Alerts This Week
Warning Icon 1 697
Alerts This Week
Warning Icon 1 697

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":547,"type":"x","order":1,"pct":78.48,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.88,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.34,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 16 articles for you...
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorysecurity updateimportant

Red Hat: RHSA-2022-6821-01 Important: JBoss EAP DoS Threats

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.4.7 Security update Advisory ID: RHSA-2022:6821-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:6821 Issue date: 2022-10-05 CVE Names: CVE-2022-1259 CVE-2022-2053 CVE-2022-25857 ==================================================================== 1. Summary: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.4 for RHEL 7 Server - noarch, x86_64 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.6, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.7 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * undertow: Large AJP request may cause DoS (CVE-2022-2053) * undertow: potential security issue in flow control over HTTP/2 may lead to DOS. Incomplete fix forCVE-2021-3629 (CVE-2022-1259) * snakeyaml: Denial of Service due missing to nested depth limitation for collections. (CVE-2022-25857) 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2072339 - CVE-2022-1259 undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629) 2095862 - CVE-2022-2053 undertow: Large AJP request may cause DoS 2126789 - CVE-2022-25857 snakeyaml: Denial of Service due to missing nested depth limitation for collections 6. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): JBEAP-23618 - Tracker bug for the EAP 7.4.7 release for RHEL-7 JBEAP-23687 - [GSS](7.4.z) Upgrade Ironjacamar from 1.5.3.SP1-redhat-00001 to 1.5.3.SP2-redhat-00001 JBEAP-23738 - (7.4.z) Upgrade jastow from 2.0.9.Final-redhat-00001 to 2.0.11.Final-redhat-00001 JBEAP-23741 - [GSS](7.4.z) Upgrade Undertow from 2.2.18.SP2-redhat-00001 to 2.2.19.SP2-redhat-00001 JBEAP-23753 - (7.4.z) Upgrade HAL from 3.3.13.Final-redhat-00001 to 3.3.14.Final-redhat-00001 JBEAP-23772 - [GSS](7.4.z) Upgrade Mojarra from 2.3.14.SP05-redhat-00001 to 2.3.14.SP06-redhat-00001 JBEAP-23794 - (7.4.z) Upgrade Elytron from 1.15.13.Final-redhat-00001 to 1.15.14.Final-redhat-00001 JBEAP-23802 - (7.4.z) Upgrade WildFly Core from 15.0.15.Final-redhat-00001 to 15.0.17.Final-redhat-00001 JBEAP-23803 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00042 to 2.16.0.redhat-00045 JBEAP-23805 - (7.4.z) Upgrade jboss-ejb-client from 4.0.44.Final-redhat-00001 to 4.0.45.Final-redhat-00001 JBEAP-23816 - (7.4.z) Upgrade RESTEasy from 3.15.3.Final-redhat-00001 to 3.15.4.Final-redhat-00001 JBEAP-23818 - [GSS](7.4.z) WFLY-16607 - Application deployment fails with EJB components in EAP 7.4 Update 5 and works fine with Update 1 JBEAP-23869 - [GSS](7.4.z) Upgrade JBoss VFS from 3.2.16.Final-redhat-00001 to3.2.17.Final-redhat-00001 JBEAP-23881 - [GSS](7.4.z) Upgrade Hibernate ORM from 5.3.27.Final-redhat-00001 to 5.3.28.Final-redhat-00001 JBEAP-23912 - (7.4.z) Upgrade WildFly Core from 15.0.17.Final-redhat-00001 to 15.0.18.Final-redhat-00001 7. Package List: Red Hat JBoss EAP 7.4 for RHEL 7Server: Source: eap7-activemq-artemis-2.16.0-10.redhat_00045.1.el7eap.src.rpm eap7-glassfish-jsf-2.3.14-5.SP06_redhat_00001.1.el7eap.src.rpm eap7-hal-console-3.3.14-1.Final_redhat_00001.1.el7eap.src.rpm eap7-hibernate-5.3.28-1.Final_redhat_00001.1.el7eap.src.rpm eap7-ironjacamar-1.5.3-3.SP2_redhat_00001.1.el7eap.src.rpm eap7-jboss-ejb-client-4.0.45-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-server-migration-1.10.0-20.Final_redhat_00019.1.el7eap.src.rpm eap7-jboss-vfs-3.2.17-1.Final_redhat_00001.1.el7eap.src.rpm eap7-netty-4.1.77-3.Final_redhat_00001.1.el7eap.src.rpm eap7-netty-tcnative-2.0.52-3.Final_redhat_00001.1.el7eap.src.rpm eap7-netty-transport-native-epoll-4.1.77-3.Final_redhat_00001.1.el7eap.src.rpm eap7-resteasy-3.15.4-1.Final_redhat_00001.1.el7eap.src.rpm eap7-snakeyaml-1.31.0-1.redhat_00001.1.el7eap.src.rpm eap7-undertow-2.2.19-1.SP2_redhat_00001.1.el7eap.src.rpm eap7-undertow-jastow-2.0.11-1.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-7.4.7-3.GA_redhat_00003.1.el7eap.src.rpm eap7-wildfly-elytron-1.15.14-1.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-http-client-1.1.13-1.SP1_redhat_00001.1.el7eap.src.rpm noarch: eap7-activemq-artemis-2.16.0-10.redhat_00045.1.el7eap.noarch.rpm eap7-activemq-artemis-cli-2.16.0-10.redhat_00045.1.el7eap.noarch.rpm eap7-activemq-artemis-commons-2.16.0-10.redhat_00045.1.el7eap.noarch.rpm eap7-activemq-artemis-core-client-2.16.0-10.redhat_00045.1.el7eap.noarch.rpm eap7-activemq-artemis-dto-2.16.0-10.redhat_00045.1.el7eap.noarch.rpm eap7-activemq-artemis-hornetq-protocol-2.16.0-10.redhat_00045.1.el7eap.noarch.rpm eap7-activemq-artemis-hqclient-protocol-2.16.0-10.redhat_00045.1.el7eap.noarch.rpm eap7-activemq-artemis-jdbc-store-2.16.0-10.redhat_00045.1.el7eap.noarch.rpm eap7-activemq-artemis-jms-client-2.16.0-10.redhat_00045.1.el7eap.noarch.rpm eap7-activemq-artemis-jms-server-2.16.0-10.redhat_00045.1.el7eap.noarch.rpm eap7-activemq-artemis-journal-2.16.0-10.redhat_00045.1.el7eap.noarch.rpm eap7-activemq-artemis-ra-2.16.0-10.redhat_00045.1.el7eap.noarch.rpm eap7-activemq-artemis-selector-2.16.0-10.redhat_00045.1.el7eap.noarch.rpm eap7-activemq-artemis-server-2.16.0-10.redhat_00045.1.el7eap.noarch.rpm eap7-activemq-artemis-service-extensions-2.16.0-10.redhat_00045.1.el7eap.noarch.rpm eap7-activemq-artemis-tools-2.16.0-10.redhat_00045.1.el7eap.noarch.rpm eap7-glassfish-jsf-2.3.14-5.SP06_redhat_00001.1.el7eap.noarch.rpm eap7-hal-console-3.3.14-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-5.3.28-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-core-5.3.28-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-entitymanager-5.3.28-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-envers-5.3.28-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-java8-5.3.28-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-1.5.3-3.SP2_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-api-1.5.3-3.SP2_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-impl-1.5.3-3.SP2_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-spi-1.5.3-3.SP2_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-api-1.5.3-3.SP2_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-impl-1.5.3-3.SP2_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-deployers-common-1.5.3-3.SP2_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-jdbc-1.5.3-3.SP2_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-validator-1.5.3-3.SP2_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-ejb-client-4.0.45-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-server-migration-1.10.0-20.Final_redhat_00019.1.el7eap.noarch.rpm eap7-jboss-server-migration-cli-1.10.0-20.Final_redhat_00019.1.el7eap.noarch.rpm eap7-jboss-server-migration-core-1.10.0-20.Final_redhat_00019.1.el7eap.noarch.rpm eap7-jboss-vfs-3.2.17-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-all-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-buffer-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-dns-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-haproxy-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-http-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-http2-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-memcache-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-mqtt-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-redis-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-smtp-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-socks-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-stomp-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-xml-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-common-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-handler-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-handler-proxy-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-resolver-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-resolver-dns-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-resolver-dns-classes-macos-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-tcnative-2.0.52-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-classes-epoll-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-classes-kqueue-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-native-unix-common-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-rxtx-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-sctp-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-udt-4.1.77-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-atom-provider-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-cdi-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-client-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-crypto-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jackson-provider-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jackson2-provider-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jaxb-provider-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jaxrs-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jettison-provider-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jose-jwt-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jsapi-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-json-binding-provider-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-json-p-provider-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-multipart-provider-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-rxjava2-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-spring-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-validator-provider-11-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-yaml-provider-3.15.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-snakeyaml-1.31.0-1.redhat_00001.1.el7eap.noarch.rpm eap7-undertow-2.2.19-1.SP2_redhat_00001.1.el7eap.noarch.rpm eap7-undertow-jastow-2.0.11-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-7.4.7-3.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wildfly-elytron-1.15.14-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-elytron-tool-1.15.14-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-client-common-1.1.13-1.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-ejb-client-1.1.13-1.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-naming-client-1.1.13-1.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-transaction-client-1.1.13-1.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-java-jdk11-7.4.7-3.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wildfly-java-jdk8-7.4.7-3.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wildfly-javadocs-7.4.7-3.GA_redhat_00003.1.el7eap.noarch.rpm eap7-wildfly-modules-7.4.7-3.GA_redhat_00003.1.el7eap.noarch.rpm x86_64: eap7-netty-transport-native-epoll-4.1.77-3.Final_redhat_00001.1.el7eap.x86_64.rpm eap7-netty-transport-native-epoll-debuginfo-4.1.77-3.Final_redhat_00001.1.el7eap.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2022-1259 https://access.redhat.com/security/cve/CVE-2022-2053 https://access.redhat.com/security/cve/CVE-2022-25857 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/ 9. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYz3vktzjgjWX9erEAQgvNQ//RUh4+WGNUN6p8Rm+/FdBq9wHIHnGArNu 9pCaFNRygqw5PeP+vCb1a3gXhaDwh1IynkMYDNRP0J40OVI4E6wUjsTQUNB2Z4K8 PAMPBdQ1AClqPq3z/8ApThtJFHzkLEfWc/4ulF7fcMVObkJpu+2gviizUQkvLvpk 6x1nFec7tKtpsfXwOyt8DgNrGz8GTpOrELHA9+JDunE7YcsFaI7ZiholZswrcor2 o8ZFzu6+fMXaTl99POh9oygwwZyaUSeivGazMwzvdr8vqnHbUu/T9YiRSR4iPsWd 0uzcuLY8w596nKvWCCBPGcOvYFVoq0AqsYw3zA+cIKh/h7VDcZDe0FAPOGVOVAVU lA/d/SSOG7eJqZuNZ/bJPXbSpx540IScmw4SpN8gMa1hwbg98RHr8a/piPPnDlIy 11bKNCc/++CCNZbWF9ajESzDCbiQg8HDTX2v0y1Fe4SdstzewcVAhiAYserBv+9w DUj7E7lJgfaWpjXe051gqC/qm6bCzK9mKFQFsoU65zK57+snX0KAMvdGG2JhMMF4 D8L7yBP/g09v9REJw74sAs/IFCp0t8eddZF5ig9lxQd9exx5wTgcQ+gSIN5zgg83 mbVG3oMybYNxS6f3eqXCd+bVofOlDK3CDsx3acEKCU8R6DsYzJ5OFALio6LFiFHo 3ekpF6MFU3E=11j2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Oracle unveils a significant patch for WebLogic Server 14.1, tackling severe vulnerabilities.. JBossSecurity Update, Red Hat Advisory, JBoss Application Security, Red Hat EAP Threats. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Oct 05, 2022 Important Red Hat
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorysecurity updateimportant

