(RHSA-2018:0479) Important: JBoss Enterprise Application Platform 7.1.1 on RHEL 6

2018-03-1216:34:40

access.redhat.com

0.571 Medium

EPSS

Percentile

97.7%

JSON

Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.

This release of Red Hat JBoss Enterprise Application Platform 7.1.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

artemis/hornetq: memory exhaustion via UDP and JGroups discovery (CVE-2017-12174)
infinispan: Unsafe deserialization of malicious object injected into data cache (CVE-2017-15089)
jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) (CVE-2017-15095)
jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) (CVE-2017-17485)
resteasy: Vary header not added by CORS filter leading to cache poisoning (CVE-2017-7561)
undertow: Client can use bogus uri in Digest authentication (CVE-2017-12196)
undertow: ALLOW_ENCODED_SLASH option not taken into account in the AjpRequestParser (CVE-2018-1048)
jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485) (CVE-2018-5968)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat6noarcheap7-narayana-restat-util< 5.5.31-1.Final_redhat_1.1.ep7.el6eap7-narayana-restat-util-5.5.31-1.Final_redhat_1.1.ep7.el6.noarch.rpm
RedHat6noarcheap7-jboss-server-migration-wildfly10.1< 1.0.3-6.Final_redhat_6.1.ep7.el6eap7-jboss-server-migration-wildfly10.1-1.0.3-6.Final_redhat_6.1.ep7.el6.noarch.rpm
RedHat6noarcheap7-ironjacamar-deployers-common< 1.4.7-1.Final_redhat_1.1.ep7.el6eap7-ironjacamar-deployers-common-1.4.7-1.Final_redhat_1.1.ep7.el6.noarch.rpm
RedHat6noarcheap7-infinispan-commons< 8.2.9-1.Final_redhat_1.1.ep7.el6eap7-infinispan-commons-8.2.9-1.Final_redhat_1.1.ep7.el6.noarch.rpm
RedHat6noarcheap7-picketlink-idm-impl< 2.5.5-10.SP9_redhat_1.1.ep7.el6eap7-picketlink-idm-impl-2.5.5-10.SP9_redhat_1.1.ep7.el6.noarch.rpm
RedHat6noarcheap7-hibernate-entitymanager< 5.1.12-1.Final_redhat_1.1.ep7.el6eap7-hibernate-entitymanager-5.1.12-1.Final_redhat_1.1.ep7.el6.noarch.rpm
RedHat6noarcheap7-jboss-server-migration-core< 1.0.3-6.Final_redhat_6.1.ep7.el6eap7-jboss-server-migration-core-1.0.3-6.Final_redhat_6.1.ep7.el6.noarch.rpm
RedHat6noarcheap7-resteasy-jaxb-provider< 3.0.25-1.Final_redhat_1.1.ep7.el6eap7-resteasy-jaxb-provider-3.0.25-1.Final_redhat_1.1.ep7.el6.noarch.rpm
RedHat6noarcheap7-wildfly-http-client-common< 1.0.9-1.Final_redhat_1.1.ep7.el6eap7-wildfly-http-client-common-1.0.9-1.Final_redhat_1.1.ep7.el6.noarch.rpm
RedHat6noarcheap7-activemq-artemis-service-extensions< 1.5.5.009-1.redhat_1.1.ep7.el6eap7-activemq-artemis-service-extensions-1.5.5.009-1.redhat_1.1.ep7.el6.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	6	noarch	eap7-narayana-restat-util	< 5.5.31-1.Final_redhat_1.1.ep7.el6	eap7-narayana-restat-util-5.5.31-1.Final_redhat_1.1.ep7.el6.noarch.rpm
RedHat	6	noarch	eap7-jboss-server-migration-wildfly10.1	< 1.0.3-6.Final_redhat_6.1.ep7.el6	eap7-jboss-server-migration-wildfly10.1-1.0.3-6.Final_redhat_6.1.ep7.el6.noarch.rpm
RedHat	6	noarch	eap7-ironjacamar-deployers-common	< 1.4.7-1.Final_redhat_1.1.ep7.el6	eap7-ironjacamar-deployers-common-1.4.7-1.Final_redhat_1.1.ep7.el6.noarch.rpm
RedHat	6	noarch	eap7-infinispan-commons	< 8.2.9-1.Final_redhat_1.1.ep7.el6	eap7-infinispan-commons-8.2.9-1.Final_redhat_1.1.ep7.el6.noarch.rpm
RedHat	6	noarch	eap7-picketlink-idm-impl	< 2.5.5-10.SP9_redhat_1.1.ep7.el6	eap7-picketlink-idm-impl-2.5.5-10.SP9_redhat_1.1.ep7.el6.noarch.rpm
RedHat	6	noarch	eap7-hibernate-entitymanager	< 5.1.12-1.Final_redhat_1.1.ep7.el6	eap7-hibernate-entitymanager-5.1.12-1.Final_redhat_1.1.ep7.el6.noarch.rpm
RedHat	6	noarch	eap7-jboss-server-migration-core	< 1.0.3-6.Final_redhat_6.1.ep7.el6	eap7-jboss-server-migration-core-1.0.3-6.Final_redhat_6.1.ep7.el6.noarch.rpm
RedHat	6	noarch	eap7-resteasy-jaxb-provider	< 3.0.25-1.Final_redhat_1.1.ep7.el6	eap7-resteasy-jaxb-provider-3.0.25-1.Final_redhat_1.1.ep7.el6.noarch.rpm
RedHat	6	noarch	eap7-wildfly-http-client-common	< 1.0.9-1.Final_redhat_1.1.ep7.el6	eap7-wildfly-http-client-common-1.0.9-1.Final_redhat_1.1.ep7.el6.noarch.rpm
RedHat	6	noarch	eap7-activemq-artemis-service-extensions	< 1.5.5.009-1.redhat_1.1.ep7.el6	eap7-activemq-artemis-service-extensions-1.5.5.009-1.redhat_1.1.ep7.el6.noarch.rpm