Stay Secure with the Latest Linux Advisories

security advisorydenial of serviceremote code execution

Critical Red Hat JBoss Web Server 3.1 RHSA-2019:1712 Vulnerabilities Alert

An update is now available for Red Hat JBoss Web Server 3.1. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Web Server 3.1 Service Pack 7 security and bug fix update Advisory ID: RHSA-2019:1712-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2019:1712 Issue date: 2019-07-09 CVE Names: CVE-2018-0739 CVE-2019-0232 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Web Server 3.1. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 7 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es): * tomcat: Remote Code Execution on Windows (CVE-2019-0232) * openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) For more details about the security issue(s), including the impact, a CVSS score,acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1561266 - CVE-2018-0739 openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service 1701056 - CVE-2019-0232 tomcat: Remote Code Execution on Windows 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): JWS-1303 - Body text property replacement fails [jws3] JWS-1414 - Tomcat frequently hangs at startup when Jolokia loads certificate [jws-3] 6. References: https://access.redhat.com/security/cve/CVE-2018-0739 https://access.redhat.com/security/cve/CVE-2019-0232 https://access.redhat.com/security/updates/classification#important https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/3.1/html/3.1.0_release_notes/index 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXSSdM9zjgjWX9erEAQjiyBAAm7poF66coR0wLnb9mmsmEl5gT8+oqM+Z QByRSEmp+cOIzzmz2JA0oRAAiq6if7D8jbcnK0+bEO9upkje9EDT7Y0whjq4zui4 q938wRWMS4OoxGqWqYwPJZV9WVTbshHTaQ42dBPjDtE64P7o/ZJgbshO/znVDTFK crIC4h5GLawcBsGCApcGkxlfJQG/VzhTdBQkrVJGM4ovZ7zgFASNkQdoHN4x9st3 NPZPDO3TbhKBougI9D8UcfqOLUvkGaMljYnqAsbheXb1T1E0gX3mNO/qfc7lVdKO Yh2tNL+sfHAa6/EQ9bH7OKsdxhR4szeCV/os8i7NSJgN0QbwpOsAXTi4T80wphl2 krX3EPL3/Xsp9u+FMA2dkPXSUAJAEob++7p4r6tEEg4Q8q8wdx59Del4ERESos2W TccjjszCnT+OVTdpLRkf7LIjS+bTUsnnICTdyXKWATIEeZOYah4AsNPEfFFAFs3G Ln+kJ/tMkAEaR7J3uZqRIn0YtZVJhRoKQrB8iV49ItK2TIih+EvUCQhgu/MSFTUd 9dPZwkJDLOzJnHF6YIFZoo8wIwgiszMBgMJQRZisJsgysd6jtJUAE4ye/wL9TRkk YPK4uuXnE486odfCu4gSeSrc2/Z+xIej6IwSaFcHbJR3u5rLKd1i/QzupciOFIJC PR68zb1PfGo=WmTT -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A significant security patch for Red Hat JBoss Application Server 3.1 tackles severe problems and defects linked to resolved weaknesses.. Red Hat JBoss, Remote Code Execution, Denial of Service, Security Update, Service Pack. . Severity: Important. LinuxSecurity.com Team

Jul 09, 2019 •Important Red Hat