Stay Secure with the Latest Linux Advisories

security advisoryRed Hatmoderate threat

Red Hat JBoss 7.1.5 Advisory RHSA-2018:3527 Moderate Transport Issue

An update is now available for Red Hat JBoss Enterprise Application Platform 7.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Enterprise Application Platform 7.1.5 security update Advisory ID: RHSA-2018:3527-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2018:3527 Issue date: 2018-11-08 CVE Names: CVE-2018-14627 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * wildfly-iiop-openjdk: iiop does not honour strict transport confidentiality (CVE-2018-14627) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. The References section of thiserratum contains a download link (you must log in to download the update). The JBoss server process must be restarted for the update to take effect. 4. Bugs fixed (https://bugzilla.redhat.com/): 1624664 - CVE-2018-14627 JBoss/WildFly: iiop does not honour strict transport confidentiality 5. JIRA issues fixed (https://issues.redhat.com/): JBEAP-14939 - (7.1.z) Upgrade Elytron from 1.1.10.Final to 1.1.11.Final JBEAP-14950 - (7.1.z) Upgrade wildfly-client-config from 1.0.0 to 1.0.1 JBEAP-14958 - [GSS](7.1.z) Upgrade Undertow from 1.4.18.SP8 to 1.4.18.SP9 JBEAP-14987 - [GSS](7.1.z) Upgrade ActiveMQ Artemis from 1.5.5.jbossorg-013 to 1.5.5.jbossorg-014 JBEAP-14997 - [GSS](7.1.z) Upgrade Hibernate ORM from 5.1.15 to 5.1.16 JBEAP-15013 - [GSS](7.1.z) Upgrade to ironjacamar from 1.4.10 Final to 1.4.11 Final JBEAP-15025 - (7.1.z) Upgrade WildFly Core to 3.0.19.Final-redhat-1 JBEAP-15043 - (7.1.z) Upgrade PicketLink from 2.5.5.SP12 to 2.5.5.SP12-redhat-2 JBEAP-15065 - [GSS](7.1.z) Upgrade Migration Tool from 1.0.6.Final-redhat-3 to 1.0.7.Final-redhat-1 JBEAP-15072 - [GSS](7.1.z) Upgrade jboss-vfs to 3.2.13.Final JBEAP-15129 - [GSS](7.1.z) Upgrade JBoss Modules from 1.6.4.Final-redhat-1 to 1.6.5.Final-redhat-1 JBEAP-15131 - [GSS](7.1.z) Upgrade Mojarra from 2.2.13.SP5 to 2.2.13.SP6 JBEAP-15170 - [GSS](7.1.z) Upgrade JBossWS Common from 3.1.5.Final to 3.1.6.Final JBEAP-15216 - (7.1.z) Upgrade Elytron-Tool from 1.0.7 to 1.0.8.Final JBEAP-15217 - (7.1.z) Upgrade Elytron Web from 1.0.1.Final to 1.0.2.Final JBEAP-15244 - [GSS](7.1.z) Upgrade PicketBox from 5.0.3.Final-redhat-1 to 5.0.3.Final-redhat-3 JBEAP-15251 - [GSS](7.1.z) Upgrade jastow from 2.0.3 to 2.0.6 JBEAP-15270 - [GSS](7.1.z) Upgrade JBoss Marshalling from 2.0.5 to 2.0.6 JBEAP-15280 - (7.1.z) Upgrade XNIO from 3.5.5.Final-redhat-1 to 3.5.6 JBEAP-15300 - [GSS](7.1.z) Upgrade to JBoss WS CXF to 5.1.11.Final JBEAP-15313 - [GSS](7.1.z) Upgrade log4j-jboss-logmanager from 1.1.4.Final to 1.1.6.Final JBEAP-15314 - (7.1.z) Upgrade PicketLink bindings from 2.5.5.SP12 to2.5.5.SP12-redhat-2 JBEAP-15327 - Tracker bug for the EAP 7.1.5 text only release JBEAP-15454 - [PROD](7.1.z) Upgrade to wildfly-openssl from 1.0.6.Final-redhat-1 to 1.0.6.Final-redhat-2 6. References: https://access.redhat.com/security/cve/CVE-2018-14627 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=7.1 https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW+RWvNzjgjWX9erEAQjUrw//T8aWba0U9H3daB7Asqx26LeghiVUhB3d RG3B1AH6qdTyp4OIc3Mzk9fUMA7EvvI40wFUlFhktmnqoMaIwVrEDicuGlj3X02T MQTOJvLWdDYwjnGZ63VLpSEHY5FlWIIjInLl13wrzPlhlGQ2hp2n+mMFJB+/I6dR NyMZKvLD3nOfp/fwsh38++3kVr3IdpixaWYbeX9e45/95HKlH+UL+qDcGS4BBjSc wQjT8dy+DYK22J5ZqJH8D37T2gsaukQuu36MoNGroVSrmDBtUbVT137R8bFGPttm Gpyp5D62JvuUZ8sAhQomNBHc0QrPFxdFF354bdDndIdp2cKB9I/EDJnsOShOt9rX oAnj5ed4YqgJbDzr/MiUsZ0wSEeRLGEDNQyIHXkLiEWeVnOPR8S2oAGIIxgBWJsE gLGX9N16SxaFjqji+37FQ65S4o6VUV0gE/XYoQLuQAf78nueuyymSU5jd23RSxo2 rZlYkJRSrxcqY+hqFNbqSU21PqX9Yhs9xWJjo1uLxz8snKy2ip/httSek55V8RTK yuHXokYcRqcPLz8bawj8qYda2RHPQQculjzMaTo/LrIMRcAoNwsfTUIvTcom0vAU 9PQEr6YcD/mT+1/7UxYBMQpHX3utZJbGypZtBcq9gtmQ05EydDkQqJpPzs70g0LK EcAPTTTepCs=QAQC -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . An updated release for Red Hat JBoss Enterprise Application Platform addresses confidentiality vulnerabilities in transportation. Ensure your configuration is secured.. Red Hat JBoss, Transport Confidentiality, Security Issue, Enterprise Application, Software Update. . LinuxSecurity.com Team

Nov 08, 2018 Red Hat