Red Hat: RHSA-2022-1520 Important: OpenSSL Patch For JBoss Web Server

Red Hat JBoss Web Server 5.6.2 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Web Server 5.6.2 Security Update Advisory ID: RHSA-2022:1520-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2022:1520 Issue date: 2022-05-02 CVE Names: CVE-2022-0778 ==================================================================== 1. Summary: Red Hat JBoss Web Server 5.6.2 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.6.2 serves as a replacement for Red Hat JBoss Web Server 5.6.1. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Security Fix(es): * openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, referto the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. 4. Bugs fixed (https://bugzilla.redhat.com/): 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates 5. References: https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/updates/classification#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYnAFU9zjgjWX9erEAQgXghAAp7E3uXUvNjzQ0/72xPBUGZSmWe2CGXZq uI+GlNGISAw+tWmcFwZ7XP8aTZlhsHvqL9ovnJo5c1eQm1eNLWNtjG7j7zsDsreR yO+55/HhOoy/uEp+BwFJzPqtBnCA3oUT1HnTrg6S6SnO2X7aBiE/Ex5SEs4wD2Cd 3mGR+qCxWGsZDlQZiWfWINpm+8WRJ0dwHx11LsyFoL+Ut1WpXDSiRfy8H8Phr2Uf USGQGC/X3dG0hVbov5ZjOLxUw1ncEpVKEgECa7xAP3C0etWeUcdY1N3EyoSGKreO XuNjBHIBZuEtpAILG4rR7NEHQSHnkvcYEen2nC2EYVsG0XU//nifssi0nXKculie lsPoPJJC2kPDAHbGh4/HpVk0X9eLEDL6gnj8sbjLFKfWUucSdpbN73aaP1KOMWfo oby9DgMNjg2GJwfEp1+qUTBPuBnTJav/PsoO9Fxm1JxAzXAPHXSI5fayFL/NgQNK hu6kXtmEY5sh/UEVn21SpeRB2gJuCtaBysWiVRImZwcmzml5VgjYT3ie7z71kAFY dg/RrKD7DDBZwHfPgy0qgSaADiNUldfseXtXkmN5pQog18ABm6VWo/NnZ74aaOoZ oqUKSSyXTCYaWl68FDRx/igzERXs8cgVdhL8m8hDLBPWE0JwjnGRbyrvZBtz20WT OLn2ou+F/cI=PCmM -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://listman.redhat.com/mailman/listinfo/rhsa-announce . The latest release of JBoss Web Server version 5.6.2 by Red Hat features essential security enhancements, updates to dependencies, and important resolved issues.. Red Hat JBoss, Important Security Updates, OpenSSL Patches. . Severity: Important. LinuxSecurity.com Team

