Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Red Hat JBoss Enterprise Application Platform 7.3
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Red Hat JBoss Enterprise Application Platform 7.3
ID: RHSA-2020:0961-01
Distribution: Red Hat
Plattformen: Red Hat JBoss Enterprise Application Platform
Datum: Di, 24. März 2020, 12:44
Referenzen: https://access.redhat.com/security/cve/CVE-2019-0205
https://access.redhat.com/security/cve/CVE-2019-14887
https://access.redhat.com/security/cve/CVE-2020-1745
https://access.redhat.com/security/cve/CVE-2019-0210
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=7.3
Applikationen: Red Hat JBoss Enterprise Application Platform 7.3

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3
security update
Advisory ID: RHSA-2020:0961-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2020:0961
Issue date: 2020-03-24
CVE Names: CVE-2019-0205 CVE-2019-0210 CVE-2019-14887
CVE-2020-1745
=====================================================================

1. Summary:

An update is now available for Red Hat JBoss Enterprise Application
Platform 7.3.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Description:

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java
applications based on the WildFly application runtime.

Security Fix(es):

* The 'enabled-protocols' value in legacy security is not respected if
OpenSSL security provider is in use (CVE-2019-14887)

* libthrift: thrift: Endless loop when feed with specific input data
(CVE-2019-0205)

* libthrift: thrift: Out-of-bounds read related to TJSONProtocol or
TSimpleJSONProtocol (CVE-2019-0210)

* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, see the CVE page(s) listed in the
References section.

3. Solution:

Before applying this update, back up your existing Red Hat JBoss Enterprise
Application Platform installation and deployed applications.

The References section of this erratum contains a download link (you must
log in to download the update).

You must restart the JBoss server process for the update to take effect.

4. Bugs fixed (https://bugzilla.redhat.com/):

1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or
TSimpleJSONProtocol
1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data
1772008 - CVE-2019-14887 wildfly: The 'enabled-protocols' value in
legacy security is not respected if OpenSSL security provider is in use
1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability

5. References:

https://access.redhat.com/security/cve/CVE-2019-0205
https://access.redhat.com/security/cve/CVE-2019-0210
https://access.redhat.com/security/cve/CVE-2019-14887
https://access.redhat.com/security/cve/CVE-2020-1745
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=7.3
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXnnrgNzjgjWX9erEAQgg8w/+ORcAoBTRHPbiIvRbhhCHZbpF3LfSq94X
nzuJM8BoE2Q60pzNsZ3Vb2/ns+IZJz2gnLGA9FYKpYM8SJfZEqsQT9IRzuzb77nF
I3RqJKlxn1vxtuw+vNh9wiOw0D0xSetXaz7iICEKrGRtCQSnyAECLbpGHzgZ+zTM
TFPjV81tYtrf1Osh60QsPzYp66D8CvApYyXOfAdxLXCspF+iBL6+1p0To0fskp8H
BnGpiKgANlqBn8Thi0xnC+ogPVG83jNkCkuoh9tJY5OZmkXlkGujY+guEF3Zuizj
fg2VV7AmJPWQPSMzn5Qu0Vm0uSNYZ+xdVJ6sqVWePVpOst4iavvMxqYP5jqPo/WS
/5F0Wn5zjCzxuC4ODMuanxEvXsvBoQJMOq1YiVB590oNeaWsYiI2FvxdPLW4q/8T
dnvagoZDjlWX+3HwTz6dx+WiQ0I/jgNomfB91Exd6wjniyTgwtFipIC06JcxZg5u
n66UmR0qnXqhWB7ho6W4+FpsJamqRAQHbYX450s6USu9oyVTFXQXa7JEA97+DBC6
M9y8RWVhc7dAj9D3EVebwcXlVaTUWC99/ovxe19qKZIUVNsindG0tWAgGy7gu9xC
zM39nafy7XLU4T9HBrxyxpUFlw3OMd1zKQGd5nnJ7VjcybVvV3LAi07XnzdpM+ND
ANlsz/b+zeg=
=xKZW
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung