drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Preisgabe von Informationen in JBoss
| Name: |
Preisgabe von Informationen in JBoss |
|
| ID: |
RHSA-2018:3529-01 |
|
| Distribution: |
Red Hat |
|
| Plattformen: |
Red Hat JBoss Enterprise Application Platform |
|
| Datum: |
Do, 8. November 2018, 17:39 |
|
| Referenzen: |
https://access.redhat.com/security/cve/CVE-2018-14627 |
|
| Applikationen: |
JBoss |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat JBoss Enterprise Application Platform
7.1.5 on RHEL 6 security update
Advisory ID: RHSA-2018:3529-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2018:3529
Issue date: 2018-11-08
CVE Names: CVE-2018-14627
=====================================================================
1. Summary:
An update is now available for Red Hat JBoss Enterprise Application
Platform 7.1 for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server - i386,
noarch, x86_64
3. Description:
Red Hat JBoss Enterprise Application Platform is a platform for Java
applications based on the JBoss Application Server.
This release of Red Hat JBoss Enterprise Application Platform 7.1.5 serves
as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.4,
and includes bug fixes and enhancements, which are documented in the
Release Notes document linked to in the References.
Security Fix(es):
* wildfly-iiop-openjdk: iiop does not honour strict transport
confidentiality (CVE-2018-14627)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1624664 - CVE-2018-14627 JBoss/WildFly: iiop does not honour strict transport
confidentiality
6. JIRA issues fixed (https://issues.jboss.org/):
JBEAP-14939 - (7.1.z) Upgrade Elytron from 1.1.10.Final to 1.1.11.Final
JBEAP-14950 - (7.1.z) Upgrade wildfly-client-config from 1.0.0 to 1.0.1
JBEAP-14958 - [GSS](7.1.z) Upgrade Undertow from 1.4.18.SP8 to 1.4.18.SP9
JBEAP-14987 - [GSS](7.1.z) Upgrade ActiveMQ Artemis from 1.5.5.jbossorg-013 to
1.5.5.jbossorg-014
JBEAP-14997 - [GSS](7.1.z) Upgrade Hibernate ORM from 5.1.15 to 5.1.16
JBEAP-15013 - [GSS](7.1.z) Upgrade to ironjacamar from 1.4.10 Final to 1.4.11
Final
JBEAP-15014 - Tracker bug for the EAP 7.1.5 release for RHEL-6
JBEAP-15025 - (7.1.z) Upgrade WildFly Core to 3.0.19.Final-redhat-1
JBEAP-15043 - (7.1.z) Upgrade PicketLink from 2.5.5.SP12 to 2.5.5.SP12-redhat-2
JBEAP-15065 - [GSS](7.1.z) Upgrade Migration Tool from 1.0.6.Final-redhat-3 to
1.0.7.Final-redhat-1
JBEAP-15072 - [GSS](7.1.z) Upgrade jboss-vfs to 3.2.13.Final
JBEAP-15129 - [GSS](7.1.z) Upgrade JBoss Modules from 1.6.4.Final-redhat-1 to
1.6.5.Final-redhat-1
JBEAP-15131 - [GSS](7.1.z) Upgrade Mojarra from 2.2.13.SP5 to 2.2.13.SP6
JBEAP-15170 - [GSS](7.1.z) Upgrade JBossWS Common from 3.1.5.Final to
3.1.6.Final
JBEAP-15216 - (7.1.z) Upgrade Elytron-Tool from 1.0.7 to 1.0.8.Final
JBEAP-15217 - (7.1.z) Upgrade Elytron Web from 1.0.1.Final to 1.0.2.Final
JBEAP-15244 - [GSS](7.1.z) Upgrade PicketBox from 5.0.3.Final-redhat-1 to
5.0.3.Final-redhat-3
JBEAP-15251 - [GSS](7.1.z) Upgrade jastow from 2.0.3 to 2.0.6
JBEAP-15270 - [GSS](7.1.z) Upgrade JBoss Marshalling from 2.0.5 to 2.0.6
JBEAP-15280 - (7.1.z) Upgrade XNIO from 3.5.5.Final-redhat-1 to 3.5.6
JBEAP-15300 - [GSS](7.1.z) Upgrade to JBoss WS CXF to 5.1.11.Final
JBEAP-15313 - [GSS](7.1.z) Upgrade log4j-jboss-logmanager from 1.1.4.Final to
1.1.6.Final
JBEAP-15314 - (7.1.z) Upgrade PicketLink bindings from 2.5.5.SP12 to
2.5.5.SP12-redhat-2
JBEAP-15454 - [PROD](7.1.z) Upgrade to wildfly-openssl from
1.0.6.Final-redhat-1 to 1.0.6.Final-redhat-2
7. Package List:
Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server:
Source:
eap7-activemq-artemis-1.5.5.014-1.redhat_00001.1.ep7.el6.src.rpm
eap7-elytron-web-1.0.2-1.Final_redhat_00001.1.ep7.el6.src.rpm
eap7-glassfish-jsf-2.2.13-7.SP6_redhat_00001.1.ep7.el6.src.rpm
eap7-hibernate-5.1.16-1.Final_redhat_00001.1.ep7.el6.src.rpm
eap7-ironjacamar-1.4.11-1.Final_redhat_00001.1.ep7.el6.src.rpm
eap7-jboss-marshalling-2.0.6-1.Final_redhat_00001.1.ep7.el6.src.rpm
eap7-jboss-modules-1.6.5-1.Final_redhat_00001.1.ep7.el6.src.rpm
eap7-jboss-server-migration-1.0.7-1.Final_redhat_00001.1.ep7.el6.src.rpm
eap7-jboss-vfs-3.2.13-1.Final_redhat_1.1.ep7.el6.src.rpm
eap7-jboss-xnio-base-3.5.6-1.Final_redhat_00001.1.ep7.el6.src.rpm
eap7-jbossws-common-3.1.6-1.Final_redhat_00001.1.ep7.el6.src.rpm
eap7-jbossws-cxf-5.1.11-1.Final_redhat_00001.1.ep7.el6.src.rpm
eap7-log4j-jboss-logmanager-1.1.6-1.Final_redhat_00001.1.ep7.el6.src.rpm
eap7-picketbox-5.0.3-2.Final_redhat_3.1.ep7.el6.src.rpm
eap7-picketlink-bindings-2.5.5-14.SP12_redhat_2.1.ep7.el6.src.rpm
eap7-picketlink-federation-2.5.5-14.SP12_redhat_2.1.ep7.el6.src.rpm
eap7-undertow-1.4.18-8.SP9_redhat_00001.1.ep7.el6.src.rpm
eap7-undertow-jastow-2.0.6-1.Final_redhat_00001.1.ep7.el6.src.rpm
eap7-wildfly-7.1.5-4.GA_redhat_00002.1.ep7.el6.src.rpm
eap7-wildfly-client-config-1.0.1-1.Final_redhat_00001.1.ep7.el6.src.rpm
eap7-wildfly-elytron-1.1.11-1.Final_redhat_00001.1.ep7.el6.src.rpm
eap7-wildfly-elytron-tool-1.0.8-1.Final_redhat_00001.1.ep7.el6.src.rpm
eap7-wildfly-javadocs-7.1.5-2.GA_redhat_00002.1.ep7.el6.src.rpm
eap7-wildfly-openssl-1.0.6-2.Final_redhat_2.1.ep7.el6.src.rpm
eap7-wildfly-openssl-linux-1.0.6-15.Final_redhat_2.1.ep7.el6.src.rpm
i386:
eap7-wildfly-openssl-linux-1.0.6-15.Final_redhat_2.1.ep7.el6.i686.rpm
eap7-wildfly-openssl-linux-debuginfo-1.0.6-15.Final_redhat_2.1.ep7.el6.i686.rpm
noarch:
eap7-activemq-artemis-1.5.5.014-1.redhat_00001.1.ep7.el6.noarch.rpm
eap7-activemq-artemis-cli-1.5.5.014-1.redhat_00001.1.ep7.el6.noarch.rpm
eap7-activemq-artemis-commons-1.5.5.014-1.redhat_00001.1.ep7.el6.noarch.rpm
eap7-activemq-artemis-core-client-1.5.5.014-1.redhat_00001.1.ep7.el6.noarch.rpm
eap7-activemq-artemis-dto-1.5.5.014-1.redhat_00001.1.ep7.el6.noarch.rpm
eap7-activemq-artemis-hornetq-protocol-1.5.5.014-1.redhat_00001.1.ep7.el6.noarch.rp
m
eap7-activemq-artemis-hqclient-protocol-1.5.5.014-1.redhat_00001.1.ep7.el6.noarch.rp
m
eap7-activemq-artemis-jdbc-store-1.5.5.014-1.redhat_00001.1.ep7.el6.noarch.rpm
eap7-activemq-artemis-jms-client-1.5.5.014-1.redhat_00001.1.ep7.el6.noarch.rpm
eap7-activemq-artemis-jms-server-1.5.5.014-1.redhat_00001.1.ep7.el6.noarch.rpm
eap7-activemq-artemis-journal-1.5.5.014-1.redhat_00001.1.ep7.el6.noarch.rpm
eap7-activemq-artemis-native-1.5.5.014-1.redhat_00001.1.ep7.el6.noarch.rpm
eap7-activemq-artemis-ra-1.5.5.014-1.redhat_00001.1.ep7.el6.noarch.rpm
eap7-activemq-artemis-selector-1.5.5.014-1.redhat_00001.1.ep7.el6.noarch.rpm
eap7-activemq-artemis-server-1.5.5.014-1.redhat_00001.1.ep7.el6.noarch.rpm
eap7-activemq-artemis-service-extensions-1.5.5.014-1.redhat_00001.1.ep7.el6.noarch.rp
m
eap7-glassfish-jsf-2.2.13-7.SP6_redhat_00001.1.ep7.el6.noarch.rpm
eap7-hibernate-5.1.16-1.Final_redhat_00001.1.ep7.el6.noarch.rpm
eap7-hibernate-core-5.1.16-1.Final_redhat_00001.1.ep7.el6.noarch.rpm
eap7-hibernate-entitymanager-5.1.16-1.Final_redhat_00001.1.ep7.el6.noarch.rpm
eap7-hibernate-envers-5.1.16-1.Final_redhat_00001.1.ep7.el6.noarch.rpm
eap7-hibernate-infinispan-5.1.16-1.Final_redhat_00001.1.ep7.el6.noarch.rpm
eap7-hibernate-java8-5.1.16-1.Final_redhat_00001.1.ep7.el6.noarch.rpm
eap7-ironjacamar-1.4.11-1.Final_redhat_00001.1.ep7.el6.noarch.rpm
eap7-ironjacamar-common-api-1.4.11-1.Final_redhat_00001.1.ep7.el6.noarch.rpm
eap7-ironjacamar-common-impl-1.4.11-1.Final_redhat_00001.1.ep7.el6.noarch.rpm
eap7-ironjacamar-common-spi-1.4.11-1.Final_redhat_00001.1.ep7.el6.noarch.rpm
eap7-ironjacamar-core-api-1.4.11-1.Final_redhat_00001.1.ep7.el6.noarch.rpm
eap7-ironjacamar-core-impl-1.4.11-1.Final_redhat_00001.1.ep7.el6.noarch.rpm
eap7-ironjacamar-deployers-common-1.4.11-1.Final_redhat_00001.1.ep7.el6.noarch.rp
m
eap7-ironjacamar-jdbc-1.4.11-1.Final_redhat_00001.1.ep7.el6.noarch.rpm
eap7-ironjacamar-validator-1.4.11-1.Final_redhat_00001.1.ep7.el6.noarch.rpm
eap7-jboss-marshalling-2.0.6-1.Final_redhat_00001.1.ep7.el6.noarch.rpm
eap7-jboss-marshalling-river-2.0.6-1.Final_redhat_00001.1.ep7.el6.noarch.rpm
eap7-jboss-modules-1.6.5-1.Final_redhat_00001.1.ep7.el6.noarch.rpm
eap7-jboss-server-migration-1.0.7-1.Final_redhat_00001.1.ep7.el6.noarch.rpm
eap7-jboss-server-migration-cli-1.0.7-1.Final_redhat_00001.1.ep7.el6.noarch.rpm
eap7-jboss-server-migration-core-1.0.7-1.Final_redhat_00001.1.ep7.el6.noarch.rp
m
eap7-jboss-server-migration-eap6.4-1.0.7-1.Final_redhat_00001.1.ep7.el6.noarch.rp
m
eap7-jboss-server-migration-eap6.4-to-eap7.0-1.0.7-1.Final_redhat_00001.1.ep7.el6.noarch.rp
m
eap7-jboss-server-migration-eap6.4-to-eap7.1-1.0.7-1.Final_redhat_00001.1.ep7.el6.noarch.rp
m
eap7-jboss-server-migration-eap7.0-1.0.7-1.Final_redhat_00001.1.ep7.el6.noarch.rp
m
eap7-jboss-server-migration-eap7.0-to-eap7.1-1.0.7-1.Final_redhat_00001.1.ep7.el6.noarch.rp
m
eap7-jboss-server-migration-eap7.1-1.0.7-1.Final_redhat_00001.1.ep7.el6.noarch.rp
m
eap7-jboss-server-migration-wildfly10.0-1.0.7-1.Final_redhat_00001.1.ep7.el6.noarch.rp
m
eap7-jboss-server-migration-wildfly10.0-to-eap7.1-1.0.7-1.Final_redhat_00001.1.ep7.el6.noarch.rp
m
eap7-jboss-server-migration-wildfly10.1-1.0.7-1.Final_redhat_00001.1.ep7.el6.noarch.rp
m
eap7-jboss-server-migration-wildfly10.1-to-eap7.1-1.0.7-1.Final_redhat_00001.1.ep7.el6.noarch.rp
m
eap7-jboss-server-migration-wildfly8.2-1.0.7-1.Final_redhat_00001.1.ep7.el6.noarch.rp
m
eap7-jboss-server-migration-wildfly8.2-to-eap7.0-1.0.7-1.Final_redhat_00001.1.ep7.el6.noarch.rp
m
eap7-jboss-server-migration-wildfly8.2-to-eap7.1-1.0.7-1.Final_redhat_00001.1.ep7.el6.noarch.rp
m
eap7-jboss-server-migration-wildfly9.0-1.0.7-1.Final_redhat_00001.1.ep7.el6.noarch.rp
m
eap7-jboss-server-migration-wildfly9.0-to-eap7.0-1.0.7-1.Final_redhat_00001.1.ep7.el6.noarch.rp
m
eap7-jboss-server-migration-wildfly9.0-to-eap7.1-1.0.7-1.Final_redhat_00001.1.ep7.el6.noarch.rp
m
eap7-jboss-vfs-3.2.13-1.Final_redhat_1.1.ep7.el6.noarch.rpm
eap7-jboss-xnio-base-3.5.6-1.Final_redhat_00001.1.ep7.el6.noarch.rpm
eap7-jbossws-common-3.1.6-1.Final_redhat_00001.1.ep7.el6.noarch.rpm
eap7-jbossws-cxf-5.1.11-1.Final_redhat_00001.1.ep7.el6.noarch.rpm
eap7-log4j-jboss-logmanager-1.1.6-1.Final_redhat_00001.1.ep7.el6.noarch.rpm
eap7-picketbox-5.0.3-2.Final_redhat_3.1.ep7.el6.noarch.rpm
eap7-picketbox-infinispan-5.0.3-2.Final_redhat_3.1.ep7.el6.noarch.rpm
eap7-picketlink-api-2.5.5-14.SP12_redhat_2.1.ep7.el6.noarch.rpm
eap7-picketlink-bindings-2.5.5-14.SP12_redhat_2.1.ep7.el6.noarch.rpm
eap7-picketlink-common-2.5.5-14.SP12_redhat_2.1.ep7.el6.noarch.rpm
eap7-picketlink-config-2.5.5-14.SP12_redhat_2.1.ep7.el6.noarch.rpm
eap7-picketlink-federation-2.5.5-14.SP12_redhat_2.1.ep7.el6.noarch.rpm
eap7-picketlink-idm-api-2.5.5-14.SP12_redhat_2.1.ep7.el6.noarch.rpm
eap7-picketlink-idm-impl-2.5.5-14.SP12_redhat_2.1.ep7.el6.noarch.rpm
eap7-picketlink-idm-simple-schema-2.5.5-14.SP12_redhat_2.1.ep7.el6.noarch.rpm
eap7-picketlink-impl-2.5.5-14.SP12_redhat_2.1.ep7.el6.noarch.rpm
eap7-picketlink-wildfly8-2.5.5-14.SP12_redhat_2.1.ep7.el6.noarch.rpm
eap7-undertow-1.4.18-8.SP9_redhat_00001.1.ep7.el6.noarch.rpm
eap7-undertow-jastow-2.0.6-1.Final_redhat_00001.1.ep7.el6.noarch.rpm
eap7-undertow-server-1.0.2-1.Final_redhat_00001.1.ep7.el6.noarch.rpm
eap7-wildfly-7.1.5-4.GA_redhat_00002.1.ep7.el6.noarch.rpm
eap7-wildfly-client-config-1.0.1-1.Final_redhat_00001.1.ep7.el6.noarch.rpm
eap7-wildfly-elytron-1.1.11-1.Final_redhat_00001.1.ep7.el6.noarch.rpm
eap7-wildfly-elytron-tool-1.0.8-1.Final_redhat_00001.1.ep7.el6.noarch.rpm
eap7-wildfly-javadocs-7.1.5-2.GA_redhat_00002.1.ep7.el6.noarch.rpm
eap7-wildfly-modules-7.1.5-4.GA_redhat_00002.1.ep7.el6.noarch.rpm
eap7-wildfly-openssl-1.0.6-2.Final_redhat_2.1.ep7.el6.noarch.rpm
eap7-wildfly-openssl-java-1.0.6-2.Final_redhat_2.1.ep7.el6.noarch.rpm
x86_64:
eap7-wildfly-openssl-linux-1.0.6-15.Final_redhat_2.1.ep7.el6.x86_64.rpm
eap7-wildfly-openssl-linux-debuginfo-1.0.6-15.Final_redhat_2.1.ep7.el6.x86_64.rp
m
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
8. References:
https://access.redhat.com/security/cve/CVE-2018-14627
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=7.1
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/
9. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBW+RZkNzjgjWX9erEAQg9yg//R63YVAnJMB/4GOiWdPPnVnSAJKc5lYzt
PcuwT9adlcM8svIXdjZzCQLpFGV2Qa9+5J1MCX8SMFg0ddXTXTViyrHR27+IGENF
uspKe9GuyCvaFKZnivg2lMiH/eWkqZd+mXDk5jDoXwGuW9wzXE13rZI+5EKAQafz
8WPLuVJY3qJvdF5m0k/B9F0cfvN8M6xQzXjf++7/8oh+aje0lLq+fK2gSMsNTRS3
nAn7qyltitNFfwNiFpRH+kRb+Kls9qnv+QvUpJsfZTopnQofpNu2cwEZyNVWpqEg
k0yq+ZGiZp+/gavCxAuZQMkj/1b8KBXzb6QDshHztNk5vJVRCD9KpcqDJhPJb9s9
9IRN6wMAFnbEmVlNZ/6ihxsI+G97CRGRffGiNElXYooFmWdJJF1kZQJySfsM4w4I
wuUr/ytC/VXd18LL8tVZG1h9hgClVoONUBrjdFBuR2ep1k+Ikr9aHvK8/8cl/usQ
ZP+vgIUXvuIkkg7tWdQ+uOUPlpPENNOeiw+/NQXWQXqioZ73zQMXrWLETJXsqNGH
ahbV+MNkBUkGhZNAcKz3YGJz5ZTEErZGBaYXZ/H+kuQFZLvrkU6YcjJpeW92o/4n
qJJ1ugAQ/+FfDdF3L3eiNQEg/oL4KdkHGKCOcY3Yq+9LhUUpuamOT5+rkTXJ2NrX
fcow/tj8ehI=
=uNeX
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
|
|
|
|