Calendar 2 May 02, 2022 Important Red Hat
Banner 2 1028x280 1708121730 1 1771599631
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorysecurity updateimportant

Red Hat JBoss 7.4 Important Advisory: RHSA-2022-0400 Security Update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.4.3 security update Advisory ID: RHSA-2022:0400-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:0400 Issue date: 2022-02-02 CVE Names: CVE-2021-3859 CVE-2021-20318 ==================================================================== 1. Summary: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.4 for RHEL 7 Server - noarch 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.3 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.2, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.3 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * undertow: client side invocation timeout raised when calling over HTTP2 (CVE-2021-3859) * EAP 7: Incomplete fix of CVE-2016-4978 in HornetQ library (CVE-2021-20318) For moredetails about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2010378 - CVE-2021-3859 undertow: client side invocation timeout raised when calling over HTTP2 2010559 - CVE-2021-20318 EAP 7: Incomplete fix of CVE-2016-4978 in HornetQ library 6. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): JBEAP-22100 - (7.4.z) Upgrade galleon-plugins to a 5.1.x version with WFGP-195 fixed JBEAP-22104 - (7.4.z) Upgrade JBoss Classfilewriter from 1.2.4.Final-redhat-00001 to 1.2.5.Final-redhat-00001 JBEAP-22106 - (7.4.z) Upgrade to JBoss Marshalling from 2.0.11.Final-redhat-00001 to 2.0.12.Final-redhat-00001 JBEAP-22108 - (7.4.z) Upgrade to Byteman from 4.0.14 to 4.0.16 JBEAP-22373 - (7.4.z) Upgrade galleon-plugins in wildfly-core-eap from 5.1.0.Final to 5.1.4.Final JBEAP-22505 - [GSS](7.4.z) WFLY-14923 - Update JPA handling to support `initialize-in-order` JBEAP-22575 - (7.4.z) Upgrade mod_cluster from 1.4.3.Final-redhat-00002 to 1.4.4.Final JBEAP-22582 - (7.4.z) Upgrade WildFly Core from 15.0.5.Final-redhat-00001 to 15.0.6.Final-redhat-00001 JBEAP-22586 - (7.4.z) Upgrade RESTEasy from 3.15.2.Final-redhat-00001 to 3.15.3.Final-redhat-00001 JBEAP-22587 - (7.4.z) Upgrade Hibernate ORM from 5.3.23.Final-redhat-00001 to 5.3.24.Final-redhat-00001 JBEAP-22590 - (7.4.z) Upgrade Mockito from 2.18.0 to 3.10.0 JBEAP-22609 - (7.4.z) Upgrade XNIO from 3.8.4.Final-redhat-00001 to 3.8.5.SP1-redhat-00001 JBEAP-22641 - Tracker bug for the EAP 7.4.3 release for RHEL-7 JBEAP-22668 - (7.4.z) Upgrade Elytron from 1.15.6.Final-redhat-00001 to 1.15.9.Final JBEAP-22679 -[GSS](7.4.z) UNDERTOW-1984 - GOAWAY sent by HTTP2 server when a RST is sent after upgrade JBEAP-22692 - (7.4.z) Upgrade Ironjacamar from 1.5.2.Final-redhat-00001 to 1.5.3.Final-redhat-00001 JBEAP-22693 - (7.4.z) Upgrade jboss-ejb-client from 4.0.43.Final-redhat-00001 to 4.0.44.Final-redhat-00001 JBEAP-22740 - (7.4.z) Upgrade jgroups_azure from 1.3.0.Final-redhat-00001 to 1.3.1.Final JBEAP-22754 - (7.4.z) Upgrade azure-storage 8.6.6 JBEAP-22793 - (7.4.z) Update elytron-tool scripts to make use of jboss-modules JBEAP-22822 - (7.4.z) Update ElytronHttpExchange#getRequestURI to no longer use the 7 argument URI constructor JBEAP-22823 - (7.4.z) Upgrade undertow from 2.2.13.SP1 to 2.2.13.SP2 JBEAP-22833 - (7.4.z) Upgrade elytron-web from 1.9.1.Final-redhat-00001 to 1.9.2.Final-redhat-00001 JBEAP-22851 - (7.4.z) Upgrade WildFly Http Client from 1.1.8.Final-redhat-00001 to 1.1.10.Final-redhat-00001 7. Package List: Red Hat JBoss EAP 7.4 for RHEL 7Server: Source: eap7-azure-storage-8.6.6-1.redhat_00001.1.el7eap.src.rpm eap7-elytron-web-1.9.2-2.Final_redhat_00001.1.el7eap.src.rpm eap7-hibernate-5.3.24-1.Final_redhat_00001.1.el7eap.src.rpm eap7-hornetq-2.4.8-1.Final_redhat_00001.1.el7eap.src.rpm eap7-ironjacamar-1.5.3-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-classfilewriter-1.2.5-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-ejb-client-4.0.44-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-marshalling-2.0.12-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-server-migration-1.10.0-13.Final_redhat_00012.1.el7eap.src.rpm eap7-jboss-xnio-base-3.8.5-1.SP1_redhat_00001.1.el7eap.src.rpm eap7-jgroups-4.2.15-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jgroups-azure-1.3.1-1.Final_redhat_00001.1.el7eap.src.rpm eap7-mod_cluster-1.4.4-1.Final_redhat_00001.1.el7eap.src.rpm eap7-resteasy-3.15.3-1.Final_redhat_00001.1.el7eap.src.rpm eap7-undertow-2.2.13-1.SP2_redhat_00001.1.el7eap.src.rpm eap7-wildfly-7.4.3-5.GA_redhat_00002.1.el7eap.src.rpm eap7-wildfly-elytron-1.15.9-2.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-http-client-1.1.10-1.Final_redhat_00001.1.el7eap.src.rpm noarch: eap7-azure-storage-8.6.6-1.redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-5.3.24-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-core-5.3.24-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-entitymanager-5.3.24-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-envers-5.3.24-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-java8-5.3.24-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hornetq-2.4.8-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hornetq-commons-2.4.8-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hornetq-core-client-2.4.8-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hornetq-jms-client-2.4.8-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-api-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-impl-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-spi-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-api-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-impl-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-deployers-common-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-jdbc-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-validator-1.5.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-classfilewriter-1.2.5-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-ejb-client-4.0.44-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-marshalling-2.0.12-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-marshalling-river-2.0.12-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-server-migration-1.10.0-13.Final_redhat_00012.1.el7eap.noarch.rpm eap7-jboss-server-migration-cli-1.10.0-13.Final_redhat_00012.1.el7eap.noarch.rpm eap7-jboss-server-migration-core-1.10.0-13.Final_redhat_00012.1.el7eap.noarch.rpm eap7-jboss-xnio-base-3.8.5-1.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-jgroups-4.2.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jgroups-azure-1.3.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-mod_cluster-1.4.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-atom-provider-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-cdi-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-client-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-crypto-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jackson-provider-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jackson2-provider-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jaxb-provider-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jaxrs-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jettison-provider-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jose-jwt-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jsapi-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-json-binding-provider-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-json-p-provider-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-multipart-provider-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-rxjava2-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-spring-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-validator-provider-11-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-yaml-provider-3.15.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-undertow-2.2.13-1.SP2_redhat_00001.1.el7eap.noarch.rpm eap7-undertow-server-1.9.2-2.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-7.4.3-5.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-elytron-1.15.9-2.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-elytron-tool-1.15.9-2.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-client-common-1.1.10-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-ejb-client-1.1.10-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-naming-client-1.1.10-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-transaction-client-1.1.10-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-java-jdk11-7.4.3-5.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-java-jdk8-7.4.3-5.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-javadocs-7.4.3-5.GA_redhat_00002.1.el7eap.noarch.rpm eap7-wildfly-modules-7.4.3-5.GA_redhat_00002.1.el7eap.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 8.References: https://access.redhat.com/security/cve/CVE-2021-3859 https://access.redhat.com/security/cve/CVE-2021-20318 https://access.redhat.com/security/updates/classification#important https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4 https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index 9. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYfsRV9zjgjWX9erEAQgd2g/+PH98JXIAKYXEm9mbGRHZSE7b41L3szWD JKX4o/m3Cry1bWyXcZDRZpb1WqMLvSoOcjk6qqgtXl6pk5QfdjAxBE7RX2gBA8u7 HypuvLFubaUmNwMYHQWqiT6o0s5tR6dxzKWdWY5AMVYzmDpoliOJljIK+y+wBOQI 1sK0XjL/wVJtnevNmTd3jAD1aP2x7l7Da8/ti/NUhYr1zi+dBzLs/TwVh84aHW6z ojdgurRhzyyFqhecI1tFayiSYPmwwYhEUgju5dIWbb3KU8ow26N8heturH8yOZJ8 HZX2px3S8sbulbV3CvbE8oxp/f8cw2p+NoydtfALO6xsdY32TThU4l1ORNGQWOgj G5+oiZZDduiT3ERp39P5OMUcAQV7HooEE1UpR5dp9CpjqcpH8hbO9tUwIBJJmAKK cVL9pqtH/kPT5IGOE14mvU6Z89SPZ0Gz3ty3pEYzMlt9kj68Lyj8eicBM7nwfMSR dyHs9ZrLXFeA1y6Gt0WVsOlt9Er263X4XvDaHWxsTWSXTCnEdpwd1pFBSTDVck3N eLyN5LgLI0QCFCfqyKHTsuFFnkpnXlSOe0/XH0DnjA07/xWoiG94Xx34WGGsqNb5 DPSOP3rDeeiyVcBmhyuZYeXOfllFQxuEcZompS0O3TTh4bo9ilZkNVc4z2YSrYgh S35s4niI7G4=g6fX -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A recent security patch for Red Hat JBoss EAP 7.4 addresses critical vulnerabilities that may compromise application integrity, urging prompt application for compliance.. Red Hat JBoss Update, Application Security, Enterprise Application Fix, Java Application Platform, JBoss Security Advisory. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Feb 02, 2022 Important Red Hat
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorysecurity updateimportant

Red Hat JBoss Web Server 5.5.1 RHSA-2021-3743-01 Important DoS Issue

Red Hat JBoss Web Server 5.5.1 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Web Server 5.5.1 Security Update Advisory ID: RHSA-2021:3743-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2021:3743 Issue date: 2021-10-06 CVE Names: CVE-2021-41079 ==================================================================== 1. Summary: Red Hat JBoss Web Server 5.5.1 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.5.1 serves as a replacement for Red Hat JBoss Web Server 5.5.0, and includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Security Fix(es): * tomcat: Apache Tomcat DoS with unexpected TLS packet (CVE-2021-41079) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed inthe References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. 4. Bugs fixed (https://bugzilla.redhat.com/): 2004820 - CVE-2021-41079 tomcat: Infinite loop while reading an unexpected TLS packet when using OpenSSL JSSE engine 5. References: https://access.redhat.com/security/cve/CVE-2021-41079 https://access.redhat.com/security/updates/classification#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYV2xyNzjgjWX9erEAQhlDBAAiAjLWb4R1NKboMgE/Tep0TD9By6Bx5PT weKCT4jqHY2wwbwZsZlrqGtp98OiFpPvigZ1TNoUnRAkWpI1SUQNOVS/W7zJant4 DZeukwfyXx8zvEHHjj0PJARQK9ixeMBQzlm+AVMd4F+FpOYKgpnjCez7FozM9JCl HRzYkHlifep+Mzl/Qnpx1pC2jK5bDJChXVaU3YGtjtrEEl8ti2HxuxCaTNMFvVnk hfJ+7wsTjCSFuohPSHV+hx+f0YBlLfQTDfCcnecQ92haZJWG85Akh+d41UMZWgbV O6TWZ/fMcT9vXO2xqKmPRIwJVenuGlaZabySrj3GDQWCnPy/QGcgnqZLK1v7FS+f ysucuFH4qfmr1SLuWqrmhDOd6/6V1xd8xH7jOv2gwcSUsiJOyxkuSiXxaZLG4eP9 u3CvMPlejXL6Qn34rMnVVU/SHfmRt5l1qkmjgJwbjM9OvwqGcbw/q3V/nBcb4w8E IHCfjd2T+35qXH7pRLcMQljpKXHGbeyfe9n9n4fHgYILr5MIzoaKYx80xklKdsN2 6BOGe4sDmxzorDbqf8mYVwoPz4w/WzrrHoauwhMrKDaTziSA4TEyoW/GcfAUqYkn rizSoZsLc2wyLjVhwegApw1H/0rFK0bjvc3EBZJhVQanTb8cTPfidX0Cuwcm+ooz Fl3zdpZjhn4=gCxN -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Crucial security patch released for Red Hat JBoss Web Server 5.5.1 to tackle serious vulnerabilities affecting functionality.. Red Hat JBoss, Web Server Update, Security Patch, Enterprise Linux, DoS Vulnerability. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Oct 06, 2021 Important Red Hat
Banner 2 1028x280 1708121730 1 1771599631
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorydenial of servicebuffer overflow

