—–BEGIN PGP SIGNED MESSAGE—–
\nHash: SHA256<\/p>\n
====================================================================
\nRed Hat Security Advisory<\/p>\n
Synopsis: Low: Red Hat JBoss Enterprise Application Platform 7.4.8 Security update
\nAdvisory ID: RHSA-2022:8790-01
\nProduct: Red Hat JBoss Enterprise Application Platform
\nAdvisory URL: https:\/\/access.redhat.com\/errata\/RHSA-2022:8790
\nIssue date: 2022-12-05
\nCVE Names: CVE-2022-2764
\n====================================================================
\n1. Summary:<\/p>\n
A security update is now available for Red Hat JBoss Enterprise Application
\nPlatform 7.4 for Red Hat Enterprise Linux 7.<\/p>\n
Red Hat Product Security has rated this update as having a security impact
\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which
\ngives a detailed severity rating, is available for each vulnerability from
\nthe CVE link(s) in the References section.<\/p>\n
2. Relevant releases\/architectures:<\/p>\n
Red Hat JBoss EAP 7.4 for RHEL 7 Server – noarch<\/p>\n
3. Description:<\/p>\n
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java
\napplications based on the WildFly application runtime. This release of Red
\nHat JBoss Enterprise Application Platform 7.4.8 serves as a replacement for
\nRed Hat JBoss Enterprise Application Platform 7.4.7, and includes bug fixes
\nand enhancements. See the Red Hat JBoss Enterprise Application Platform
\n7.4.8 Release Notes for information about the most significant bug fixes
\nand enhancements included in this release.<\/p>\n
Security Fix(es):<\/p>\n
* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK
\nforever for EJB invocations (CVE-2022-2764)<\/p>\n
4. Solution:<\/p>\n
Before applying this update, ensure all previously released errata relevant
\nto your system have been applied. For details about how to apply this
\nupdate, see: https:\/\/access.redhat.com\/articles\/11258<\/p>\n
5. Bugs fixed (https:\/\/bugzilla.redhat.com\/):<\/p>\n
2117506 – CVE-2022-2764 Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations<\/p>\n
6. JIRA issues fixed (https:\/\/issues.jboss.org\/):<\/p>\n
JBEAP-23833 – Tracker bug for the EAP 7.4.8 release for RHEL-7
\nJBEAP-23913 – [GSS](7.4.z) Upgrade HAL from 3.3.14.Final-redhat-00001 to 3.3.15.Final-redhat-00001
\nJBEAP-23997 – (7.4.z) Upgrade Infinispan from 11.0.15.Final-redhat-00001 to 11.0.16.Final-redhat-00001
\nJBEAP-23998 – [GSS](7.4.z) Upgrade Jakarta Mail from 1.6.5.redhat-00001 to 1.6.7.redhat-00001
\nJBEAP-24011 – [GSS](7.4.z) Upgrade to JBoss Marshalling from 2.0.12.Final-redhat-00001 to 2.0.13.Final-redhat-00001
\nJBEAP-24013 – (7.4.z) Upgrade WildFly Core from 15.0.18.Final-redhat-00001 to 15.0.19.Final-redhat-00001
\nJBEAP-24028 – [GSS](7.4.z) Upgrade Mojarra from 2.3.14.SP06-redhat-00001 to 2.3.14.SP07-redhat-00001
\nJBEAP-24030 – [GSS](7.4.z) Upgrade remoting from 5.0.25.SP1-redhat-00001 to 5.0.26.SP1-redhat-00001
\nJBEAP-24031 – [GSS](7.4.z) Upgrade wildfly-naming-client from 1.0.14.Final-redhat-00001 to 1.0.15.Final-redhat-00002<\/p>\n
7. Package List:<\/p>\n
Red Hat JBoss EAP 7.4 for RHEL 7 Server:<\/p>\n
Source:
\neap7-glassfish-javamail-1.6.7-1.redhat_00001.1.el7eap.src.rpm
\neap7-glassfish-jsf-2.3.14-6.SP07_redhat_00001.1.el7eap.src.rpm
\neap7-hal-console-3.3.15-1.Final_redhat_00001.1.el7eap.src.rpm
\neap7-infinispan-11.0.16-1.Final_redhat_00001.1.el7eap.src.rpm
\neap7-jboss-marshalling-2.0.13-1.Final_redhat_00001.1.el7eap.src.rpm
\neap7-jboss-remoting-5.0.26-1.SP1_redhat_00001.1.el7eap.src.rpm
\neap7-jboss-server-migration-1.10.0-21.Final_redhat_00020.1.el7eap.src.rpm
\neap7-undertow-2.2.20-1.SP1_redhat_00001.1.el7eap.src.rpm
\neap7-wildfly-7.4.8-4.GA_redhat_00002.1.el7eap.src.rpm
\neap7-wildfly-naming-client-1.0.15-1.Final_redhat_00002.1.el7eap.src.rpm<\/p>\n
noarch:
\neap7-glassfish-javamail-1.6.7-1.redhat_00001.1.el7eap.noarch.rpm
\neap7-glassfish-jsf-2.3.14-6.SP07_redhat_00001.1.el7eap.noarch.rpm
\neap7-hal-console-3.3.15-1.Final_redhat_00001.1.el7eap.noarch.rpm
\neap7-infinispan-11.0.16-1.Final_redhat_00001.1.el7eap.noarch.rpm
\neap7-infinispan-cachestore-jdbc-11.0.16-1.Final_redhat_00001.1.el7eap.noarch.rpm
\neap7-infinispan-cachestore-remote-11.0.16-1.Final_redhat_00001.1.el7eap.noarch.rpm
\neap7-infinispan-client-hotrod-11.0.16-1.Final_redhat_00001.1.el7eap.noarch.rpm
\neap7-infinispan-commons-11.0.16-1.Final_redhat_00001.1.el7eap.noarch.rpm
\neap7-infinispan-component-annotations-11.0.16-1.Final_redhat_00001.1.el7eap.noarch.rpm
\neap7-infinispan-core-11.0.16-1.Final_redhat_00001.1.el7eap.noarch.rpm
\neap7-infinispan-hibernate-cache-commons-11.0.16-1.Final_redhat_00001.1.el7eap.noarch.rpm
\neap7-infinispan-hibernate-cache-spi-11.0.16-1.Final_redhat_00001.1.el7eap.noarch.rpm
\neap7-infinispan-hibernate-cache-v53-11.0.16-1.Final_redhat_00001.1.el7eap.noarch.rpm
\neap7-jboss-marshalling-2.0.13-1.Final_redhat_00001.1.el7eap.noarch.rpm
\neap7-jboss-marshalling-river-2.0.13-1.Final_redhat_00001.1.el7eap.noarch.rpm
\neap7-jboss-remoting-5.0.26-1.SP1_redhat_00001.1.el7eap.noarch.rpm
\neap7-jboss-server-migration-1.10.0-21.Final_redhat_00020.1.el7eap.noarch.rpm
\neap7-jboss-server-migration-cli-1.10.0-21.Final_redhat_00020.1.el7eap.noarch.rpm
\neap7-jboss-server-migration-core-1.10.0-21.Final_redhat_00020.1.el7eap.noarch.rpm
\neap7-undertow-2.2.20-1.SP1_redhat_00001.1.el7eap.noarch.rpm
\neap7-wildfly-7.4.8-4.GA_redhat_00002.1.el7eap.noarch.rpm
\neap7-wildfly-java-jdk11-7.4.8-4.GA_redhat_00002.1.el7eap.noarch.rpm
\neap7-wildfly-java-jdk8-7.4.8-4.GA_redhat_00002.1.el7eap.noarch.rpm
\neap7-wildfly-javadocs-7.4.8-4.GA_redhat_00002.1.el7eap.noarch.rpm
\neap7-wildfly-modules-7.4.8-4.GA_redhat_00002.1.el7eap.noarch.rpm
\neap7-wildfly-naming-client-1.0.15-1.Final_redhat_00002.1.el7eap.noarch.rpm<\/p>\n
These packages are GPG signed by Red Hat for security. Our key and
\ndetails on how to verify the signature are available from
\nhttps:\/\/access.redhat.com\/security\/team\/key\/<\/p>\n
8. References:<\/p>\n
https:\/\/access.redhat.com\/security\/cve\/CVE-2022-2764
\nhttps:\/\/access.redhat.com\/security\/updates\/classification\/#low
\nhttps:\/\/access.redhat.com\/documentation\/en-us\/red_hat_jboss_enterprise_application_platform\/7.4\/
\nhttps:\/\/access.redhat.com\/documentation\/en-us\/red_hat_jboss_enterprise_application_platform\/7.4\/html-single\/installation_guide\/<\/p>\n
9. Contact:<\/p>\n
The Red Hat security contact is <secalert@redhat.com>. More contact
\ndetails at https:\/\/access.redhat.com\/security\/team\/contact\/<\/p>\n
Copyright 2022 Red Hat, Inc.
\n—–BEGIN PGP SIGNATURE—–
\nVersion: GnuPG v1<\/p>\n
iQIVAwUBY46TCNzjgjWX9erEAQh9ag\/\/ZRs+xqlyCD\/wYuKHLN5Rpv1CKYANibZh
\nf9jGj6kWrFqy0nITPGnjxVlSor6BJZGWOOa+OGRa6Bnj\/JICKukjeHEgI5\/ChZg2
\nZPrRZffwi5pnq2cI2rGzPWwJKx1bju4HJgTMnUiWF4yw+b55536kTkIRQYraOTQG
\nOXmjeEliFUnRJCNPjQ3o5\/mJNPCDC9+uH\/Zxgqu2+g7c4BzTNxG+HbHqQneFL8Ge
\nIGYufI9YQxzln7cHahdpixJquftdzHIFIdSjpmTi0YRSgV0bvl84IMuOk9jn\/30+
\n0+pEeQFWvnC7ezlbTmYAa6OWXgAOJkmdA5CcJqcMN8TweQlvETVJR9XZ8eS+Nzcl
\n4ST4A1OO5QfzzKi8w0xBjIX93JRVDpiQCKf2295Ncmk45DO97vOZWExD6JkFynwX
\nmsDzd8j5ZF9E81IAaD2J7FLlkbisDLCg6JmhNG4LMsUXTnKICoLiqPKZWwOpj\/3h
\nlh\/VoKYvsxmyLUwTirZYdD8kJbCbgf5nnlqiL218LfF0GD2dO+PK0sV4cBO3jyJu
\n5NSJ\/d7kjNG5k6qQwHRWuWzzkQSMQ\/MK0ZtoX29ZNVypMpQ+Jj1+m7zaLv6wFHRG
\nhdQ30e5BWriSfVQOkWMGhH7WEnoaZOOvZGnPpA4clIlHfQUASfNfl\/O9VWI200ig
\n7VqCQKuA8aI=AqTk
\n—–END PGP SIGNATURE—–
\n—
\nRHSA-announce mailing list
\nRHSA-announce@redhat.com
\nhttps:\/\/listman.redhat.com\/mailman\/listinfo\/rhsa-announce<\/p>\n","protected":false},"excerpt":{"rendered":"
—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat JBoss Enterprise Application Platform 7.4.8 Security update Advisory ID: RHSA-2022:8790-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https:\/\/access.redhat.com\/errata\/RHSA-2022:8790 Issue date: 2022-12-05 CVE Names: CVE-2022-2764 ==================================================================== 1. Summary: A security update is now available for Red Hat JBoss Enterprise …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-34490","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/34490","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=34490"}],"version-history":[{"count":1,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/34490\/revisions"}],"predecessor-version":[{"id":34758,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/34490\/revisions\/34758"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=34490"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=34490"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=34490"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}