You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa EAP

Sigurnosni nedostaci programskog paketa EAP

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: EAP Continuous Delivery Technical Preview Release 13 security update
Advisory ID: RHSA-2020:2562-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2562
Issue date: 2020-06-15
CVE Names: CVE-2017-12196 CVE-2018-1067 CVE-2018-7489
CVE-2018-10237 CVE-2018-10862
=====================================================================

1. Summary:

This is a security update for JBoss EAP Continuous Delivery 13.0.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Description:

Red Hat JBoss Enterprise Application Platform CD13 is a platform for Java
applications based on the WildFly application runtime.

This release of Red Hat JBoss Enterprise Application Platform CD13 includes
bug fixes and enhancements.

Security Fix(es):

* guava: Unbounded memory allocation in AtomicDoubleArray and
CompoundOrdering classes allow remote attackers to cause a denial of
service (CVE-2018-10237)
* undertow: HTTP header injection using CRLF with UTF-8 Encoding
(incomplete fix of CVE-2016-4993) (CVE-2018-1067)
* jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe
serialization via c3p0 libraries (CVE-2018-7489)
* wildfly-core: Path traversal can allow the extraction of .war archives to
write arbitrary files (Zip Slip) (CVE-2018-10862)
* undertow: client can use bogus uri in digest authentication
(CVE-2017-12196)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

Before applying this update, back up your existing Red Hat JBoss Enterprise
Application Platform installation and deployed applications.

You must restart the JBoss server process for the update to take effect.

The References section of this erratum contains a download link (you must
log in to download the update)

4. Bugs fixed (https://bugzilla.redhat.com/):

1503055 – CVE-2017-12196 undertow: Client can use bogus uri in Digest authentication
1549276 – CVE-2018-7489 jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries
1550671 – CVE-2018-1067 undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993)
1573391 – CVE-2018-10237 guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service
1593527 – CVE-2018-10862 wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)

5. JIRA issues fixed (https://issues.jboss.org/):

JBEAP-14581 – (CD12) Upgrade FasterXML Jackson from 2.9.4.redhat-1 to 2.9.5.redhat-1

6. References:

https://access.redhat.com/security/cve/CVE-2017-12196
https://access.redhat.com/security/cve/CVE-2018-1067
https://access.redhat.com/security/cve/CVE-2018-7489
https://access.redhat.com/security/cve/CVE-2018-10237
https://access.redhat.com/security/cve/CVE-2018-10862
https://access.redhat.com/security/updates/classification/#important

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXueq+dzjgjWX9erEAQiiGhAAm99iamjB393vNNXKPha67z0GDrakMYUG
Zipx58R9rg2yEvj7xnaMFIQTuyuXbMTQHpUiHRSHN0eTs6Ua1ePuK7tHfTedCZuP
IKRw9t0RDJvNi5eNAtOFKbg8oTB9vu0mF9OhI0A79vm+WdqCAk1GUhhsvPbqkuN3
yQCis3UgovidI/JILZMfT6WBowgk7TObzaY5fMMdjxLR9qwxkGjiYA9K/VBfv8AM
5THHlMSRrbhS2OueCQm8/dD9K21UHES0AqHCctdwO5FXH0wjfgLZhpAQV4APnlAG
QUbHA4NwIcPhhsENRMGbJJGnZfI6fHnPJ7VRApbLDT+DJYwWAFEn0mMkbOTXw8xJ
KtbxSSRstON53l7jpFGCsdCf63hFzuMZKWA5fuYlDLBjkjhSYe2JCxEgRHuEsoES
c//lCdzWWXAVbcwpdBEiIHU1DM9eTcjLGV30QY5/+OozzWEPVmqZhcNvGPV+IUOh
jXbGeLEUDCbX8KgLVTowsF0VVIyzpG3LsbhMvd9MMBfmQ1FExLCqYm56q302RIx4
DGJ8oJbjo//Kb7QjXcxS6I51Ljop5oAyzyvvw5ttDuIOCXMLItlKM+Iv/WrgJkok
zydM2lSEjlA1Ng6dR4UUC3wJ8Pv6C7XGrjsNiXFhrf6vpr+moFKvQrLMiq8uNkzz
b/QhNUPU+iU=
=dP46
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Critical: EAP Continuous Delivery Technical Preview Release 12 security update
Advisory ID: RHSA-2020:2561-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2561
Issue date: 2020-06-15
CVE Names: CVE-2017-12174 CVE-2017-12196 CVE-2017-12629
CVE-2017-15089 CVE-2018-8088
=====================================================================

1. Summary:

This is a security update for JBoss EAP Continuous Delivery 12.0.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Red Hat JBoss Enterprise Application Platform CD12 is a platform for Java
applications based on the WildFly application runtime.

This release of Red Hat JBoss Enterprise Application Platform CD12 includes
bug fixes and enhancements.

Security Fix(es):

* artemis: artemis/hornetq: memory exhaustion via UDP and JGroups discovery
(CVE-2017-12174)
* lucene: Solr: Code execution via entity expansion (CVE-2017-12629)
* infinispan-core: infinispan: Unsafe deserialization of malicious object
injected into data cache (CVE-2017-15089)
* slf4j: Deserialisation vulnerability in EventData constructor can allow
for arbitrary code execution (CVE-2018-8088)
* elytron: client can use bogus uri in digest authentication
(CVE-2017-12196)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

Before applying this update, back up your existing Red Hat JBoss Enterprise
Application Platform installation and deployed applications.

You must restart the JBoss server process for the update to take effect.

The References section of this erratum contains a download link (you must
log in to download the update)

4. Bugs fixed (https://bugzilla.redhat.com/):

1498378 – CVE-2017-12174 artemis/hornetq: memory exhaustion via UDP and JGroups discovery
1501529 – CVE-2017-12629 Solr: Code execution via entity expansion
1503055 – CVE-2017-12196 undertow: Client can use bogus uri in Digest authentication
1503610 – CVE-2017-15089 infinispan: Unsafe deserialization of malicious object injected into data cache
1548909 – CVE-2018-8088 slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution

5. References:

https://access.redhat.com/security/cve/CVE-2017-12174
https://access.redhat.com/security/cve/CVE-2017-12196
https://access.redhat.com/security/cve/CVE-2017-12629
https://access.redhat.com/security/cve/CVE-2017-15089
https://access.redhat.com/security/cve/CVE-2018-8088
https://access.redhat.com/security/updates/classification/#critical

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXuerPtzjgjWX9erEAQgCkA//fN8OaspSHgLAnFgnSsHPHaOanomERmo/
KQTFe0eUohwOjqsuZRy7d7bCTgI0Dy6sPxX9C/keWiQjUId6sa7WHNdYhSfhr030
9hBEs7aqgeDFPmum+/+qSz9JzHbxrj5FMJDQlD8A07t0BkEJzQHv/5oI6Jzdm/pU
Mj1uUVVlhI+GyU86UY+0Lgu6eyYbr7BtGMtBoxkwcD/SrzxaN3DWChuaia+Z7tkd
YuK3EbfGI/O0go7wBBtBLZacW8phdAgHxYcUaI9JlpOMLXCqqVv0iW4cEnSifEvy
hwGE70lNMZnCGN+1yaZ547eQXXeBCPjtvFnVqxJ5ipafK1IJfQU+Boq6JPC4Wp4A
bOxC5vg9wTZr49PrtvcGY/+0/IGNxUVsbvqxpM+Lp8cN3kLNG1sxPjv34y1WUU/Z
B85ydHw/HM34GH6VJhRFN4DnDckdR5Z61uyVYGPUOCFN0ujUrN3mE5doQz1Ob3tR
gVDtmj6f59jHJjO6e5rXwbGK70JkjtHAWDn9ysoGGz/CvqXMAvNzwZgb2ALmL+EW
ylfwlse4zwqaShFKhai6R0buhTZVi25IwuPRotWKZf+Bd5kLqBgaSwTkULKBh5Dl
Wobbg6qBbD38NQEhkbLEJs4vMti9pl8aqN5UH4zpbgsZRn8Tx0j44TePjrGSVsLi
6aRRuqm1Oag=
=OQYb
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: EAP Continuous Delivery Technical Preview Release 16 security update
Advisory ID: RHSA-2020:2564-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2564
Issue date: 2020-06-15
CVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720
CVE-2018-14721 CVE-2018-19360 CVE-2018-19361
CVE-2018-19362
=====================================================================

1. Summary:

This is a security update for JBoss EAP Continuous Delivery 16.0.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Description:

Red Hat JBoss Enterprise Application Platform CD16 is a platform for Java
applications based on the WildFly application runtime.

This release of Red Hat JBoss Enterprise Application Platform CD16 includes
bug fixes and enhancements.

Security Fix(es):

* jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class
(CVE-2018-14721)
* jackson-databind: arbitrary code execution in blaze-ds-opt and
blaze-ds-core classes (CVE-2018-14719)
* jackson-databind: exfiltration/XXE in some JDK classes (CVE-2018-14720)
* jackson-databind: improper polymorphic deserialization in
jboss-common-core class (CVE-2018-19362)
* jackson-databind: improper polymorphic deserialization in
axis2-transport-jms class (CVE-2018-19360)
* jackson-databind: improper polymorphic deserialization in openjpa class
(CVE-2018-19361)
* jackson-databind: arbitrary code execution in slf4j-ext class
(CVE-2018-14718)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

Before applying this update, back up your existing Red Hat JBoss Enterprise
Application Platform installation and deployed applications.

You must restart the JBoss server process for the update to take effect.

The References section of this erratum contains a download link (you must
log in to download the update)

4. Bugs fixed (https://bugzilla.redhat.com/):

1666415 – CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class
1666418 – CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes
1666423 – CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes
1666428 – CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class
1666482 – CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class
1666484 – CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class
1666489 – CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class

5. References:

https://access.redhat.com/security/cve/CVE-2018-14718
https://access.redhat.com/security/cve/CVE-2018-14719
https://access.redhat.com/security/cve/CVE-2018-14720
https://access.redhat.com/security/cve/CVE-2018-14721
https://access.redhat.com/security/cve/CVE-2018-19360
https://access.redhat.com/security/cve/CVE-2018-19361
https://access.redhat.com/security/cve/CVE-2018-19362
https://access.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXueqxdzjgjWX9erEAQgwCA//ZwbtBt/RaVyCEfmNxSoEaXff9lQ1udLD
iMuq9a4MloE+4mfqibyAJLFCr4puqeIcfIR1jwbLUsSPCV2enlo08xAkmtU8d6/0
DADRcFxt93eAZBd8hbm1GP4fAI0y8c/PvevuO5n6mkf0fw0LO3wY5EnpvF673oHz
yUjgjgi/v6jTk8LqhOW5gNDDbOyRj7brLHE3t3WFFBE1Osu5fD2g3+yjNk+ONMFK
sEvErBebBHhOH1OSwCVSWDVa+OYAeKWua5mH9UiILD2sWqyMY0x+4JcDQMsR4S2m
QgEunCBlZrD4RxAJcW4PWeEmTBbt8VAyXG6PlnmMEVYlDIpHAAcDepU2dOBompWZ
H8jGzMxHmmrjeMyVls6poAuIK0Rro8W/fSEHbHH4SRuO0E59FLGx5WD2lhgnQ9l8
Q0IUXiGdB+MtD8njwGEqRlnZ8Ipfmsgauoe32n0fvQfQPUXAf9GP4+OcYkl72kXr
2ilC1YmbGwUyA3vXekHAQ4spWUd83B++sFknoG/0KmgRNnCMwXjkYT3tjiJaz56U
afl9fBmXV/CKvL0A1KgzML8h8/aGu/IF1tpuDx+xwR9bJdn0fvN/Yi7FaPqcvn53
bwZ64TxYseGNPDpcUbr6qFiEzeNS9h9Vn3JwmbMYY20qytMr1K5ZZcWw2YbdwOG0
Lo4jPNpH0Hw=
=WCi+
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: EAP Continuous Delivery Technical Preview Release 18 security update
Advisory ID: RHSA-2020:2565-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2565
Issue date: 2020-06-15
CVE Names: CVE-2019-3805 CVE-2019-9511 CVE-2019-9512
CVE-2019-9514 CVE-2019-9515 CVE-2019-14838
CVE-2019-19343 CVE-2020-11619 CVE-2020-11620
=====================================================================

1. Summary:

This is a security update for JBoss EAP Continuous Delivery 18.0.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Description:

Red Hat JBoss Enterprise Application Platform CD18 is a platform for Java
applications based on the WildFly application runtime.