Red Hat JBoss 7.4 Security Update: RHSA-2021-3658-01 Critical DoS Issues

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.4.1 security update on RHEL 8 Advisory ID: RHSA-2021:3658-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2021:3658 Issue date: 2021-09-23 CVE Names: CVE-2020-13936 CVE-2021-3536 CVE-2021-3597 CVE-2021-3642 CVE-2021-3644 CVE-2021-3690 CVE-2021-21295 CVE-2021-21409 CVE-2021-28170 CVE-2021-29425 ==================================================================== 1. Summary: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.4 for RHEL 8 - noarch 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.0 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.1 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): *velocity: arbitrary code execution when attacker is able to modify templates (CVE-2020-13936) * undertow: buffer leak on incoming websocket PONG message may lead to DoS (CVE-2021-3690) * undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS (CVE-2021-3597) * wildfly-elytron: possible timing attack in ScramServer (CVE-2021-3642) * netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295) * netty: Request smuggling via content-length header (CVE-2021-21409) * jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate (CVE-2021-28170) * apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 (CVE-2021-29425) * wildfly: XSS via admin console when creating roles in domain mode (CVE-2021-3536) * wildfly-core: Invalid Sensitivity Classification of Vault Expression (CVE-2021-3644) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation 1937440 - CVE-2020-13936 velocity: arbitrary code execution when attacker is able to modify templates 1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 1948001 - CVE-2021-3536 wildfly: XSS via admin console when creating roles in domain mode 1948752 - CVE-2021-29425 apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 1965497 - CVE-2021-28170 jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate 1970930 - CVE-2021-3597 undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS 1976052- CVE-2021-3644 wildfly-core: Invalid Sensitivity Classification of Vault Expression 1981407 - CVE-2021-3642 wildfly-elytron: possible timing attack in ScramServer 1991299 - CVE-2021-3690 undertow: buffer leak on incoming websocket PONG message may lead to DoS 6. JIRA issues fixed (https://issues.redhat.com/): JBEAP-18402 - Tracker bug for the EAP 7.4.1 release for RHEL-8 JBEAP-21231 - (7.4.x) Upgrade jgroups-kubernetes to 1.0.16.Final JBEAP-21257 - (7.4.z) Upgrade Infinispan from 11.0.9.Final to 11.0.11.Final JBEAP-21258 - (7.4.z) ISPN-12807 - Simple cache does not update eviction statistics JBEAP-21261 - (7.4.z) Upgrade to wildfly-http-client to 1.1.7.Final JBEAP-21263 - [GSS](7.4.z) Upgrade yasson from 1.0.5 to 1.0.9 JBEAP-21270 - [GSS] (7.4.z) Upgrade undertow from 2.2.5.Final to 2.2.8.SP1 JBEAP-21276 - [GSS](7.4.z) Non Transactional Cache needs to be invalidated after commit on JPQL update/delete operation JBEAP-21277 - [GSS](7.4.z) Upgrade Hibernate ORM from 5.3.20.Final-redhat-00001 to 5.3.20.SP1-redhat-00001 JBEAP-21281 - (7.4.z) Upgrade xalan from 2.7.1.redhat-12 to 2.7.1.redhat-13 JBEAP-21300 - (7.4.x) Upgrade velocity from 2.2.0.redhat-00001 to 2.3.0.redhat-00001 JBEAP-21309 - (7.4.z) Upgrade artemis-wildfly-integration from 1.0.2 to 1.0.4 JBEAP-21313 - [GSS](7.4.z) Upgrade Ironjacamar from 1.4.27.Final to 1.4.33.Final JBEAP-21472 - (7.4.z) Upgrade Elytron from 1.15.3.Final-redhat-00001 to 1.15.5.Final-redhat-00001 JBEAP-21569 - [GSS](7.4.z) Upgrade HAL from 3.3.2.Final-redhat-00001 to 3.3.7.Final-redhat-00001 JBEAP-21777 - (7.4.z) Upgrade jberet from 1.3.7.Final-redhat-00001 to 1.3.8.Final-redhat-00001 JBEAP-21781 - [GSS](7.4.z) WFCORE-5185 - Update ProviderDefinition to use optimised service loading API JBEAP-21818 - (7.4.z) Upgrade elytron-web from 1.6.2.Final-redhat-00001 to 1.9.1.Final JBEAP-21961 - (7.4.z) Upgrade remoting from 5.0.20.SP1-redhat-00001 to 5.0.23.Final-redhat-00001 JBEAP-21978 - (7.4.z) Upgrade WildFly Core from 15.0.2.Final-redhat-00001 to 15.0.3.Final-redhat-00001 JBEAP-22009- [GSS](7.4.z) HAL-1753 - The Locations table is not updated after changing the profile in breadcrumb navigation JBEAP-22084 - [GSS](7.4.z) Upgrade PicketBox from 5.0.3.Final-redhat-00007 to 5.0.3.Final-redhat-00008 JBEAP-22088 - (7.4.z) Upgrade wildfly-transaction-client from 1.1.13.Final-redhat-00001 to 1.1.14.Final-redhat-00001 JBEAP-22160 - (7.4.z) Upgrade jakarta.el from 3.0.3.redhat-00002 to 3.0.3.redhat-00006 JBEAP-22209 - (7.4.z) Upgrade commons-io from 2.5 to 2.10.0 JBEAP-22318 - (7.4.z) Upgrade WildFly Core from 15.0.3.Final-redhat-00001 to 15.0.4.Final-redhat-00001 JBEAP-22319 - (7.4.z) Upgrade undertow from 2.2.9.Final-redhat-00001 to 2.2.9.SP1-redhat-00001 7. Package List: Red Hat JBoss EAP 7.4 for RHEL8: Source: eap7-apache-commons-io-2.10.0-1.redhat_00001.1.el8eap.src.rpm eap7-artemis-wildfly-integration-1.0.4-1.redhat_00001.1.el8eap.src.rpm eap7-elytron-web-1.9.1-1.Final_redhat_00001.1.el8eap.src.rpm eap7-hal-console-3.3.7-1.Final_redhat_00001.1.el8eap.src.rpm eap7-hibernate-5.3.21-1.Final_redhat_00001.1.el8eap.src.rpm eap7-infinispan-11.0.12-1.Final_redhat_00001.1.el8eap.src.rpm eap7-ironjacamar-1.4.35-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jakarta-el-3.0.3-2.redhat_00006.1.el8eap.src.rpm eap7-jberet-1.3.9-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-remoting-5.0.23-2.SP1_redhat_00001.1.el8eap.src.rpm eap7-jboss-server-migration-1.10.0-8.Final_redhat_00009.1.el8eap.src.rpm eap7-jgroups-kubernetes-1.0.16-1.Final_redhat_00001.1.el8eap.src.rpm eap7-netty-4.1.63-1.Final_redhat_00001.1.el8eap.src.rpm eap7-picketbox-5.0.3-9.Final_redhat_00008.1.el8eap.src.rpm eap7-undertow-2.2.9-2.SP1_redhat_00001.1.el8eap.src.rpm eap7-velocity-2.3.0-1.redhat_00001.1.el8eap.src.rpm eap7-wildfly-7.4.1-2.GA_redhat_00003.1.el8eap.src.rpm eap7-wildfly-elytron-1.15.5-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-http-client-1.1.8-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-transaction-client-1.1.14-2.Final_redhat_00001.1.el8eap.src.rpm eap7-xalan-j2-2.7.1-36.redhat_00013.1.el8eap.src.rpm eap7-yasson-1.0.9-1.redhat_00001.1.el8eap.src.rpm noarch: eap7-apache-commons-io-2.10.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-artemis-wildfly-integration-1.0.4-1.redhat_00001.1.el8eap.noarch.rpm eap7-hal-console-3.3.7-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-5.3.21-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-core-5.3.21-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-entitymanager-5.3.21-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-envers-5.3.21-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-java8-5.3.21-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-11.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-cachestore-jdbc-11.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-cachestore-remote-11.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-client-hotrod-11.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-commons-11.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-component-annotations-11.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-core-11.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-commons-11.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-spi-11.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-v53-11.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-1.4.35-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-common-api-1.4.35-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-common-impl-1.4.35-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-common-spi-1.4.35-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-core-api-1.4.35-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-core-impl-1.4.35-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-deployers-common-1.4.35-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-jdbc-1.4.35-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-validator-1.4.35-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jakarta-el-3.0.3-2.redhat_00006.1.el8eap.noarch.rpm eap7-jberet-1.3.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jberet-core-1.3.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-remoting-5.0.23-2.SP1_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-server-migration-1.10.0-8.Final_redhat_00009.1.el8eap.noarch.rpm eap7-jboss-server-migration-cli-1.10.0-8.Final_redhat_00009.1.el8eap.noarch.rpm eap7-jboss-server-migration-core-1.10.0-8.Final_redhat_00009.1.el8eap.noarch.rpm eap7-jgroups-kubernetes-1.0.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-netty-4.1.63-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-netty-all-4.1.63-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-picketbox-5.0.3-9.Final_redhat_00008.1.el8eap.noarch.rpm eap7-picketbox-infinispan-5.0.3-9.Final_redhat_00008.1.el8eap.noarch.rpm eap7-undertow-2.2.9-2.SP1_redhat_00001.1.el8eap.noarch.rpm eap7-undertow-server-1.9.1-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-velocity-2.3.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-velocity-engine-core-2.3.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-7.4.1-2.GA_redhat_00003.1.el8eap.noarch.rpm eap7-wildfly-elytron-1.15.5-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-elytron-tool-1.15.5-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-client-common-1.1.8-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-ejb-client-1.1.8-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-naming-client-1.1.8-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-transaction-client-1.1.8-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-javadocs-7.4.1-2.GA_redhat_00003.1.el8eap.noarch.rpm eap7-wildfly-modules-7.4.1-2.GA_redhat_00003.1.el8eap.noarch.rpm eap7-wildfly-transaction-client-1.1.14-2.Final_redhat_00001.1.el8eap.noarch.rpm eap7-xalan-j2-2.7.1-36.redhat_00013.1.el8eap.noarch.rpm eap7-yasson-1.0.9-1.redhat_00001.1.el8eap.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8.References: https://access.redhat.com/security/cve/CVE-2020-13936 https://access.redhat.com/security/cve/CVE-2021-3536 https://access.redhat.com/security/cve/CVE-2021-3597 https://access.redhat.com/security/cve/CVE-2021-3642 https://access.redhat.com/security/cve/CVE-2021-3644 https://access.redhat.com/security/cve/CVE-2021-3690 https://access.redhat.com/security/cve/CVE-2021-21295 https://access.redhat.com/security/cve/CVE-2021-21409 https://access.redhat.com/security/cve/CVE-2021-28170 https://access.redhat.com/security/cve/CVE-2021-29425 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/ 9. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYUyqm9zjgjWX9erEAQjH1g/+Ppuz7krcdea4827pGXsIGzieQDvw4h/u j85t5i0/k9UKm5I4RLNBlxABURGjNVgl3ITDLU0HCBPYW0Y1unquUe6ybXxyp55H fQ88nUVhuVS1KA8u1+JLnyI07k8he5wkyqyDa72Z+ULpXDjua7PfK+jI3RQkAp8B yqeP+gyMLq5lb4bFaSQV7+xfAAsjtB9B2tSwZTYioKxVwmGs6qOLFEZSgJrm1FyL lDhra9IcEmjnWj7QfAElELH1KdnguWf1l6fxOss/u/0IU4Kb9/it63w/KKiH7eKl TYLeMP+z03Yv9FP6LQwuGpJZL24F0g0ZEY8pG23b4/doNrvJhA/b8vdwE4xdS0VO Wht0PLdIMWXmf7JdwaSWHYiZrYBV42E+Ac6o5//q06B4lbg/NsW5g2cRvLT8BF4v MrS59t866xhWLCPaexTWuaugdaXq0lJy23NkWFPaYf3S3i4lYAoxfVy2BH9TAXQ7 qoCZpXQi5680yzxBMC4Db91AakVMK6EijTiwm0XSqFjSYZ2fjo3PZX3vHTxw5rYo uNXHSVMfc4+7NfBcE2TS122i3/Achy8W6yk9Rq8EEI0yldQP47CKY6EC/r0HDJ2/ coK/yHG63//e2rJiZS6bfV8W9QP1REkZTBrBbZjjidGXKFYqXjUKbTrnGxhuV1yZ 5957NNRhLbY=LINr -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . The recent security notification from Red Hat regarding JBoss addresses severe vulnerabilities and provides solutions, improving both the security and reliability of the platform..Red Hat JBoss, Security Update, Application Platform, DoS Fix, Code Execution. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Sep 23, 2021 Important Red Hat
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorysecurity fiximportant

Red Hat JBoss EAP 7.3.9 RHSA-2021:3466-01 Important: DoS Threats Fixed

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.9 security update on RHEL 6 Advisory ID: RHSA-2021:3466-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2021:3466 Issue date: 2021-09-08 CVE Names: CVE-2021-3597 CVE-2021-3644 CVE-2021-3690 CVE-2021-28170 CVE-2021-29425 ==================================================================== 1. Summary: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.3 for RHEL 6 Server - noarch 3. Description: This release of Red Hat JBoss Enterprise Application Platform 7.3.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * undertow: buffer leak on incoming websocket PONG message may lead to DoS (CVE-2021-3690) * undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS (CVE-2021-3597) * jakarta-el:ELParserTokenManager enables invalid EL expressions to be evaluate (CVE-2021-28170) * apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 (CVE-2021-29425) * wildfly-core: Invalid Sensitivity Classification of Vault Expression (CVE-2021-3644) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1948752 - CVE-2021-29425 apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 1965497 - CVE-2021-28170 jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate 1970930 - CVE-2021-3597 undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS 1976052 - CVE-2021-3644 wildfly-core: Invalid Sensitivity Classification of Vault Expression 1991299 - CVE-2021-3690 undertow: buffer leak on incoming websocket PONG message may lead to DoS 6. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): JBEAP-21115 - (7.3.z) Upgrade wildfly-transaction-client from 1.1.13.Final-redhat-00001 to 1.1.14.Final-redhat-00001 JBEAP-21466 - Tracker bug for the EAP 7.3.9 release for RHEL-6 JBEAP-21958 - [GSS](7.3.z) Upgrade HAL from 3.2.15.Final-redhat-00001 to 3.2.16.Final-redhat-00001 JBEAP-22003 - [GSS](7.3.z) HAL-1753 - The Locations table is not updated after changing the profile in breadcrumb navigation JBEAP-22029 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.28.Final-redhat-00001 to 1.0.29.Final-redhat-00002 JBEAP-22079 - [GSS](7.3.z) Upgrade ironjacamar from 1.4.33.Final-redhat-00001 to 1.4.35.Final-redhat-00001 JBEAP-22085 - [GSS](7.3.z)Upgrade PicketBox from 5.0.3.Final-redhat-00007 to 5.0.3.Final-redhat-00008 JBEAP-22138 - (7.3.z) Upgrade Narayana from 5.9.11.Final-redhat-00001 to 5.9.12.Final-redhat-00001 JBEAP-22159 - (7.3.z) Upgrade jakarta.el from 3.0.3.redhat-00002 to 3.0.3.redhat-00006 JBEAP-22195 - (7.3.z) Upgrade commons-io from 2.5.0.redhat-3 to 2.10.0.redhat-00001 JBEAP-22198 - (7.3.z) Upgrade WildFly Core from 10.1.21.Final-redhat-00001 to 10.1.22.Final-redhat-00001 JBEAP-22200 - (7.3.z) Upgrade Undertow from 2.0.38.SP1-redhat-00001 to 2.0.39-SP1-redhat-00001 JBEAP-22204 - [GSS](7.3.z) Upgrade jberet from 1.3.8.Final-redhat-00001 to 1.3.9.Final-redhat-00001 JBEAP-22227 - [GSS](7.3.z) Upgrade remoting from 5.0.23.Final-redhat-00001 to 5.0.23.SP1-redhat-00001 JBEAP-22317 - (7.3.z) Upgrade Undertow from 2.0.39-SP1-redhat-00001 to 2.0.39-SP2-redhat-00001 7. Package List: Red Hat JBoss EAP 7.3 for RHEL 6Server: Source: eap7-apache-commons-io-2.10.0-1.redhat_00001.1.el6eap.src.rpm eap7-hal-console-3.2.16-1.Final_redhat_00001.1.el6eap.src.rpm eap7-hibernate-5.3.20-4.SP2_redhat_00001.1.el6eap.src.rpm eap7-ironjacamar-1.4.35-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jakarta-el-3.0.3-2.redhat_00006.1.el6eap.src.rpm eap7-jberet-1.3.9-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-remoting-5.0.23-2.SP1_redhat_00001.1.el6eap.src.rpm eap7-jboss-server-migration-1.7.2-9.Final_redhat_00010.1.el6eap.src.rpm eap7-narayana-5.9.12-1.Final_redhat_00001.1.el6eap.src.rpm eap7-picketbox-5.0.3-9.Final_redhat_00008.1.el6eap.src.rpm eap7-undertow-2.0.39-1.SP2_redhat_00001.1.el6eap.src.rpm eap7-wildfly-7.3.9-2.GA_redhat_00002.1.el6eap.src.rpm eap7-wildfly-http-client-1.0.29-1.Final_redhat_00002.1.el6eap.src.rpm eap7-wildfly-transaction-client-1.1.14-2.Final_redhat_00001.1.el6eap.src.rpm noarch: eap7-apache-commons-io-2.10.0-1.redhat_00001.1.el6eap.noarch.rpm eap7-hal-console-3.2.16-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-5.3.20-4.SP2_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-core-5.3.20-4.SP2_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-entitymanager-5.3.20-4.SP2_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-envers-5.3.20-4.SP2_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-java8-5.3.20-4.SP2_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-1.4.35-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-api-1.4.35-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-impl-1.4.35-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-spi-1.4.35-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-core-api-1.4.35-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-core-impl-1.4.35-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-deployers-common-1.4.35-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-jdbc-1.4.35-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-validator-1.4.35-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jakarta-el-3.0.3-2.redhat_00006.1.el6eap.noarch.rpm eap7-jberet-1.3.9-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jberet-core-1.3.9-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-remoting-5.0.23-2.SP1_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-server-migration-1.7.2-9.Final_redhat_00010.1.el6eap.noarch.rpm eap7-jboss-server-migration-cli-1.7.2-9.Final_redhat_00010.1.el6eap.noarch.rpm eap7-jboss-server-migration-core-1.7.2-9.Final_redhat_00010.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.7.2-9.Final_redhat_00010.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.2-9.Final_redhat_00010.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.7.2-9.Final_redhat_00010.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.7.2-9.Final_redhat_00010.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.7.2-9.Final_redhat_00010.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.2-9.Final_redhat_00010.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.3-server-1.7.2-9.Final_redhat_00010.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.7.2-9.Final_redhat_00010.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.7.2-9.Final_redhat_00010.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.7.2-9.Final_redhat_00010.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.7.2-9.Final_redhat_00010.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.7.2-9.Final_redhat_00010.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.7.2-9.Final_redhat_00010.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly15.0-server-1.7.2-9.Final_redhat_00010.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly16.0-server-1.7.2-9.Final_redhat_00010.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly17.0-server-1.7.2-9.Final_redhat_00010.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly18.0-server-1.7.2-9.Final_redhat_00010.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.7.2-9.Final_redhat_00010.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.7.2-9.Final_redhat_00010.1.el6eap.noarch.rpm eap7-narayana-5.9.12-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-compensations-5.9.12-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-jbosstxbridge-5.9.12-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-jbossxts-5.9.12-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-jts-idlj-5.9.12-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-jts-integration-5.9.12-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-restat-api-5.9.12-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-restat-bridge-5.9.12-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-restat-integration-5.9.12-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-restat-util-5.9.12-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-txframework-5.9.12-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-picketbox-5.0.3-9.Final_redhat_00008.1.el6eap.noarch.rpm eap7-picketbox-infinispan-5.0.3-9.Final_redhat_00008.1.el6eap.noarch.rpm eap7-undertow-2.0.39-1.SP2_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-7.3.9-2.GA_redhat_00002.1.el6eap.noarch.rpm eap7-wildfly-http-client-common-1.0.29-1.Final_redhat_00002.1.el6eap.noarch.rpm eap7-wildfly-http-ejb-client-1.0.29-1.Final_redhat_00002.1.el6eap.noarch.rpm eap7-wildfly-http-naming-client-1.0.29-1.Final_redhat_00002.1.el6eap.noarch.rpm eap7-wildfly-http-transaction-client-1.0.29-1.Final_redhat_00002.1.el6eap.noarch.rpm eap7-wildfly-javadocs-7.3.9-2.GA_redhat_00002.1.el6eap.noarch.rpm eap7-wildfly-modules-7.3.9-2.GA_redhat_00002.1.el6eap.noarch.rpm eap7-wildfly-transaction-client-1.1.14-2.Final_redhat_00001.1.el6eap.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8.References: https://access.redhat.com/security/cve/CVE-2021-3597 https://access.redhat.com/security/cve/CVE-2021-3644 https://access.redhat.com/security/cve/CVE-2021-3690 https://access.redhat.com/security/cve/CVE-2021-28170 https://access.redhat.com/security/cve/CVE-2021-29425 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/ 9. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYTjGINzjgjWX9erEAQg84hAAjXdBoc8ML5J2Q0Y1TkZZtyvzzAbWAZSN lgn1MHo9e5tn8BzJ5SE+550ms/JvcgKluCWqaJwPhOOib4nsFppbk6Smy14Ihgxn 2DvlhjJXAf740Ofzbiu7tRUvJhsm0cKLNGbdUr12mm9JnT1fybe6HJuVnEDerOpK yRMYyNENEPaVthBH6LXQFXuTT0HnF0H3ZgmpdrcfDfYlSZuih46xvaA1La4WrjuD e11gCwqyI7xVRZikXvP9aH0cnOhADYo+Ub2AU/LujOH0jg7Y+YqjkMn4t/wtYm/U zsMX/HNVco7FaTqGie4zM/N0TvE378p1eqU0bYukUSWWoo6NYqWwvtgOxxMiMoxs eF1QfJ+EA1lUnN6DpwoOO4M3wu07L1aRtHLiIk3/7UseLwvHQVn7W83P9cwWd9rh najQbz94eX0kq7NLVCoQk5ygOo6QcoQ4xdUS08t39CAtjzfo/5VcrFoHJgSqSuvI vVQq4bqAitIW8KjdNFR3tTW9zqDWLJBk8mUW/7dPuj3Lidzv2BNdscS9WLccD9pJ NtrgVZoe0/zv287cFk1qrBvka001U4Faoh6wkGSFzAWlHm08p/8h3fCC/chxIsc2 9J19Mg7Ln5K8e75tEdhXahrABDLwrP4iETdbkxx8NBysiPIDON/ROf8aV7bVje4Z zpYVlDcqbVw=BAeJ -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Oracle WebLogic Server 14.1.1 patch released. Critical vulnerabilities addressed and enhancements listed.. Red Hat JBoss, Security Update, DoS Fix, Application Security. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Sep 08, 2021 Important Red Hat
Banner 2 1028x280 1708121730 1 1771599631
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorydenial of serviceimportant

