common-spi-eap6-1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch.rpm ironjacamar-core-api-eap6-1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch.rpm ironjacamar-core-impl-eap6-1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch.rpm ironjacamar-deployers-common-eap6-1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch.rpm ironjacamar-eap6-1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch.rpm ironjacamar-jdbc-eap6-1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch.rpm ironjacamar-spec-api-eap6-1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch.rpm ironjacamar-validator-eap6-1.0.44-1.Final_redhat_00001.1.ep6.el6.noarch.rpm jbosgi-repository-2.1.0-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-appclient-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-cli-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-client-all-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-clustering-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-cmp-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-configadmin-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-connector-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-controller-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-controller-client-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-core-security-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-deployment-repository-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-deployment-scanner-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-domain-http-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-domain-management-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-ee-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-ee-deployment-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-ejb3-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-embedded-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-host-controller-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-jacorb-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-jaxr-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-jaxrs-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-jdr-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-jmx-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-jpa-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-jsf-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-jsr77-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-logging-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-mail-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-management-client-content-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-messaging-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-modcluster-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-naming-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-network-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-osgi-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-osgi-configadmin-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-osgi-service-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-picketlink-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-platform-mbean-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-pojo-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-process-controller-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-protocol-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-remoting-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-sar-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-security-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-server-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-system-jmx-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-threads-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-transactions-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-version-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-web-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-webservices-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-weld-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-as-xts-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jboss-remoting3-jmx-1.1.4-2.Final_redhat_00001.1.ep6.el6.noarch.rpm jbossas-appclient-7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch.rpm jbossas-bundles-7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch.rpm jbossas-core-7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch.rpm jbossas-domain-7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch.rpm jbossas-javadocs-7.5.23-2.Final_redhat_00002.1.ep6.el6.noarch.rpm jbossas-modules-eap-7.5.23-3.Final_redhat_00002.1.ep6.el6.noarch.rpm jbossas-product-eap-7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch.rpm jbossas-standalone-7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch.rpm jbossas-welcome-content-eap-7.5.23-4.Final_redhat_00002.1.ep6.el6.noarch.rpm jbossweb-7.5.31-1.Final_redhat_1.1.ep6.el6.noarch.rpm weld-core-1.1.34-2.Final_redhat_2.1.ep6.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2019-14885 https://access.redhat.com/security/cve/CVE-2020-1938 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXvxwftzjgjWX9erEAQibAw/+PpYc4glrVXPR8k43JwC659r37Ke9Swu/ I2Wwebn8/Vycc5gL4/D9T+tJHUus3oG0icxk9BbOBhXSLqQ3mFp/jb1iD+ek7/Nz Pd3H1dlWShiMGVgdfz9dbQ2II3e2BnCN70s15IBVdVuVyT2QE07HvNhiAV9no/vq 59TMKnhrkbUMZWtKsKoEazRDGkcpYMJ74gFpxLe7ddX3p70mJyueOlSNPkUgc4y7 Zk0j37L1VLQLYW8K8UOl7jzU2aU3fY61zvEG4LxMLxlGroCOH9IhLJwH5lHkZDa5 MBQSc0cgYujj5Ca9bLWH6P2xKtbfwk8dUXqT6J75iEdYS7y5CE6Zv8BBKgicUSYG gT/TAuqdSdWdid53j+y6UjRsmXkLHjPXNx97cUngljGoi0CQB1ku1+oxf/sqiwtU ARmDJszchBuzMOyZY59/rA7+Bn16ImziIlqiBhv9r40XVuQXPniUwU2YGa/NwsMU VjYC60Qv+O2iwC1L8yiE9lTn4ld8DRg1q+nVl5Dv0ScLGmKmZX3O+REI3Gd3uhkB o9V8+JZ8gklnhpPPMWoww+K1yPa8L38CR/BJvBXWkQO66aetYEX8nKFW6OHcFRYx 8t3xZoSwwkzbvNa0snjMZTMr+JABHziyjJ5wOyKcXwVt1M8iP+IpOfrfifKCnaCH g/9ny9hE/ls=z+kP -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jul 01, 2020
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!