Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
98
security advisoryRed Hatsoftware updateRed Hat: RHSA-2020-2506-01 Critical JBoss Web Server 5.3.1 RCE Update
Updated Red Hat JBoss Web Server 5.3.1 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this release as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Web Server 5.3.1 security update Advisory ID: RHSA-2020:2506-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2020:2506 Issue date: 2020-06-10 CVE Names: CVE-2020-9484 ==================================================================== 1. Summary: Updated Red Hat JBoss Web Server 5.3.1 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Web Server 5.3 for RHEL 6 Server - i386, noarch, x86_64 Red Hat JBoss Web Server 5.3 for RHEL 7 Server - noarch, x86_64 Red Hat JBoss Web Server 5.3 for RHEL 8 - noarch, x86_64 3. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.3.1 serves as a replacement for Red Hat JBoss Web Server 5.3.0, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Security Fix(es): * tomcat: Apache Tomcat Remote Code Execution viasession persistence (CVE-2020-9484) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE 6. Package List: Red Hat JBoss Web Server 5.3 for RHEL 6 Server: Source: jws5-tomcat-9.0.30-4.redhat_5.1.el6jws.src.rpm jws5-tomcat-native-1.2.23-5.redhat_5.el6jws.src.rpm i386: jws5-tomcat-native-1.2.23-5.redhat_5.el6jws.i686.rpm jws5-tomcat-native-debuginfo-1.2.23-5.redhat_5.el6jws.i686.rpm noarch: jws5-tomcat-9.0.30-4.redhat_5.1.el6jws.noarch.rpm jws5-tomcat-admin-webapps-9.0.30-4.redhat_5.1.el6jws.noarch.rpm jws5-tomcat-docs-webapp-9.0.30-4.redhat_5.1.el6jws.noarch.rpm jws5-tomcat-el-3.0-api-9.0.30-4.redhat_5.1.el6jws.noarch.rpm jws5-tomcat-javadoc-9.0.30-4.redhat_5.1.el6jws.noarch.rpm jws5-tomcat-jsp-2.3-api-9.0.30-4.redhat_5.1.el6jws.noarch.rpm jws5-tomcat-lib-9.0.30-4.redhat_5.1.el6jws.noarch.rpm jws5-tomcat-selinux-9.0.30-4.redhat_5.1.el6jws.noarch.rpm jws5-tomcat-servlet-4.0-api-9.0.30-4.redhat_5.1.el6jws.noarch.rpm jws5-tomcat-webapps-9.0.30-4.redhat_5.1.el6jws.noarch.rpm x86_64: jws5-tomcat-native-1.2.23-5.redhat_5.el6jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.23-5.redhat_5.el6jws.x86_64.rpm Red Hat JBoss Web Server 5.3 for RHEL 7Server: Source: jws5-tomcat-9.0.30-4.redhat_5.1.el7jws.src.rpm jws5-tomcat-native-1.2.23-5.redhat_5.el7jws.src.rpm noarch: jws5-tomcat-9.0.30-4.redhat_5.1.el7jws.noarch.rpm jws5-tomcat-admin-webapps-9.0.30-4.redhat_5.1.el7jws.noarch.rpm jws5-tomcat-docs-webapp-9.0.30-4.redhat_5.1.el7jws.noarch.rpm jws5-tomcat-el-3.0-api-9.0.30-4.redhat_5.1.el7jws.noarch.rpm jws5-tomcat-javadoc-9.0.30-4.redhat_5.1.el7jws.noarch.rpm jws5-tomcat-jsp-2.3-api-9.0.30-4.redhat_5.1.el7jws.noarch.rpm jws5-tomcat-lib-9.0.30-4.redhat_5.1.el7jws.noarch.rpm jws5-tomcat-selinux-9.0.30-4.redhat_5.1.el7jws.noarch.rpm jws5-tomcat-servlet-4.0-api-9.0.30-4.redhat_5.1.el7jws.noarch.rpm jws5-tomcat-webapps-9.0.30-4.redhat_5.1.el7jws.noarch.rpm