—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: eap6-jboss-ec2-eap security update
Advisory ID: RHSA-2018:1451-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2018:1451
Issue date: 2018-05-14
CVE Names: CVE-2016-4978 CVE-2017-3163 CVE-2017-15095
CVE-2017-17485 CVE-2018-1304 CVE-2018-7489
CVE-2018-8088
=====================================================================
1. Summary:
An update for jboss-ec2-eap is now available for Red Hat JBoss Enterprise
Application Platform 6.4 for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server – noarch
3. Description:
The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise
Application Platform running on the Amazon Web Services (AWS) Elastic
Compute Cloud (EC2).
With this update, the jboss-ec2-eap package has been updated to ensure
compatibility with Red Hat JBoss Enterprise Application Platform 6.4.19.
Security Fix(es):
* jackson-databind: Unsafe deserialization due to incomplete black list
(incomplete fix for CVE-2017-7525) (CVE-2017-15095)
* jackson-databind: Unsafe deserialization due to incomplete black list
(incomplete fix for CVE-2017-15095) (CVE-2017-17485)
* slf4j: Deserialisation vulnerability in EventData constructor can allow
for arbitrary code execution (CVE-2018-8088)
* Apache ActiveMQ Artemis: Deserialization of untrusted input vulnerability
(CVE-2016-4978)
* solr: Directory traversal via Index Replication HTTP API (CVE-2017-3163)
* tomcat: Incorrect handling of empty string URL in security constraints
can lead to unintended exposure of resources (CVE-2018-1304)
* jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe
serialization via c3p0 libraries (CVE-2018-7489)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting
CVE-2017-15095; 0c0c0f from 360观星实验室 for reporting CVE-2017-17485; and
Chris McCown for reporting CVE-2018-8088.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1379207 – CVE-2016-4978 Apache ActiveMQ Artemis: Deserialization of untrusted input vulnerability
1454783 – CVE-2017-3163 solr: Directory traversal via Index Replication HTTP API
1506612 – CVE-2017-15095 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)
1528565 – CVE-2017-17485 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)
1548289 – CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources
1548909 – CVE-2018-8088 slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution
1549276 – CVE-2018-7489 jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries
6. Package List:
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server:
Source:
jboss-ec2-eap-7.5.20-1.Final_redhat_1.ep6.el6.src.rpm
noarch:
jboss-ec2-eap-7.5.20-1.Final_redhat_1.ep6.el6.noarch.rpm
jboss-ec2-eap-samples-7.5.20-1.Final_redhat_1.ep6.el6.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-4978
https://access.redhat.com/security/cve/CVE-2017-3163
https://access.redhat.com/security/cve/CVE-2017-15095
https://access.redhat.com/security/cve/CVE-2017-17485
https://access.redhat.com/security/cve/CVE-2018-1304
https://access.redhat.com/security/cve/CVE-2018-7489
https://access.redhat.com/security/cve/CVE-2018-8088
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=6.4
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBWvsEQNzjgjWX9erEAQi2Uw//fWZw3S+74RE5QsGa2TNb/88mQ1unTJCU
ORG2da5MOL0lk3i2mTeLzme0r6KeZ76l7LWTHcH2sp2cTsCRE1/TcYiLKCZTvSFU
H5uMeZjkPtFpb150OrStTscNRQpxgbcI/EGJKE++hgyoDS2tTPqP2HTwB51twgZA
hoRz9fuml2myRSjhlUcLcsNdcyjbqeEV0iueSZmrjctFlXQSCx0MXbR/vXB3Tp+W
BM+gdvNDaHvuF/0NHEuMpyy51cPZVnrMLzBt+jIlcb+9WET+nqR4l/5q9p3KbPaC
YjvrhTr4LYUG8GoTPXcSVVrDXKILwJhKGNOehwl44VPM+/mhFbSAKLIVbvAgL3an
bvMXwvX6WYo6zB8brNaOTL3Ios+zsJHfWi03XMSLNeAzIN/pRNvbmt/MTt+cngUg
gb7stlyhdMYhmrTjhfUGL7F5kb7kfeQmo1pGlCLrqwKa2mcKrsnHUR6W2RRk0Cxt
JDsALNjqdNiIIwffqBJQgTXgaeKX6bgOMlIACMR9UdUOM2k8NvbRf7weRKoMfB8b
l8bmYDs+K91IkPp2dQAzevmCH7On773JKby8dKp7Xkop5NJ4QJ7t0Mz+FqApOZpz
IkX5+VnjhNmiDJcDllfQGnTB1/YCX21vWDNz8U0ks+HfGSYUUbwdXeUzp9O9JgHt
dvdLMZF/NhE=
=a1kv
—–END PGP SIGNATURE—–
—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Enterprise Application Platform 6.4.20 security update
Advisory ID: RHSA-2018:1450-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2018:1450
Issue date: 2018-05-14
CVE Names: CVE-2016-4978 CVE-2017-3163 CVE-2017-7525
CVE-2017-15095 CVE-2017-17485 CVE-2018-1304
CVE-2018-7489 CVE-2018-8088
=====================================================================
1. Summary:
An update is now available for Red Hat JBoss Enterprise Application
Platform 6.4 for Red Hat Enterprise Linux 5.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server – noarch
3. Description:
Red Hat JBoss Enterprise Application Platform is a platform for Java
applications based on the JBoss Application Server.
