(RHSA-2011:1334) Important: JBoss Enterprise SOA Platform 5.1.0 security update

JBoss Enterprise SOA Platform is the next-generation ESB and business
process automation infrastructure. JBoss Enterprise SOA Platform allows IT
to leverage existing (MoM and EAI), modern (SOA and BPM-Rules), and future
(EDA and CEP) integration methodologies to dramatically improve business
process execution speed and quality.

Multiple flaws were found in the way Spring Framework 3 deserialized
certain Java objects. If an attacker were able to control the stream from
which an application with the Spring Framework 3 AOP in its class-path was
deserializing objects, they could use these flaws to execute arbitrary code
with the privileges of the JBoss Application Server process via a
specially-crafted, serialized Java object. (CVE-2011-2894)

Note: JBoss Enterprise SOA Platform does not expose applications that
deserialize objects from an untrusted source by default. These flaws would
affect applications configured to trust a malicious source, for example,
if the messaging service was configured to look up a remote messaging
queue, and an attacker had control of that queue.

All users of JBoss Enterprise SOA Platform 5.1.0 as provided from the Red
Hat Customer Portal are advised to install this update. Refer to the
Solution section for information about installing the update.