JBoss Remoting is a framework for building distributed applications in
Java.
The JBoss Enterprise Application Platform 4.3.0.CP09 updates RHSA-2010:0937
and RHSA-2010:0938 did not, unlike the errata texts stated, provide a fix
for CVE-2010-3862. A remote attacker could use specially-crafted input to
cause the JBoss Remoting listeners to become unresponsive, resulting in a
denial of service condition for services communicating via JBoss Remoting
sockets. (CVE-2010-4265)
Red Hat would like to thank Ole Husgaard of eXerp.com for reporting this
issue.
Warning: Before applying this update, backup your existing JBoss Enterprise
Application Platform installation (including all applications and
configuration files).
Users of JBoss Enterprise Application Platform 4.3 on Red Hat Enterprise
Linux 4 and 5 should upgrade to this updated package, which contains a
backported patch to correct this issue. The JBoss server process must be
restarted for this update to take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | noarch | jboss-remoting | < 2.2.3-4.SP3.ep1.1.el5 | jboss-remoting-2.2.3-4.SP3.ep1.1.el5.noarch.rpm |
RedHat | 5 | src | jboss-remoting | < 2.2.3-4.SP3.ep1.1.el5 | jboss-remoting-2.2.3-4.SP3.ep1.1.el5.src.rpm |