This release of Red Hat JBoss Enterprise Application Platform 6.4.20 serves
as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.19,
and includes bug fixes and enhancements, which are documented in the
Release Notes document linked to in the References.
Security Fix(es):
* jackson-databind: Unsafe deserialization due to incomplete black list
(incomplete fix for CVE-2017-7525) (CVE-2017-15095)
* jackson-databind: Unsafe deserialization due to incomplete black list
(incomplete fix for CVE-2017-15095) (CVE-2017-17485)
* slf4j: Deserialisation vulnerability in EventData constructor can allow
for arbitrary code execution (CVE-2018-8088)
* Apache ActiveMQ Artemis: Deserialization of untrusted input vulnerability
(CVE-2016-4978)
* solr: Directory traversal via Index Replication HTTP API (CVE-2017-3163)
* tomcat: Incorrect handling of empty string URL in security constraints
can lead to unintended exposure of resources (CVE-2018-1304)
* jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe
serialization via c3p0 libraries (CVE-2018-7489)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting
CVE-2017-15095; 0c0c0f from 360观星实验室 for reporting CVE-2017-17485; and
Chris McCown for reporting CVE-2018-8088.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1379207 – CVE-2016-4978 Apache ActiveMQ Artemis: Deserialization of untrusted input vulnerability
1454783 – CVE-2017-3163 solr: Directory traversal via Index Replication HTTP API
1506612 – CVE-2017-15095 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)
1528565 – CVE-2017-17485 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)
1548289 – CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources
1548909 – CVE-2018-8088 slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution
1549276 – CVE-2018-7489 jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries
1559009 – RHEL5 RPMs: Upgrade jbossweb to 7.5.28.Final-redhat-1
1559012 – RHEL5 RPMs: Upgrade jbossts to 4.17.43.Final-redhat-1
1559017 – RHEL5 RPMs: Upgrade jgroups to 3.2.18.Final-redhat-1
6. Package List:
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server:
Source:
codehaus-jackson-1.9.9-12.redhat_6.1.ep6.el5.src.rpm
hornetq-2.3.25-26.SP24_redhat_1.1.ep6.el5.src.rpm
jboss-as-appclient-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-cli-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-client-all-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-clustering-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-cmp-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-configadmin-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-connector-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-controller-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-controller-client-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-core-security-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-deployment-repository-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-deployment-scanner-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-domain-http-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-domain-management-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-ee-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-ee-deployment-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-ejb3-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-embedded-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-host-controller-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-jacorb-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-jaxr-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-jaxrs-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-jdr-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-jmx-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-jpa-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-jsf-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-jsr77-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-logging-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-mail-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-management-client-content-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-messaging-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-modcluster-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-naming-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-network-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-osgi-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-osgi-configadmin-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-osgi-service-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-picketlink-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-platform-mbean-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-pojo-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-process-controller-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-protocol-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-remoting-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-sar-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-security-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-server-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-system-jmx-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-threads-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-transactions-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-version-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-web-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-webservices-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-weld-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jboss-as-xts-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jbossas-appclient-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jbossas-bundles-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jbossas-core-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jbossas-domain-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jbossas-javadocs-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jbossas-modules-eap-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jbossas-product-eap-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jbossas-standalone-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jbossas-welcome-content-eap-7.5.20-1.Final_redhat_1.1.ep6.el5.src.rpm
jbossts-4.17.43-1.Final_redhat_1.1.ep6.el5.src.rpm
jbossweb-7.5.28-1.Final_redhat_1.1.ep6.el5.src.rpm
jgroups-3.2.18-1.Final_redhat_1.1.ep6.el5.src.rpm
lucene-solr-3.6.2-8.redhat_9.1.ep6.el5.src.rpm
picketbox-4.1.7-1.Final_redhat_1.1.ep6.el5.src.rpm
noarch:
codehaus-jackson-1.9.9-12.redhat_6.1.ep6.el5.noarch.rpm
codehaus-jackson-core-asl-1.9.9-12.redhat_6.1.ep6.el5.noarch.rpm