x86_64: jws5-tomcat-native-1.2.23-5.redhat_5.el7jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.23-5.redhat_5.el7jws.x86_64.rpm Red Hat JBoss Web Server 5.3 for RHEL 8: Source: jws5-tomcat-9.0.30-4.redhat_5.1.el8jws.src.rpm jws5-tomcat-native-1.2.23-5.redhat_5.el8jws.src.rpm noarch: jws5-tomcat-9.0.30-4.redhat_5.1.el8jws.noarch.rpm jws5-tomcat-admin-webapps-9.0.30-4.redhat_5.1.el8jws.noarch.rpm jws5-tomcat-docs-webapp-9.0.30-4.redhat_5.1.el8jws.noarch.rpm jws5-tomcat-el-3.0-api-9.0.30-4.redhat_5.1.el8jws.noarch.rpm jws5-tomcat-javadoc-9.0.30-4.redhat_5.1.el8jws.noarch.rpm jws5-tomcat-jsp-2.3-api-9.0.30-4.redhat_5.1.el8jws.noarch.rpm jws5-tomcat-lib-9.0.30-4.redhat_5.1.el8jws.noarch.rpm jws5-tomcat-selinux-9.0.30-4.redhat_5.1.el8jws.noarch.rpm jws5-tomcat-servlet-4.0-api-9.0.30-4.redhat_5.1.el8jws.noarch.rpm jws5-tomcat-webapps-9.0.30-4.redhat_5.1.el8jws.noarch.rpm x86_64: jws5-tomcat-native-1.2.23-5.redhat_5.el8jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.23-5.redhat_5.el8jws.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2020-9484 https://access.redhat.com/security/updates/classification#important 8.Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXuEKEtzjgjWX9erEAQi1iQ//SgZKJnO4OosXeFQDYKXzx2+R2UHZJ8OJ OaY6LKEjIb6wAY3QimRSxHL5s2G1dM51TdJUMPGVzW/ZC6WTph68mecpkB5xiQ90 knoAB7XdZoobkw9rdGupYBkNZGYsZah3mbQrU1WEMEcZIMNyO1ESw/qPlWHRxUDU LI/cyTH78n6GWED0mUWhfcrMWmmweUjMxR+Ld5hgA0ZetjvC2DttqIMspBuwgzIF krBvAv3eqx/mHQivtHSOkwoj+wfBIWS1ZTlv3xa5fu0A06CmzVfRrnMwxanajTMq 4wna5Kq+dNRe6MvlQ9YT4r5VciRXIf9ByxNHSwHthy30bXLmjDkOEbb6BtbegaQP Pj1vmTrRlnZU9KQpdddVKLUhi2odZlEIig2P/6PH02lXvPiGvH7ozLbceNaq3yuP x6ADb+ft+JPL3JVJzkggHUVgBN9/yu9f6OrrYDUEf6GQiXLbdjb0/q8jlUZKsgIi BjnT7XHQwMHKxGTID1XFP7r7JoEv6/sHgsf7SM0PulZ93wLbR9nFJDAF4+ATAwcq aDP/GPjsrAJ/TErnKNkDXADeTTVFf4PhLGWi9LQLey16/cnXuA7emv2pR0mcdg22 7uAELEj+ZojlS6qYukRYlWcM7fPlLz1kMB9f+rEe3k/5hGqWsr0PBri8sWSiFKMn EMQ+iKEGQWY=UEGb -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 10, 2020
•Important
Red Hat
98
security advisoryRed HatupdateRed Hat JBoss Web Server 3.1 Important Security Update RHSA-2020:2487-01
An update is now available for Red Hat JBoss Web Server 3.1, for RHEL 6, RHEL 7 and Windows. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Web Server 3.1 Service Pack 9 security update Advisory ID: RHSA-2020:2487-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2020:2487 Issue date: 2020-06-10 CVE Names: CVE-2020-9484 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Web Server 3.1, for RHEL 6, RHEL 7 and Windows. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 9 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es): * tomcat: Apache Tomcat Remote Code Execution via session persistence (CVE-2020-9484) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, backup your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. 4. Bugs fixed (https://bugzilla.redhat.com/): 1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE 5. References: https://access.redhat.com/security/cve/CVE-2020-9484 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver&downloadType=securityPatches&version=3.1 https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/3.1 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXuD2ntzjgjWX9erEAQiMAw//ZNV2UOZjU2HbmhZH8To22tMoTLUyqk6u HIL7C7BXc37vdJ/nD+AuM2ndZrjixNI12KbWz/VBYpwNdVI3DLNyUPQb9KxVdVVK G9aGbHXTzA6lHcryYjjkXlCT6EEwQcutpI7SlJ5WmY/xhLR7AjM4Ve22tcqGSoib WbSRQZnE06oHAK6Zo+d6DQRieLcaxW1eIR0j1OrEEGGueAwTnUfnyx0SH5enzsFp 80fClhNeERwOQyQh8ngqH4T2oC6j6x0CJ0ylGVJJBh75dGR/x6xi/9EvsC/crpSn U2wXv5iltTjDPLJ2tu8o/hfVgpfFQg2glZesgjzBBfwpop7L9cyZoVcApFF2ujE3 g16QX1yZWvQS/82h+f9n3mnmoev7YC+Y77UjF8IcloHFh9JAXp2mFKpCCg/PKzJB cn2wu7pKPRTPovyFUBVYUNEZ4HYzTzQGuIyJ4hRGfJyQvCU6WlvXm172EZvbejlq 3GnEYJplmlLa5k6OGMrV3Y65ZmgnHSU2nRc28wy/cODv+QrTxMYmZn2Ecp7niy2O Cl2dytEHURjLouF92TZq3zBzOjAOOA4fbMcRjS6Po6LHvvQ/MIsoYhPbneXtwmi4 hCzC9rKAfvagypTEYrmkpNxrkR1WRJP/a7rRozDz6UGJ17Y0SdCFJePS+a8hcYn4 YH3uzGfUtXk=n5mX -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 10, 2020
•Important
Red Hat
98
security advisoryremote code executionimportantRedHat: RHSA-2020-2483-01 Important: JBoss Web Server RCE Risk
An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and RHEL 7. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Web Server 3.1 Service Pack 9 security update Advisory ID: RHSA-2020:2483-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2020:2483 Issue date: 2020-06-10 CVE Names: CVE-2020-9484 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and RHEL 7. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Web Server 3.1 for RHEL 6 - i386, noarch, x86_64 Red Hat JBoss Web Server 3.1 for RHEL 7 - noarch, x86_64 3. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 9 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es): * tomcat: Apache Tomcat Remote Code Execution via session persistence (CVE-2020-9484) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments,and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE 6. Package List: Red Hat JBoss Web Server 3.1 for RHEL 6: Source: tomcat-native-1.2.23-22.redhat_22.ep7.el6.src.rpm tomcat7-7.0.70-40.ep7.el6.src.rpm tomcat8-8.0.36-44.ep7.el6.src.rpm i386: tomcat-native-1.2.23-22.redhat_22.ep7.el6.i686.rpm tomcat-native-debuginfo-1.2.23-22.redhat_22.ep7.el6.i686.rpm noarch: tomcat7-7.0.70-40.ep7.el6.noarch.rpm tomcat7-admin-webapps-7.0.70-40.ep7.el6.noarch.rpm tomcat7-docs-webapp-7.0.70-40.ep7.el6.noarch.rpm tomcat7-el-2.2-api-7.0.70-40.ep7.el6.noarch.rpm tomcat7-javadoc-7.0.70-40.ep7.el6.noarch.rpm tomcat7-jsp-2.2-api-7.0.70-40.ep7.el6.noarch.rpm tomcat7-jsvc-7.0.70-40.ep7.el6.noarch.rpm tomcat7-lib-7.0.70-40.ep7.el6.noarch.rpm tomcat7-log4j-7.0.70-40.ep7.el6.noarch.rpm tomcat7-selinux-7.0.70-40.ep7.el6.noarch.rpm tomcat7-servlet-3.0-api-7.0.70-40.ep7.el6.noarch.rpm tomcat7-webapps-7.0.70-40.ep7.el6.noarch.rpm tomcat8-8.0.36-44.ep7.el6.noarch.rpm