Red Hat JBoss: RHSA-2021:3216-01 Important: Buffer Leak DoS

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3 security update Advisory ID: RHSA-2021:3216-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2021:3216 Issue date: 2021-08-18 CVE Names: CVE-2021-3690 ==================================================================== 1. Summary: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3. Security Fix(es): * undertow: buffer leak on incoming websocket PONG message may lead to DoS (CVE-2021-3690) For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section. 3. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1991299 - CVE-2021-3690 undertow: bufferleak on incoming websocket PONG message may lead to DoS 5. References: https://access.redhat.com/security/cve/CVE-2021-3690 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=7.3 https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/ 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYR1MC9zjgjWX9erEAQieVw/+JTwaAtkrf8RJVMsLLXr8WMsseAuHCxOx P/4sVthulfI+DPJiGSW9wwVwrzaLcttJd81d76da/Ei+LovmAZXPomDDo7u8UEMB FIBJ18iERFZXEnlsqtbe+SEuJBaAqNQOyLzRZDgux7IL9Ot3AU93T49/0qELwkJe GYJYE0Yz9mL6HoJnvdEbasm3hezdmfyby+xJoUDTFS2WnqONSaNOk+ZQ0OapFmjc xvfO7yMlyXjznBaO5QAkgmg5ySXBcURyy+eXwbdI2sPpqqwNRuDs8vSn+FdTke7b RiLiJmFR72MH5WWPBhRyqTnaQTAZ43I7sNroWpBKiWw3zY/jHWjvwQq7Np+NlL80 AMn1icytxMFm0/msVhiqWwADV0T25+AXsS3MoUGjJHA5+urmJ7dl23GsdEkuttx6 Jb9mVPcPdJd7OXDwAleKZjGg0Mz2Ks6/mKvQjTOVISV3qoxmubQ1YcFIxPEkDUA7 yoSrDV9EYbwUCg/imseaTjkx2podYotkFCXPEHYA0Fz3YlJSotFYvUXS4I+PqJqK Vt3r69pVdJwBZWvOjMK88JDEgU9fgmgqGhynWaOeGKmMl3dWlukky/yhVslZr9Xs tal9BXFEVoMbeNDR2Dxo5g5ti6n8AbQAB/ogeOcAsST7kVFzPaSpquXrf+Biplo0 MEYoyxClwO8=+QnO -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Important security patch released for Red Hat JBoss application framework targeting memory overflow vulnerability that may result in denial of service.. Red Hat JBoss, security update, buffer leak, denial of service. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Aug 18, 2021 Important Red Hat
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorysecurity updateOpenSSL

Red Hat JBoss Web Server 5.4.2 Important: RHSA-2021:1195-01

Updated Red Hat JBoss Web Server 5.4.2 packages are now available for Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Web Server 5.4.2 Security Update Advisory ID: RHSA-2021:1195-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2021:1195 Issue date: 2021-04-14 CVE Names: CVE-2021-3449 CVE-2021-3450 ==================================================================== 1. Summary: Updated Red Hat JBoss Web Server 5.4.2 packages are now available for Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Web Server 5.4 for RHEL 7 Server - x86_64 Red Hat JBoss Web Server 5.4 for RHEL 8 - x86_64 3. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.4.2 serves as a replacement for Red Hat JBoss Web Server 5.4.1, and includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Security Fix(es): * openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449) * openssl: CAcertificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT 1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing 6. Package List: Red Hat JBoss Web Server 5.4 for RHEL 7 Server: Source: jws5-tomcat-native-1.2.25-4.redhat_4.el7jws.src.rpm x86_64: jws5-tomcat-native-1.2.25-4.redhat_4.el7jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.25-4.redhat_4.el7jws.x86_64.rpm Red Hat JBoss Web Server 5.4 for RHEL 8: Source: jws5-tomcat-native-1.2.25-4.redhat_4.el8jws.src.rpm x86_64: jws5-tomcat-native-1.2.25-4.redhat_4.el8jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.25-4.redhat_4.el8jws.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYHcAdtzjgjWX9erEAQgQ4RAAktpzx/5WHgvBQgcb9aZrVc3TCDwWAy9g W88lvzzXWz1Is+DYngpt2upDkAijyp2vrbUDqLmh2uaQ/vBLe3WlVXCc0fS6YB/e 4uqAIdRQWoVt1Rb2pX7p7hXOzTPcZSe2FTWwumg2SNZvGkREzc2QhSMP+UdkTbE4 fLoNWKXkvC6j+Cs339cxQbjSssjxg9WDkpralRx/gaxge8TTDHKfzjbQsExY4UrZ WRYWqYKExmkO1d6g2sXOBW/uFqlUR8On+BNSd9g8FOAyiehvpScvj/0a2Mc9lKiD 0g5yoFEdkhWqaWLndbDpwrXETl77sHl+7Pou+TzxfK3nNgZNCLgbc6yAJknvLwuf AuCcPflfsnF/docnKWR5+Pky2ZiNB/Cq4MUaJPVFVMcfoLKtfXgRYKdyVuxmWCXm mIRrMqgxVuxk7eQBv/eWSXFVwipYmkQgWMaaartZCXjbDrbilR9TBw/v/2GSLsBn gSajBKt89xKzzpE6rkoJV1mBSvN4Zck/+Eb0RborKRr7LyoSPS7FJyySAPeC2Q9+ Mv2mjGQWkX95yHLG0XCRp9do65G3jC6ILIqD6ee1XD8lPrALkpJZZWR+EfVumZxO Zx6p3T0egk6a75jAepI04NmrX52Gla0ARKri9YawDLaxTjGeo4K9963qkfzeJJxq 8QzbJQ6gPfU=XW2w -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://listman.redhat.com/mailman/listinfo/rhsa-announce . New Red Hat JBoss Web Server 5.4.2 packages released for RHEL 7 and RHEL 8, resolving critical security vulnerabilities.. Red Hat JBoss, Security Update, OpenSSL Issues, JBoss Web Server. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Apr 14, 2021 Important Red Hat
Banner 2 1028x280 1708121730 1 1771599631
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":547,"type":"x","order":1,"pct":78.48,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.88,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.34,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here