codehaus-jackson-jaxrs-1.9.9-12.redhat_6.1.ep6.el5.noarch.rpm
codehaus-jackson-mapper-asl-1.9.9-12.redhat_6.1.ep6.el5.noarch.rpm
codehaus-jackson-xc-1.9.9-12.redhat_6.1.ep6.el5.noarch.rpm
hornetq-2.3.25-26.SP24_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-appclient-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-cli-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-client-all-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-clustering-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-cmp-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-configadmin-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-connector-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-controller-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-controller-client-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-core-security-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-deployment-repository-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-deployment-scanner-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-domain-http-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-domain-management-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-ee-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-ee-deployment-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-ejb3-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-embedded-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-host-controller-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-jacorb-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-jaxr-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-jaxrs-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-jdr-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-jmx-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-jpa-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-jsf-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-jsr77-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-logging-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-mail-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-management-client-content-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-messaging-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-modcluster-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-naming-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-network-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-osgi-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-osgi-configadmin-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-osgi-service-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-picketlink-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-platform-mbean-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-pojo-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-process-controller-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-protocol-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-remoting-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-sar-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-security-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-server-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-system-jmx-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-threads-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-transactions-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-version-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-web-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-webservices-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-weld-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jboss-as-xts-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jbossas-appclient-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jbossas-bundles-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jbossas-core-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jbossas-domain-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jbossas-javadocs-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jbossas-modules-eap-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jbossas-product-eap-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jbossas-standalone-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jbossas-welcome-content-eap-7.5.20-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jbossts-4.17.43-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jbossweb-7.5.28-1.Final_redhat_1.1.ep6.el5.noarch.rpm
jgroups-3.2.18-1.Final_redhat_1.1.ep6.el5.noarch.rpm
lucene-solr-3.6.2-8.redhat_9.1.ep6.el5.noarch.rpm
picketbox-4.1.7-1.Final_redhat_1.1.ep6.el5.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-4978
https://access.redhat.com/security/cve/CVE-2017-3163
https://access.redhat.com/security/cve/CVE-2017-7525
https://access.redhat.com/security/cve/CVE-2017-15095
https://access.redhat.com/security/cve/CVE-2017-17485
https://access.redhat.com/security/cve/CVE-2018-1304
https://access.redhat.com/security/cve/CVE-2018-7489
https://access.redhat.com/security/cve/CVE-2018-8088
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=6.4
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBWvsD89zjgjWX9erEAQhOLA//SzcrjC+Er08eGyBQqZF7atyqzrAW71Me
FDvltEEDdnG2AafpkMge+4VwOi35RVteF82Fh45lT8zvqlpDCjQTonMS/m/6+eKZ
IguzZJ1I0KVwvdXbBwJE1ENf0EbmDN0VzvqNCqrBQXAoNGW2zptl8jG6s0rgUo9c
JJMO9QZT1UzG/pc/jF97LTlVTxHje6YbvdqJE3q5s47NK1OHd5Nt5djcLPdxJ81E
w25ZFe2k8cXVkDOOy5b+z4+9RK6tGQrAAqFgUb1Z+TTmms4SPl0PMyH0xO9yiS2P
VyJa1+gLkZ5SdgV2QVIdPRR71k/1wruVzLlHO+gKEQE/9RdkiRVSG8F7YSO1BU0S
QiUB/KxlwzoK31xmCw4zaf1F2L+cvEt3KXROVTBGoEfnhshVH6sXt4BraTPqQr50
Ku+3fFfMcERmPN3KUCUwwN67anEWPsH2waL6uLf4IhTqH3h8TlRVAAhx9pWgeP9V
QA3zEXNV4k3p+ZrYIu9oxmo97h5noXYXCnTJcEiuurdTwDrLCLIJLVZIviMRaGT9
k/pXWw6kT3REyA8VPcF+gvatT0zd8NVKWda8a01bBa89JvSKIQ0npvjeJ07kvPV5
T3hVjl8wwtVauclnDdDq8lO+fKnW/ofYH139LRf1fNALuv9h8bgEW2g9Cq7Pig7a
tasmbwRTfPo=
=/aPY
—–END PGP SIGNATURE—–
—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Enterprise Application Platform 6.4.20 security update
Advisory ID: RHSA-2018:1447-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2018:1447
Issue date: 2018-05-14
CVE Names: CVE-2016-4978 CVE-2017-3163 CVE-2017-15095
CVE-2017-17485 CVE-2018-1304 CVE-2018-7489
CVE-2018-8088
=====================================================================
1. Summary:
Updated packages that provide Red Hat JBoss Enterprise Application Platform
6.4.20, fixes several bugs, and adds various enhancements are now available
from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Description:
Red Hat JBoss Enterprise Application Platform is a platform for Java
applications based on the JBoss Application Server.
This release of Red Hat JBoss Enterprise Application Platform 6.4.20 serves
as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.19,
and includes bug fixes and enhancements, which are documented in the
Release Notes document linked to in the References.
Security Fix(es):
* jackson-databind: Unsafe deserialization due to incomplete black list
(incomplete fix for CVE-2017-7525) (CVE-2017-15095)
* jackson-databind: Unsafe deserialization due to incomplete black list
(incomplete fix for CVE-2017-15095) (CVE-2017-17485)
* slf4j: Deserialisation vulnerability in EventData constructor can allow
for arbitrary code execution (CVE-2018-8088)
* Apache ActiveMQ Artemis: Deserialization of untrusted input vulnerability
(CVE-2016-4978)
* solr: Directory traversal via Index Replication HTTP API (CVE-2017-3163)
* tomcat: Incorrect handling of empty string URL in security constraints
can lead to unintended exposure of resources (CVE-2018-1304)
* jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe
serialization via c3p0 libraries (CVE-2018-7489)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting
CVE-2017-15095; 0c0c0f from 360观星实验室 for reporting CVE-2017-17485; and
Chris McCown for reporting CVE-2018-8088.
3. Solution:
Before applying this update, back up your existing Red Hat JBoss Enterprise
Application Platform installation and deployed applications.
The References section of this erratum contains a download link (you must
log in to download the update).
The JBoss server process must be restarted for the update to take effect.
4. Bugs fixed (https://bugzilla.redhat.com/):
1379207 – CVE-2016-4978 Apache ActiveMQ Artemis: Deserialization of untrusted input vulnerability
1454783 – CVE-2017-3163 solr: Directory traversal via Index Replication HTTP API
1506612 – CVE-2017-15095 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)
1528565 – CVE-2017-17485 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)
1548289 – CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources
1548909 – CVE-2018-8088 slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution
1549276 – CVE-2018-7489 jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries
5. References:
https://access.redhat.com/security/cve/CVE-2016-4978
https://access.redhat.com/security/cve/CVE-2017-3163
https://access.redhat.com/security/cve/CVE-2017-15095
https://access.redhat.com/security/cve/CVE-2017-17485
https://access.redhat.com/security/cve/CVE-2018-1304
https://access.redhat.com/security/cve/CVE-2018-7489
https://access.redhat.com/security/cve/CVE-2018-8088
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=6.4
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=6.4
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBWvsEmNzjgjWX9erEAQh+dA/9Hwoznus8lr2APaYfs/Rn73AdYsdnFXTw
nHvBucWF67wteSmPCWjXQkqN+DYJ5UC38jEi0Vl0vRWtAYQ1kY6dTsocJgnSu6cF
VgJR9ou2hVeca9zxLETJ1rV8i5fJ0v1MJHl712cwlHmP3b9xzL0sdkwfxHF0do81
naChrYdIU8lmxn5bHzxrCcVMJ1KBRPfXmY3hcq8FKcQRYESF9jbdNzM9J4xGt0xO
IVJDhn9r/9FeOqDihLJLRqoieAojavJpVnPtJgwvImczfXztRT4uk7k6I+9a3U3a
IO0LGVVBg4MEryBOTlhfA6+0y6D6japDJn1p9ZNEZINDcmUS25lmpMzMgJcSPXze
Ms+OqM46fmg87U7jb4d5JgCQ1Oq7mbTUjqyTGBLCgYkpZDix4mD1pJScxhIile6w
3OZlGuKkx9iQisii5RFdifNHThLU7oDgAGAuJH0FEQNyjMLSWq/XYlWNuxUo3c5V
li5s9HICrIq5T5w0N0qmZ51QnTAigkRBxjmotAz/u6YmT5+3ejsm5z+SFcO8aVwf
qIWjiP/TXOOsmzaZx+C1Ocz2NUSfUpYKzD33GqhMXmfbBLoL5pjTzsC8D0CGKeXl
g+8yzWwAYFL/U5c/LVoPj8Dc+DXogj7oa5sCSSZPBgubUB8v+JI+y7NQLWFQ1u53
EeN19iZXUZQ=
=hr11
—–END PGP SIGNATURE—–
—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Enterprise Application Platform 6.4.20 security update
Advisory ID: RHSA-2018:1449-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2018:1449
Issue date: 2018-05-14
CVE Names: CVE-2016-4978 CVE-2017-3163 CVE-2017-7525
CVE-2017-15095 CVE-2017-17485 CVE-2018-1304
CVE-2018-7489 CVE-2018-8088
=====================================================================
1. Summary:
An update is now available for Red Hat JBoss Enterprise Application
Platform 6.4 for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server – noarch
3. Description:
Red Hat JBoss Enterprise Application Platform is a platform for Java
applications based on the JBoss Application Server.
This release of Red Hat JBoss Enterprise Application Platform 6.4.20 serves
as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.19,
and includes bug fixes and enhancements, which are documented in the
Release Notes document linked to in the References.
Security Fix(es):
* jackson-databind: Unsafe deserialization due to incomplete black list
(incomplete fix for CVE-2017-7525) (CVE-2017-15095)
* jackson-databind: Unsafe deserialization due to incomplete black list
(incomplete fix for CVE-2017-15095) (CVE-2017-17485)
* slf4j: Deserialisation vulnerability in EventData constructor can allow
for arbitrary code execution (CVE-2018-8088)
* Apache ActiveMQ Artemis: Deserialization of untrusted input vulnerability
(CVE-2016-4978)
* solr: Directory traversal via Index Replication HTTP API (CVE-2017-3163)
* tomcat: Incorrect handling of empty string URL in security constraints
can lead to unintended exposure of resources (CVE-2018-1304)
* jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe
serialization via c3p0 libraries (CVE-2018-7489)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting
CVE-2017-15095; 0c0c0f from 360观星实验室 for reporting CVE-2017-17485; and
Chris McCown for reporting CVE-2018-8088.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1379207 – CVE-2016-4978 Apache ActiveMQ Artemis: Deserialization of untrusted input vulnerability
1454783 – CVE-2017-3163 solr: Directory traversal via Index Replication HTTP API
1506612 – CVE-2017-15095 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)
1528565 – CVE-2017-17485 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)
1548289 – CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources
1548909 – CVE-2018-8088 slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution
1549276 – CVE-2018-7489 jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries
1559008 – RHEL6 RPMs: Upgrade jbossweb to 7.5.28.Final-redhat-1
1559011 – RHEL6 RPMs: Upgrade jbossts to 4.17.43.Final-redhat-1
1559016 – RHEL6 RPMs: Upgrade jgroups to 3.2.18.Final-redhat-1
6. Package List:
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server:
Source:
codehaus-jackson-1.9.9-12.redhat_6.1.ep6.el6.src.rpm
hornetq-2.3.25-26.SP24_redhat_1.1.ep6.el6.src.rpm
jboss-as-appclient-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-cli-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-client-all-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-clustering-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-cmp-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-configadmin-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-connector-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-controller-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-controller-client-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-core-security-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-deployment-repository-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-deployment-scanner-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-domain-http-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-domain-management-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-ee-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-ee-deployment-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-ejb3-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-embedded-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-host-controller-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-jacorb-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-jaxr-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-jaxrs-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-jdr-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-jmx-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-jpa-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-jsf-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-jsr77-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-logging-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-mail-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-management-client-content-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-messaging-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-modcluster-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-naming-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-network-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-osgi-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-osgi-configadmin-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-osgi-service-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-picketlink-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-platform-mbean-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-pojo-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-process-controller-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-protocol-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-remoting-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-sar-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-security-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-server-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-system-jmx-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-threads-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-transactions-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-version-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-web-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-webservices-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-weld-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jboss-as-xts-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jbossas-appclient-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jbossas-bundles-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jbossas-core-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jbossas-domain-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jbossas-javadocs-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jbossas-modules-eap-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jbossas-product-eap-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jbossas-standalone-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jbossas-welcome-content-eap-7.5.20-1.Final_redhat_1.1.ep6.el6.src.rpm
jbossts-4.17.43-1.Final_redhat_1.1.ep6.el6.src.rpm
jbossweb-7.5.28-1.Final_redhat_1.1.ep6.el6.src.rpm
jgroups-3.2.18-1.Final_redhat_1.1.ep6.el6.src.rpm
lucene-solr-3.6.2-8.redhat_9.1.ep6.el6.src.rpm
picketbox-4.1.7-1.Final_redhat_1.1.ep6.el6.src.rpm
noarch:
codehaus-jackson-1.9.9-12.redhat_6.1.ep6.el6.noarch.rpm
codehaus-jackson-core-asl-1.9.9-12.redhat_6.1.ep6.el6.noarch.rpm
codehaus-jackson-jaxrs-1.9.9-12.redhat_6.1.ep6.el6.noarch.rpm
codehaus-jackson-mapper-asl-1.9.9-12.redhat_6.1.ep6.el6.noarch.rpm
codehaus-jackson-xc-1.9.9-12.redhat_6.1.ep6.el6.noarch.rpm
hornetq-2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-appclient-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-cli-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-client-all-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-clustering-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-cmp-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-configadmin-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-connector-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-controller-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-controller-client-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-core-security-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-deployment-repository-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-deployment-scanner-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-domain-http-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-domain-management-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-ee-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-ee-deployment-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-ejb3-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-embedded-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-host-controller-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-jacorb-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-jaxr-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-jaxrs-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-jdr-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-jmx-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-jpa-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-jsf-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-jsr77-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-logging-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-mail-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-management-client-content-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-messaging-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-modcluster-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-naming-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-network-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-osgi-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-osgi-configadmin-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-osgi-service-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-picketlink-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-platform-mbean-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-pojo-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-process-controller-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-protocol-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-remoting-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-sar-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-security-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-server-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-system-jmx-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-threads-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-transactions-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-version-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-web-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-webservices-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-weld-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-xts-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jbossas-appclient-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jbossas-bundles-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jbossas-core-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jbossas-domain-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jbossas-javadocs-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jbossas-modules-eap-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jbossas-product-eap-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jbossas-standalone-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jbossas-welcome-content-eap-7.5.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jbossts-4.17.43-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jbossweb-7.5.28-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jgroups-3.2.18-1.Final_redhat_1.1.ep6.el6.noarch.rpm
lucene-solr-3.6.2-8.redhat_9.1.ep6.el6.noarch.rpm
picketbox-4.1.7-1.Final_redhat_1.1.ep6.el6.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-4978
https://access.redhat.com/security/cve/CVE-2017-3163
https://access.redhat.com/security/cve/CVE-2017-7525
https://access.redhat.com/security/cve/CVE-2017-15095
https://access.redhat.com/security/cve/CVE-2017-17485
https://access.redhat.com/security/cve/CVE-2018-1304
https://access.redhat.com/security/cve/CVE-2018-7489
https://access.redhat.com/security/cve/CVE-2018-8088
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=6.4
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBWvsFhtzjgjWX9erEAQgqnxAAmKdxpAUfDW40UOqn0PCdRaXn4BXvamKh
4ug9Zjy7YTLv+eZ2cc0G3P1DkA095p140RwrtK0xzVVee6ZNLY0+9Zl496sNhIDw
MrQfPUJdDfiLGPFRUKiSwiMwpbifMshZ4HifgOf2NdnMuiiZjh8k1E0+tEzpEuZD
DZBz/c/r5EMIVTIfAByWCBo/1Me5Hk/OcH7Ljxw5GlT+rFqrqnnpURXpStJ0JD/2
UaDuM/avzUCeqxdo3KQFrfCJ76uiB0ZfZMtQCfATsA0BwjKoWuNJ02Np6/9+GsO9
R+Q5wglAvMzx45vUlyy/mSwhpaJArQfVzmnJIP8wrVC1Wqqk+qFhKtMkix92OUfC
jvfYXk/i/YWn4XZ6VDGMdyjNAQknBYUpc96AVuXTOZMeqO+qliY/fnmzxfYWppP7
OETQMe/G6RFkycEULiQ4bPo5gPfR8KpkPtSkMG59mC42GSDKyGq/A6g0oB7DS21L
0Y3XKx2itR7DKKH2VeFx92TBPD4I/s21YmwwVhnEM/peNX+Gv5frwwzuDMHBU2B3
FLyCDwzS7yCY7WXRcR5p5O0+t4C2EA474Eeakm5EF8zajdsSXbOwDVwoyOVwXpyN
NnllDv7gWg6NzIf8IbdJZsMSE+3T9/74jqs8qv+WPadoJI1FksQ1jsoQLmHzIOby
U4oWU70LrdI=
=KCSb
—–END PGP SIGNATURE—–
—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Enterprise Application Platform 6.4.20 security update
Advisory ID: RHSA-2018:1448-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2018:1448
Issue date: 2018-05-14
CVE Names: CVE-2016-4978 CVE-2017-3163 CVE-2017-15095
CVE-2017-17485 CVE-2018-1304 CVE-2018-7489
CVE-2018-8088
=====================================================================
1. Summary:
An update is now available for Red Hat JBoss Enterprise Application
Platform 6.4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server – noarch
3. Description:
Red Hat JBoss Enterprise Application Platform is a platform for Java
applications based on the JBoss Application Server.
This release of Red Hat JBoss Enterprise Application Platform 6.4.20 serves
as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.19,
and includes bug fixes and enhancements, which are documented in the
Release Notes document linked to in the References.
Security Fix(es):
* jackson-databind: Unsafe deserialization due to incomplete black list
(incomplete fix for CVE-2017-7525) (CVE-2017-15095)
* jackson-databind: Unsafe deserialization due to incomplete black list
(incomplete fix for CVE-2017-15095) (CVE-2017-17485)
* slf4j: Deserialisation vulnerability in EventData constructor can allow
for arbitrary code execution (CVE-2018-8088)
* Apache ActiveMQ Artemis: Deserialization of untrusted input vulnerability
(CVE-2016-4978)
* solr: Directory traversal via Index Replication HTTP API (CVE-2017-3163)
* tomcat: Incorrect handling of empty string URL in security constraints
can lead to unintended exposure of resources (CVE-2018-1304)
* jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe
serialization via c3p0 libraries (CVE-2018-7489)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting
CVE-2017-15095; 0c0c0f from 360观星实验室 for reporting CVE-2017-17485; and
Chris McCown for reporting CVE-2018-8088.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1379207 – CVE-2016-4978 Apache ActiveMQ Artemis: Deserialization of untrusted input vulnerability
1454783 – CVE-2017-3163 solr: Directory traversal via Index Replication HTTP API
1506612 – CVE-2017-15095 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)
1528565 – CVE-2017-17485 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)
1548289 – CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources
1548909 – CVE-2018-8088 slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution
1549276 – CVE-2018-7489 jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries
1559010 – RHEL7 RPMs: Upgrade jbossweb to 7.5.28.Final-redhat-1
1559013 – RHEL7 RPMs: Upgrade jbossts to 4.17.43.Final-redhat-1
1559018 – RHEL7 RPMs: Upgrade jgroups to 3.2.18.Final-redhat-1
6. Package List:
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server:
Source:
codehaus-jackson-1.9.9-12.redhat_6.1.ep6.el7.src.rpm
hornetq-2.3.25-26.SP24_redhat_1.1.ep6.el7.src.rpm
jboss-as-appclient-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-cli-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-client-all-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-clustering-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-cmp-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-configadmin-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-connector-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-controller-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-controller-client-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-core-security-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-deployment-repository-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-deployment-scanner-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-domain-http-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-domain-management-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-ee-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-ee-deployment-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-ejb3-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-embedded-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-host-controller-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-jacorb-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-jaxr-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-jaxrs-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-jdr-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-jmx-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-jpa-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-jsf-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-jsr77-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-logging-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-mail-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-management-client-content-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-messaging-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-modcluster-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-naming-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-network-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-osgi-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-osgi-configadmin-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-osgi-service-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-picketlink-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-platform-mbean-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-pojo-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-process-controller-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-protocol-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-remoting-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-sar-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-security-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-server-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-system-jmx-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-threads-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-transactions-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-version-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-web-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-webservices-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-weld-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jboss-as-xts-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jbossas-appclient-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jbossas-bundles-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jbossas-core-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jbossas-domain-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jbossas-javadocs-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jbossas-modules-eap-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jbossas-product-eap-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jbossas-standalone-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jbossas-welcome-content-eap-7.5.20-1.Final_redhat_1.1.ep6.el7.src.rpm