tomcat8-admin-webapps-8.0.36-44.ep7.el6.noarch.rpm tomcat8-docs-webapp-8.0.36-44.ep7.el6.noarch.rpm tomcat8-el-2.2-api-8.0.36-44.ep7.el6.noarch.rpm tomcat8-javadoc-8.0.36-44.ep7.el6.noarch.rpm tomcat8-jsp-2.3-api-8.0.36-44.ep7.el6.noarch.rpm tomcat8-jsvc-8.0.36-44.ep7.el6.noarch.rpm tomcat8-lib-8.0.36-44.ep7.el6.noarch.rpm tomcat8-log4j-8.0.36-44.ep7.el6.noarch.rpm tomcat8-selinux-8.0.36-44.ep7.el6.noarch.rpm tomcat8-servlet-3.1-api-8.0.36-44.ep7.el6.noarch.rpm tomcat8-webapps-8.0.36-44.ep7.el6.noarch.rpm x86_64: tomcat-native-1.2.23-22.redhat_22.ep7.el6.x86_64.rpm tomcat-native-debuginfo-1.2.23-22.redhat_22.ep7.el6.x86_64.rpm Red Hat JBoss Web Server 3.1 for RHEL7: Source: tomcat-native-1.2.23-22.redhat_22.ep7.el7.src.rpm tomcat7-7.0.70-40.ep7.el7.src.rpm tomcat8-8.0.36-44.ep7.el7.src.rpm noarch: tomcat7-7.0.70-40.ep7.el7.noarch.rpm tomcat7-admin-webapps-7.0.70-40.ep7.el7.noarch.rpm tomcat7-docs-webapp-7.0.70-40.ep7.el7.noarch.rpm tomcat7-el-2.2-api-7.0.70-40.ep7.el7.noarch.rpm tomcat7-javadoc-7.0.70-40.ep7.el7.noarch.rpm tomcat7-jsp-2.2-api-7.0.70-40.ep7.el7.noarch.rpm tomcat7-jsvc-7.0.70-40.ep7.el7.noarch.rpm tomcat7-lib-7.0.70-40.ep7.el7.noarch.rpm tomcat7-log4j-7.0.70-40.ep7.el7.noarch.rpm tomcat7-selinux-7.0.70-40.ep7.el7.noarch.rpm tomcat7-servlet-3.0-api-7.0.70-40.ep7.el7.noarch.rpm tomcat7-webapps-7.0.70-40.ep7.el7.noarch.rpm tomcat8-8.0.36-44.ep7.el7.noarch.rpm tomcat8-admin-webapps-8.0.36-44.ep7.el7.noarch.rpm tomcat8-docs-webapp-8.0.36-44.ep7.el7.noarch.rpm tomcat8-el-2.2-api-8.0.36-44.ep7.el7.noarch.rpm tomcat8-javadoc-8.0.36-44.ep7.el7.noarch.rpm tomcat8-jsp-2.3-api-8.0.36-44.ep7.el7.noarch.rpm tomcat8-jsvc-8.0.36-44.ep7.el7.noarch.rpm tomcat8-lib-8.0.36-44.ep7.el7.noarch.rpm tomcat8-log4j-8.0.36-44.ep7.el7.noarch.rpm tomcat8-selinux-8.0.36-44.ep7.el7.noarch.rpm tomcat8-servlet-3.1-api-8.0.36-44.ep7.el7.noarch.rpm tomcat8-webapps-8.0.36-44.ep7.el7.noarch.rpm x86_64: tomcat-native-1.2.23-22.redhat_22.ep7.el7.x86_64.rpm tomcat-native-debuginfo-1.2.23-22.redhat_22.ep7.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2020-9484 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXuDzktzjgjWX9erEAQgi/w//Xj/qCl98tBEg+2ffj+TA0Is16FtznlWO xIScyhvleDsX7AZ/o+Fd/8bqePrC4fPYmrPwe29i6IkcbOK1oQY786YLZsD78KTV 0M4QIR5JserxNzylp29q2R6xQdH0mTLTK1BfYLSoi63Fx/XdFz8dnkWs6PxJLEan mM0ioyWz3rPlA133UMX6gr6LEWNcV36+DeOuDt6xwtPCwFsG9Uh95XV0yYkPyUa+ k6N1bl0Z1gAb8CDA0Bb9ACT/wNIFj2Ops1d5gr0X6uxhhieGRYMKFqyJ7amEcpCW WkiVL3Jr4cCI3JgVLJ+9VwK9ifqiFPT/uFBFqukodeUi4jt5B6MCutWjg5MMlyjk zYJFaOtzpYdN94XLQliHpUnFcwgqNzl7D1aAhianL/SYC7im9embS+os0h8r0y/K zh2FkLbtb+hrxGQKbaCJXlHhXbng6ke1xxnT6JeKIqFnJhl3WOisDSQBVwtJqTjW gtdHIPSUVRaA1Q62xN+ERDAWKcXGh1r/B7RnX8e7mjmVBj8sw33rLJtz8XAIwztI dQDrF6NZsO6sozXsd8tODjgTaXHRqXv4gDp2BqJRCYGf3CjlvCtRcEkgK7WN8B1o Nbgz9YN9a5MRSU/tvViPZ97jtTi376HAxZb8hrEIq43CgKdGdYeD9nGp/PXrFT3Z T4TlPOipQc8=m5kE -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 10, 2020
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!