Login
Newsletter
Werbung

Sicherheit: Preisgabe von Informationen in JBoss
Aktuelle Meldungen Distributionen
Name: Preisgabe von Informationen in JBoss
ID: RHSA-2018:3528-01
Distribution: Red Hat
Plattformen: Red Hat JBoss Enterprise Application Platform
Datum: Do, 8. November 2018, 17:39
Referenzen: https://access.redhat.com/security/cve/CVE-2018-14627
Applikationen: JBoss

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Red Hat JBoss Enterprise Application Platform
7.1.5 on RHEL 7 security update
Advisory ID: RHSA-2018:3528-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2018:3528
Issue date: 2018-11-08
CVE Names: CVE-2018-14627
=====================================================================

1. Summary:

An update is now available for Red Hat JBoss Enterprise Application
Platform 7.1 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server - noarch,
x86_64

3. Description:

Red Hat JBoss Enterprise Application Platform is a platform for Java
applications based on the JBoss Application Server.

This release of Red Hat JBoss Enterprise Application Platform 7.1.5 serves
as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.4,
and includes bug fixes and enhancements, which are documented in the
Release Notes document linked to in the References.

Security Fix(es):

* wildfly-iiop-openjdk: iiop does not honour strict transport
confidentiality (CVE-2018-14627)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1624664 - CVE-2018-14627 JBoss/WildFly: iiop does not honour strict transport
confidentiality

6. JIRA issues fixed (https://issues.jboss.org/):

JBEAP-14939 - (7.1.z) Upgrade Elytron from 1.1.10.Final to 1.1.11.Final
JBEAP-14950 - (7.1.z) Upgrade wildfly-client-config from 1.0.0 to 1.0.1
JBEAP-14958 - [GSS](7.1.z) Upgrade Undertow from 1.4.18.SP8 to 1.4.18.SP9
JBEAP-14987 - [GSS](7.1.z) Upgrade ActiveMQ Artemis from 1.5.5.jbossorg-013 to
1.5.5.jbossorg-014
JBEAP-14997 - [GSS](7.1.z) Upgrade Hibernate ORM from 5.1.15 to 5.1.16
JBEAP-15013 - [GSS](7.1.z) Upgrade to ironjacamar from 1.4.10 Final to 1.4.11
Final
JBEAP-15015 - Tracker bug for the EAP 7.1.5 release for RHEL-7
JBEAP-15025 - (7.1.z) Upgrade WildFly Core to 3.0.19.Final-redhat-1
JBEAP-15043 - (7.1.z) Upgrade PicketLink from 2.5.5.SP12 to 2.5.5.SP12-redhat-2
JBEAP-15065 - [GSS](7.1.z) Upgrade Migration Tool from 1.0.6.Final-redhat-3 to
1.0.7.Final-redhat-1
JBEAP-15072 - [GSS](7.1.z) Upgrade jboss-vfs to 3.2.13.Final
JBEAP-15129 - [GSS](7.1.z) Upgrade JBoss Modules from 1.6.4.Final-redhat-1 to
1.6.5.Final-redhat-1
JBEAP-15131 - [GSS](7.1.z) Upgrade Mojarra from 2.2.13.SP5 to 2.2.13.SP6
JBEAP-15170 - [GSS](7.1.z) Upgrade JBossWS Common from 3.1.5.Final to
3.1.6.Final
JBEAP-15216 - (7.1.z) Upgrade Elytron-Tool from 1.0.7 to 1.0.8.Final
JBEAP-15217 - (7.1.z) Upgrade Elytron Web from 1.0.1.Final to 1.0.2.Final
JBEAP-15244 - [GSS](7.1.z) Upgrade PicketBox from 5.0.3.Final-redhat-1 to
5.0.3.Final-redhat-3
JBEAP-15251 - [GSS](7.1.z) Upgrade jastow from 2.0.3 to 2.0.6
JBEAP-15270 - [GSS](7.1.z) Upgrade JBoss Marshalling from 2.0.5 to 2.0.6
JBEAP-15280 - (7.1.z) Upgrade XNIO from 3.5.5.Final-redhat-1 to 3.5.6
JBEAP-15300 - [GSS](7.1.z) Upgrade to JBoss WS CXF to 5.1.11.Final
JBEAP-15313 - [GSS](7.1.z) Upgrade log4j-jboss-logmanager from 1.1.4.Final to
1.1.6.Final
JBEAP-15314 - (7.1.z) Upgrade PicketLink bindings from 2.5.5.SP12 to
2.5.5.SP12-redhat-2
JBEAP-15454 - [PROD](7.1.z) Upgrade to wildfly-openssl from
1.0.6.Final-redhat-1 to 1.0.6.Final-redhat-2

7. Package List:

Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server:

Source:
eap7-activemq-artemis-1.5.5.014-1.redhat_00001.1.ep7.el7.src.rpm
eap7-elytron-web-1.0.2-1.Final_redhat_00001.1.ep7.el7.src.rpm
eap7-glassfish-jsf-2.2.13-7.SP6_redhat_00001.1.ep7.el7.src.rpm
eap7-hibernate-5.1.16-1.Final_redhat_00001.1.ep7.el7.src.rpm
eap7-ironjacamar-1.4.11-1.Final_redhat_00001.1.ep7.el7.src.rpm
eap7-jboss-marshalling-2.0.6-1.Final_redhat_00001.1.ep7.el7.src.rpm
eap7-jboss-modules-1.6.5-1.Final_redhat_00001.1.ep7.el7.src.rpm
eap7-jboss-server-migration-1.0.7-1.Final_redhat_00001.1.ep7.el7.src.rpm
eap7-jboss-vfs-3.2.13-1.Final_redhat_1.1.ep7.el7.src.rpm
eap7-jboss-xnio-base-3.5.6-1.Final_redhat_00001.1.ep7.el7.src.rpm
eap7-jbossws-common-3.1.6-1.Final_redhat_00001.1.ep7.el7.src.rpm
eap7-jbossws-cxf-5.1.11-1.Final_redhat_00001.1.ep7.el7.src.rpm
eap7-log4j-jboss-logmanager-1.1.6-1.Final_redhat_00001.1.ep7.el7.src.rpm
eap7-picketbox-5.0.3-2.Final_redhat_3.1.ep7.el7.src.rpm
eap7-picketlink-bindings-2.5.5-14.SP12_redhat_2.1.ep7.el7.src.rpm
eap7-picketlink-federation-2.5.5-14.SP12_redhat_2.1.ep7.el7.src.rpm
eap7-undertow-1.4.18-8.SP9_redhat_00001.1.ep7.el7.src.rpm
eap7-undertow-jastow-2.0.6-1.Final_redhat_00001.1.ep7.el7.src.rpm
eap7-wildfly-7.1.5-4.GA_redhat_00002.1.ep7.el7.src.rpm
eap7-wildfly-client-config-1.0.1-1.Final_redhat_00001.1.ep7.el7.src.rpm
eap7-wildfly-elytron-1.1.11-1.Final_redhat_00001.1.ep7.el7.src.rpm
eap7-wildfly-elytron-tool-1.0.8-1.Final_redhat_00001.1.ep7.el7.src.rpm
eap7-wildfly-javadocs-7.1.5-2.GA_redhat_00002.1.ep7.el7.src.rpm
eap7-wildfly-openssl-1.0.6-2.Final_redhat_2.1.ep7.el7.src.rpm
eap7-wildfly-openssl-linux-1.0.6-15.Final_redhat_2.1.ep7.el7.src.rpm