jbossts-4.17.43-1.Final_redhat_1.1.ep6.el7.src.rpm
jbossweb-7.5.28-1.Final_redhat_1.1.ep6.el7.src.rpm
jgroups-3.2.18-1.Final_redhat_1.1.ep6.el7.src.rpm
lucene-solr-3.6.2-8.redhat_9.1.ep6.el7.src.rpm
picketbox-4.1.7-1.Final_redhat_1.1.ep6.el7.src.rpm
noarch:
codehaus-jackson-1.9.9-12.redhat_6.1.ep6.el7.noarch.rpm
codehaus-jackson-core-asl-1.9.9-12.redhat_6.1.ep6.el7.noarch.rpm
codehaus-jackson-jaxrs-1.9.9-12.redhat_6.1.ep6.el7.noarch.rpm
codehaus-jackson-mapper-asl-1.9.9-12.redhat_6.1.ep6.el7.noarch.rpm
codehaus-jackson-xc-1.9.9-12.redhat_6.1.ep6.el7.noarch.rpm
hornetq-2.3.25-26.SP24_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-appclient-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-cli-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-client-all-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-clustering-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-cmp-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-configadmin-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-connector-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-controller-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-controller-client-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-core-security-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-deployment-repository-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-deployment-scanner-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-domain-http-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-domain-management-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-ee-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-ee-deployment-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-ejb3-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-embedded-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-host-controller-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-jacorb-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-jaxr-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-jaxrs-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-jdr-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-jmx-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-jpa-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-jsf-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-jsr77-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-logging-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-mail-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-management-client-content-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-messaging-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-modcluster-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-naming-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-network-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-osgi-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-osgi-configadmin-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-osgi-service-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-picketlink-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-platform-mbean-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-pojo-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-process-controller-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-protocol-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-remoting-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-sar-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-security-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-server-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-system-jmx-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-threads-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-transactions-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-version-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-web-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-webservices-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-weld-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jboss-as-xts-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jbossas-appclient-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jbossas-bundles-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jbossas-core-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jbossas-domain-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jbossas-javadocs-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jbossas-modules-eap-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jbossas-product-eap-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jbossas-standalone-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jbossas-welcome-content-eap-7.5.20-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jbossts-4.17.43-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jbossweb-7.5.28-1.Final_redhat_1.1.ep6.el7.noarch.rpm
jgroups-3.2.18-1.Final_redhat_1.1.ep6.el7.noarch.rpm
lucene-solr-3.6.2-8.redhat_9.1.ep6.el7.noarch.rpm
picketbox-4.1.7-1.Final_redhat_1.1.ep6.el7.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-4978
https://access.redhat.com/security/cve/CVE-2017-3163
https://access.redhat.com/security/cve/CVE-2017-15095
https://access.redhat.com/security/cve/CVE-2017-17485
https://access.redhat.com/security/cve/CVE-2018-1304
https://access.redhat.com/security/cve/CVE-2018-7489
https://access.redhat.com/security/cve/CVE-2018-8088
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=6.4
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBWvsGXdzjgjWX9erEAQgIwhAAnXfL/RKyr+QK/+4jto3Jr0N74Jcyxlu4
0NYgUC8mpQLeK/9VaXdtUN9Ni2QdXgw/mZ2gryUHOP+6wqcKv8Mz3Vt3wmEZnRwf
X40x3LNFGe48u8DY73AeqTdex7WFhSkLonNVjJjMo4kfmAiL4LbkvitfGsLDx1s/
x2KwZ9GPMn4cmXassNeDsYkQ/nBp1fTkad674bvGBoAZ+HJkpxWFFEaQE+odqGB/
+T4FpbrjiO7GewLIGjIVQBEPyVsx8QNseCX6xby/2643QmiZBAy2sn7gfuU+qV2y
9d7FYGipebEzVdpfD2LwY3Mw6m6eWVQzwsClKXKDuUyYhTftXPHGCs6Ffu2oquTe
fkXv23oBCwTrGajwm7vSV2RHfgTlHgW1NxFtKNy9EuUG5v3pCsyw81Q/HEz5H3B2
J0+uyOvxC/vo8p28X2IrhI9dg1xGu8sqz4xMDHNN9BLdf45hlt+p0h7o6TcRFnNJ
GvV3ja1IaE1ftFqgSnzk2LeOVKqXZDU4f00nZvV2ygA/8C3nO7jj0Ez6kXGQBiZq
wt2INx58jf6XQyvf1AQeGr6hTvq2PVwShPoZWh13cqv2ePBwEisiYFeQFD22/TD/
QJ4aLB+nrGSI/VM/2euPh34mkO+W0vMhMFPEbLb78F0L+AMb1XIJLkIZ4Doyy2Zg
gIzTBuPCpfQ=
=P0Y7
—–END PGP SIGNATURE—–
—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce