{"id":34492,"date":"2022-12-06T21:36:02","date_gmt":"2022-12-06T18:36:02","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/170102\/RHSA-2022-8793-01.txt"},"modified":"2022-12-12T11:12:03","modified_gmt":"2022-12-12T07:42:03","slug":"red-hat-security-advisory-2022-8793-01","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/red-hat-security-advisory-2022-8793-01\/","title":{"rendered":"Red Hat Security Advisory 2022-8793-01"},"content":{"rendered":"

—–BEGIN PGP SIGNED MESSAGE—–
\nHash: SHA256<\/p>\n

====================================================================
\nRed Hat Security Advisory<\/p>\n

Synopsis: Low: Red Hat JBoss Enterprise Application Platform 7.4.8 security update
\nAdvisory ID: RHSA-2022:8793-01
\nProduct: Red Hat JBoss Enterprise Application Platform
\nAdvisory URL: https:\/\/access.redhat.com\/errata\/RHSA-2022:8793
\nIssue date: 2022-12-05
\nCVE Names: CVE-2022-2764
\n====================================================================
\n1. Summary:<\/p>\n

A security update is now available for Red Hat JBoss Enterprise Application
\nPlatform 7.4.<\/p>\n

Red Hat Product Security has rated this update as having a security impact
\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which
\ngives a detailed severity rating, is available for each vulnerability from
\nthe CVE link(s) in the References section.<\/p>\n

2. Description:<\/p>\n

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java
\napplications based on the WildFly application runtime.<\/p>\n

This release of Red Hat JBoss Enterprise Application Platform 7.4.8 serves
\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.4.7,
\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise
\nApplication Platform 7.4.8 Release Notes for information about the most
\nsignificant bug fixes and enhancements included in this release.<\/p>\n

Security Fix(es):<\/p>\n

* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK
\nforever for EJB invocations (CVE-2022-2764)<\/p>\n

For more details about the security issue(s), including the impact, a CVSS
\nscore, acknowledgments, and other related information, refer to the CVE
\npage(s) listed in the References section.<\/p>\n

3. Solution:<\/p>\n

Before applying this update, back up your existing Red Hat JBoss Enterprise
\nApplication Platform installation and deployed applications.<\/p>\n

The References section of this erratum contains a download link (you must
\nlog in to download the update).<\/p>\n

4. Bugs fixed (https:\/\/bugzilla.redhat.com\/):<\/p>\n

2117506 – CVE-2022-2764 Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations<\/p>\n

5. JIRA issues fixed (https:\/\/issues.jboss.org\/):<\/p>\n

JBEAP-23913 – [GSS](7.4.z) Upgrade HAL from 3.3.14.Final-redhat-00001 to 3.3.15.Final-redhat-00001
\nJBEAP-23997 – (7.4.z) Upgrade Infinispan from 11.0.15.Final-redhat-00001 to 11.0.16.Final-redhat-00001
\nJBEAP-23998 – [GSS](7.4.z) Upgrade Jakarta Mail from 1.6.5.redhat-00001 to 1.6.7.redhat-00001
\nJBEAP-24011 – [GSS](7.4.z) Upgrade to JBoss Marshalling from 2.0.12.Final-redhat-00001 to 2.0.13.Final-redhat-00001
\nJBEAP-24013 – (7.4.z) Upgrade WildFly Core from 15.0.18.Final-redhat-00001 to 15.0.19.Final-redhat-00001
\nJBEAP-24028 – [GSS](7.4.z) Upgrade Mojarra from 2.3.14.SP06-redhat-00001 to 2.3.14.SP07-redhat-00001
\nJBEAP-24030 – [GSS](7.4.z) Upgrade remoting from 5.0.25.SP1-redhat-00001 to 5.0.26.SP1-redhat-00001
\nJBEAP-24031 – [GSS](7.4.z) Upgrade wildfly-naming-client from 1.0.14.Final-redhat-00001 to 1.0.15.Final-redhat-00002<\/p>\n

6. References:<\/p>\n

https:\/\/access.redhat.com\/security\/cve\/CVE-2022-2764
\nhttps:\/\/access.redhat.com\/security\/updates\/classification\/#low
\nhttps:\/\/access.redhat.com\/jbossnetwork\/restricted\/listSoftware.html?downloadType=securityPatches&product=appplatform&version=7.4
\nhttps:\/\/access.redhat.com\/documentation\/en-us\/red_hat_jboss_enterprise_application_platform\/7.4\/
\nhttps:\/\/access.redhat.com\/documentation\/en-us\/red_hat_jboss_enterprise_application_platform\/7.4\/html-single\/installation_guide\/<\/p>\n

7. Contact:<\/p>\n

The Red Hat security contact is <secalert@redhat.com>. More contact
\ndetails at https:\/\/access.redhat.com\/security\/team\/contact\/<\/p>\n

Copyright 2022 Red Hat, Inc.
\n—–BEGIN PGP SIGNATURE—–
\nVersion: GnuPG v1<\/p>\n

iQIVAwUBY46TC9zjgjWX9erEAQg5Mg\/\/RG3dosUb8WqykXAc7X57kWUf2B5xrkUj
\nJYOGpAthMVEa0gR\/MwZGca92Ou9IqLDtwoZu853ZGV5DNUubVd1QTPDuuJgME+GI
\nijG9phHTtKlmFAdKnqWOHaZE5yVcUorikg7eqegWIMf6IFUBw1\/As+0BHd5kwmQ5
\nOCWdUQma\/7AnZpmyz4aHjaOlW9aCyB\/0zqFPjNJH91xEuu3rpua1db9NOznEsyUP
\nW9r6sojspa7ggcEw1a+hIyIJ36KRFdAPX+9SwkoZm4D36vo0aYK3kEImLQNNr+Ji
\nkV4zcW1u+ZVtAzuCxFi8004C9eGLDJNhMEB08Mbj4tmuAF1IR\/xTpnpcvWwgQzuQ
\nZw4cJaSNREr7FXbm20uhtqZfqwg1YKpcrzBUAcRJyO0KN1CaK3wXpkvJzN9T0f\/O
\ngQyc+Vzb4MqwEXRs4mHPGHwaZDCGJcNUi++IE41ZEn5ZbGrMqEKtioBpvM+Tuvto
\n4ZgSSlBGW\/nNDOsY8UP0\/wDBWL\/akJZe3A+XEcmkEDrr6wg\/w0ejaie4I0Z\/b80E
\nOszoVcHr6BZhP2nBZ\/9IyGlmYSiu+DXMo54Ag5evtVJhEguuCQptpia3hkdci9eY
\nwpQtruPy7IQx\/s\/ygRvHhFhaQM+VnKkoCTq7sjVNl597kUE6uF9M7Fsp15OFh8Gs
\ndpWRXDWzjds=oe8Y
\n—–END PGP SIGNATURE—–
\n—
\nRHSA-announce mailing list
\nRHSA-announce@redhat.com
\nhttps:\/\/listman.redhat.com\/mailman\/listinfo\/rhsa-announce<\/p>\n","protected":false},"excerpt":{"rendered":"

—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat JBoss Enterprise Application Platform 7.4.8 security update Advisory ID: RHSA-2022:8793-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https:\/\/access.redhat.com\/errata\/RHSA-2022:8793 Issue date: 2022-12-05 CVE Names: CVE-2022-2764 ==================================================================== 1. Summary: A security update is now available for Red Hat JBoss Enterprise …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-34492","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/34492","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=34492"}],"version-history":[{"count":1,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/34492\/revisions"}],"predecessor-version":[{"id":34764,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/34492\/revisions\/34764"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=34492"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=34492"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=34492"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}