This release of Red Hat JBoss Enterprise Application Platform CD18 includes
bug fixes and enhancements.

Security Fix(es):

* jackson-databind: Serialization gadgets in org.springframework:spring-aop
(CVE-2020-11619)
* jackson-databind: Serialization gadgets in commons-jelly:commons-jelly
(CVE-2020-11620)
* wildfly: Race condition on PID file allows for termination of arbitrary
processes by local users (CVE-2019-3805)
* undertow: HTTP/2: large amount of data requests leads to denial of
service (CVE-2019-9511)
* undertow: HTTP/2: flood using HEADERS frames results in unbounded memory
growth (CVE-2019-9514)
* undertow: HTTP/2: flood using SETTINGS frames results in unbounded memory
growth (CVE-2019-9515)
* undertow: HTTP/2: flood using PING frames results in unbounded memory
growth (CVE-2019-9512)
* wildfly-core: Incorrect privileges for ‘Monitor’, ‘Auditor’ and
‘Deployer’ user by default (CVE-2019-14838)
* undertow: Memory Leak in Undertow HttpOpenListener due to holding
remoting connections indefinitely (CVE-2019-19343)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

Before applying this update, back up your existing Red Hat JBoss Enterprise
Application Platform installation and deployed applications.

You must restart the JBoss server process for the update to take effect.

The References section of this erratum contains a download link (you must
log in to download the update)

4. Bugs fixed (https://bugzilla.redhat.com/):

1660263 – CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users
1735645 – CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth
1735744 – CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth
1735745 – CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth
1741860 – CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service
1751227 – CVE-2019-14838 wildfly-core: Incorrect privileges for ‘Monitor’, ‘Auditor’ and ‘Deployer’ user by default
1780445 – CVE-2019-19343 Undertow: Memory Leak in Undertow HttpOpenListener due to holding remoting connections indefinitely
1826798 – CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly
1826805 – CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop

5. References:

https://access.redhat.com/security/cve/CVE-2019-3805
https://access.redhat.com/security/cve/CVE-2019-9511
https://access.redhat.com/security/cve/CVE-2019-9512
https://access.redhat.com/security/cve/CVE-2019-9514
https://access.redhat.com/security/cve/CVE-2019-9515
https://access.redhat.com/security/cve/CVE-2019-14838
https://access.redhat.com/security/cve/CVE-2019-19343
https://access.redhat.com/security/cve/CVE-2020-11619
https://access.redhat.com/security/cve/CVE-2020-11620
https://access.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXueq39zjgjWX9erEAQiVvw//WMAI8AuJgNj6ocD8JJbETwuAlv3Qjc2n
iZ29Nu4o7hQTR9GLyLu7f4Tcn9gzRfLUXFR4Ly0KknHTOluRcmYatf4pT1yM+1/Z
MP3SyS/HScdxvoKybcz0LgzT6D5HpfkskB49QYEQNI4TnWz88fKpET/fQc/kDUGS
mJ4EKGcZdYFzCHo2vuK28WCd1e612Dg2MSv7jfctJltwQQunJTsovKJdyFOaIUsV
U8GdYj8TL3PlARInizUioB/UA7tReRhkg97jjzQBqQXHUfNnwr3kSMHAWrANnvGx
m+1B+QLVdcT+22OvsXgdlksK4ceOleSFJ77kiIcuU9PSQ/FRArigDKrj5DQIUfjY
yG7xOE0h9AlMeoQUhyWikG0ZyYJ+v+S85cquWPZZiWuXesht8XAlyYpba1sz+Tuj
g/ASXhlUl9WRSAKIe6ijqNasi5vcs4kNnpcKJv4DZe+cJSLtU/QE9P7FUmXxJPuE
2MTonbkWRLtEAcOx6An0pJAQRGStqCCYd4hOP2KWcUgTe1rxbkidyq0ggo5LsRpT
+03VNDjJqkTBwTVc1OPEqCZYu4aa+45NJNDPwwiuse1BW0vw41SCoRDHe7QiWNrn
27CK6VcWpjJKybVLzKxkIas6MUJISdp7KAES5NgrKo/R3V3ycZCd2RJP0Ib8oevO
s+d7FrCZsfA=
=ZGb7
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: EAP Continuous Delivery Technical Preview Release 14 security update
Advisory ID: RHSA-2020:2563-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2563
Issue date: 2020-06-15
CVE Names: CVE-2017-7465 CVE-2017-7503
=====================================================================

1. Summary:

This is a security update for JBoss EAP Continuous Delivery 14.0.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Description:

Red Hat JBoss Enterprise Application Platform CD14 is a platform for Java
applications based on the WildFly application runtime.

This release of Red Hat JBoss Enterprise Application Platform CD14 includes
bug fixes and enhancements.

Security Fix(es):

* XML Frameworks: JBoss: JAXP in EAP 7.0 allows RCE via XSL (CVE-2017-7465)

* XML Frameworks: TransformerFactory in JBoss EAP 7 is vulnerable to XXE
(CVE-2017-7503)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

Before applying this update, back up your existing Red Hat JBoss Enterprise
Application Platform installation and deployed applications.

You must restart the JBoss server process for the update to take effect.

The References section of this erratum contains a download link (you must
log in to download the update)

4. Bugs fixed (https://bugzilla.redhat.com/):

1439980 – CVE-2017-7465 JBoss: JAXP in EAP 7.0 allows RCE via XSL
1451960 – CVE-2017-7503 EAP: XXE issue in TransformerFactory

5. References:

https://access.redhat.com/security/cve/CVE-2017-7465
https://access.redhat.com/security/cve/CVE-2017-7503
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=eap-cd&version=14

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXuefhdzjgjWX9erEAQhAlxAAmBc/npuEUSQ+mINPSy7w/B4E4A84TCdF
b0Hp05Kaz1rIcwS7kBeuspKNPIwckTmTlXwRrwMlUBVxCyxzZWItWRtM+yBeWwLJ
tbtDmVrZtJ81ZTiduS7W96r9f4QtmoDH0a9vsaFZq3SdATELq49O204T+PSTebqu
VgoTnDY7FzXickAOUl7JMTP2IupjlSdUe4FG+kHOL1qZqKPFXSOJEtv4gLTa0Wwp
JcwnA/oj2yd2c1kuNXR1+49oBGutgipB5SSLVO6LCwAzEBvDWxg+NtiInONqT5Fm
rcw3hJpWojW6k3U3a5XHMy9yUmCuNKfrHe+V/A1XotBexopDRoExpQNgAPH0a8A1
iuuCMWLvXkgYd8lfxt9ai5VVE+1lhl1f4GyWsKmO96EeNU2BxbzI21N+rtqWaOJf
MNheQs1zrLHFbDCC6ZRSozZfzQFivkYq1FrPcYKnBR+wRHdkVrkq/2cIpV1r75tW
OSL7HNSb+JRMflTuNIidQSIloXCCO5724McepOte48QhPOxIHyFuQS4974BB/4D+
TmeCkKyuqvcGOGgswYjo9ukMapoox/3ypAyV4NUBqJxqUsBgzR3ybd/rRObRajjt
68aGXoIprM0etxHYXkJhWlvV6rvku7vyELVgK1R/S03WMbkTAD/uzTPZaEjuF5GV
a2DmpK7QXIU=
=vXbI
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa rubygem-bundler

Otkriven je sigurnosni nedostatak u programskom paketu rubygem-bundler za operacijski sustav openSUSE. Otkriveni nedostatak potencijalnim napadačima omogućuje izvršavanje proizvoljnog programskog...

Close