noarch:
eap7-activemq-artemis-1.5.5.014-1.redhat_00001.1.ep7.el7.noarch.rpm
eap7-activemq-artemis-cli-1.5.5.014-1.redhat_00001.1.ep7.el7.noarch.rpm
eap7-activemq-artemis-commons-1.5.5.014-1.redhat_00001.1.ep7.el7.noarch.rpm
eap7-activemq-artemis-core-client-1.5.5.014-1.redhat_00001.1.ep7.el7.noarch.rpm
eap7-activemq-artemis-dto-1.5.5.014-1.redhat_00001.1.ep7.el7.noarch.rpm
eap7-activemq-artemis-hornetq-protocol-1.5.5.014-1.redhat_00001.1.ep7.el7.noarch.rp
m
eap7-activemq-artemis-hqclient-protocol-1.5.5.014-1.redhat_00001.1.ep7.el7.noarch.rp
m
eap7-activemq-artemis-jdbc-store-1.5.5.014-1.redhat_00001.1.ep7.el7.noarch.rpm
eap7-activemq-artemis-jms-client-1.5.5.014-1.redhat_00001.1.ep7.el7.noarch.rpm
eap7-activemq-artemis-jms-server-1.5.5.014-1.redhat_00001.1.ep7.el7.noarch.rpm
eap7-activemq-artemis-journal-1.5.5.014-1.redhat_00001.1.ep7.el7.noarch.rpm
eap7-activemq-artemis-native-1.5.5.014-1.redhat_00001.1.ep7.el7.noarch.rpm
eap7-activemq-artemis-ra-1.5.5.014-1.redhat_00001.1.ep7.el7.noarch.rpm
eap7-activemq-artemis-selector-1.5.5.014-1.redhat_00001.1.ep7.el7.noarch.rpm
eap7-activemq-artemis-server-1.5.5.014-1.redhat_00001.1.ep7.el7.noarch.rpm
eap7-activemq-artemis-service-extensions-1.5.5.014-1.redhat_00001.1.ep7.el7.noarch.rp
m
eap7-glassfish-jsf-2.2.13-7.SP6_redhat_00001.1.ep7.el7.noarch.rpm
eap7-hibernate-5.1.16-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-hibernate-core-5.1.16-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-hibernate-entitymanager-5.1.16-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-hibernate-envers-5.1.16-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-hibernate-infinispan-5.1.16-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-hibernate-java8-5.1.16-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-ironjacamar-1.4.11-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-ironjacamar-common-api-1.4.11-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-ironjacamar-common-impl-1.4.11-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-ironjacamar-common-spi-1.4.11-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-ironjacamar-core-api-1.4.11-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-ironjacamar-core-impl-1.4.11-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-ironjacamar-deployers-common-1.4.11-1.Final_redhat_00001.1.ep7.el7.noarch.rp
m
eap7-ironjacamar-jdbc-1.4.11-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-ironjacamar-validator-1.4.11-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-jboss-marshalling-2.0.6-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-jboss-marshalling-river-2.0.6-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-jboss-modules-1.6.5-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-jboss-server-migration-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-jboss-server-migration-cli-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-jboss-server-migration-core-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rp
m
eap7-jboss-server-migration-eap6.4-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rp
m
eap7-jboss-server-migration-eap6.4-to-eap7.0-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rp
m
eap7-jboss-server-migration-eap6.4-to-eap7.1-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rp
m
eap7-jboss-server-migration-eap7.0-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rp
m
eap7-jboss-server-migration-eap7.0-to-eap7.1-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rp
m
eap7-jboss-server-migration-eap7.1-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rp
m
eap7-jboss-server-migration-wildfly10.0-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rp
m
eap7-jboss-server-migration-wildfly10.0-to-eap7.1-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rp
m
eap7-jboss-server-migration-wildfly10.1-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rp
m
eap7-jboss-server-migration-wildfly10.1-to-eap7.1-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rp
m
eap7-jboss-server-migration-wildfly8.2-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rp
m
eap7-jboss-server-migration-wildfly8.2-to-eap7.0-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rp
m
eap7-jboss-server-migration-wildfly8.2-to-eap7.1-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rp
m
eap7-jboss-server-migration-wildfly9.0-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rp
m
eap7-jboss-server-migration-wildfly9.0-to-eap7.0-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rp
m
eap7-jboss-server-migration-wildfly9.0-to-eap7.1-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rp
m
eap7-jboss-vfs-3.2.13-1.Final_redhat_1.1.ep7.el7.noarch.rpm
eap7-jboss-xnio-base-3.5.6-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-jbossws-common-3.1.6-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-jbossws-cxf-5.1.11-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-log4j-jboss-logmanager-1.1.6-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-picketbox-5.0.3-2.Final_redhat_3.1.ep7.el7.noarch.rpm
eap7-picketbox-infinispan-5.0.3-2.Final_redhat_3.1.ep7.el7.noarch.rpm
eap7-picketlink-api-2.5.5-14.SP12_redhat_2.1.ep7.el7.noarch.rpm
eap7-picketlink-bindings-2.5.5-14.SP12_redhat_2.1.ep7.el7.noarch.rpm
eap7-picketlink-common-2.5.5-14.SP12_redhat_2.1.ep7.el7.noarch.rpm
eap7-picketlink-config-2.5.5-14.SP12_redhat_2.1.ep7.el7.noarch.rpm
eap7-picketlink-federation-2.5.5-14.SP12_redhat_2.1.ep7.el7.noarch.rpm
eap7-picketlink-idm-api-2.5.5-14.SP12_redhat_2.1.ep7.el7.noarch.rpm
eap7-picketlink-idm-impl-2.5.5-14.SP12_redhat_2.1.ep7.el7.noarch.rpm
eap7-picketlink-idm-simple-schema-2.5.5-14.SP12_redhat_2.1.ep7.el7.noarch.rpm
eap7-picketlink-impl-2.5.5-14.SP12_redhat_2.1.ep7.el7.noarch.rpm
eap7-picketlink-wildfly8-2.5.5-14.SP12_redhat_2.1.ep7.el7.noarch.rpm
eap7-undertow-1.4.18-8.SP9_redhat_00001.1.ep7.el7.noarch.rpm
eap7-undertow-jastow-2.0.6-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-undertow-server-1.0.2-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-wildfly-7.1.5-4.GA_redhat_00002.1.ep7.el7.noarch.rpm
eap7-wildfly-client-config-1.0.1-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-wildfly-elytron-1.1.11-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-wildfly-elytron-tool-1.0.8-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-wildfly-javadocs-7.1.5-2.GA_redhat_00002.1.ep7.el7.noarch.rpm
eap7-wildfly-modules-7.1.5-4.GA_redhat_00002.1.ep7.el7.noarch.rpm
eap7-wildfly-openssl-1.0.6-2.Final_redhat_2.1.ep7.el7.noarch.rpm
eap7-wildfly-openssl-java-1.0.6-2.Final_redhat_2.1.ep7.el7.noarch.rpm

x86_64:
eap7-wildfly-openssl-linux-1.0.6-15.Final_redhat_2.1.ep7.el7.x86_64.rpm
eap7-wildfly-openssl-linux-debuginfo-1.0.6-15.Final_redhat_2.1.ep7.el7.x86_64.rp
m

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

8. References:

https://access.redhat.com/security/cve/CVE-2018-14627
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=7.1
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/

9. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBW+RcXtzjgjWX9erEAQiC6g/+McB28J2dHAk9mG6j5TDoBmlVtu6sUEDi
MluWkKQXvRfdd8Kh5d+9c49WzOGmXFJxRLtIzP0v6G9Q9A8af0+Tu6yFGD621Wal
uJV2qZ96FLYMmZ+tvQ0pmPfqMZ4q+Z5lOvyN8rQiIYSlf/DSnoDfkc6zhelbcoxU
TdNRShsjtfbRtSSV80m9iriQX/JY7/30R6MAvhPppW3gkHIrgm/iQSZO1r3RMNlN
jDtZRmtoluVCmCTpogts4eXTjgczettiPCQQyCl2Xq3COPNaYtfnTDY9sxfZMgti
iEpPYPwJnOUgfNAMIeiFg4YpzRaom+sxRfkzCE2opypg4WJd2h46ChXRAESJ6Bh6
2ZM4Yqt5hsX53KhAd9P4XNuKE3ShdFRK+befPbKjfdyLfUy/IpwdPcuXsbjicrbi
fAVwP/JXJXSUq13eDO6GqxMKik8wihiVS0jZbMHbwqwcroKTYoSjUGgrVpPiBwtf
k99IfH2i2TGVKl8YxCnlkDu00pQLTS1p2yE78r2NHodPEHJX7wK5gm1f6betsFwK
Fa4lnbeoLCuRDpmJrN8pPffunq3MbKMJD35izOHXHjMrduOH3SkQlvZoBJ8d8Z0B
Wj1/yToEL5e6BO+gFz8VnNFVn609fblp2+gavQAmaepOqR2KRxQTScfFj7R5TsSu
jqcShoo7hwM=
=W8JE
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung