First published: Wed Jul 02 2008(Updated: )
The Red Hat Application Stack is an integrated open source application<br>stack, and includes JBoss Enterprise Application Platform (EAP).<br>Starting with this update, JBoss EAP is no longer provided via the<br>Application Stack channels. Instead, all Application Stack customers are<br>automatically entitled to the JBoss EAP channels. This ensures all users<br>have immediate access to JBoss EAP packages when they are released,<br>ensuring lesser wait for security and critical patches.<br>As a result, you must MANUALLY subscribe to the appropriate JBoss EAP<br>channel, as all further JBoss EAP updates will only go to that channel.<br>This update also entitles all customers to the JBoss EAP 4.3.0 channels.<br>Users receive support for JBoss EAP 4.3.0 if they choose to install it.<br>Important: downgrading from JBoss EAP 4.3.0 to 4.2.0 is unsupported.<br>MySQL was updated to version 5.0.50sp1a, fixing the following security<br>issue:<br>MySQL did not correctly check directories used as arguments for the DATA<br>DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated<br>attacker could elevate their access privileges to tables created by other<br>database users. Note: this attack does not work on existing tables. An<br>attacker can only elevate their access to another user's tables as the<br>tables are created. As well, the names of these created tables need to be<br>predicted correctly for this attack to succeed. (CVE-2008-2079)<br>The following packages are updated:<br><li> httpd to 2.0.63</li> <li> mod_jk to 1.2.26</li> <li> the MySQL Connector/ODBC to 3.51.24r1071</li> <li> perl-DBD-MySQL to 4.006</li> <li> perl-DBI to 1.604</li> <li> postgresqlclient7 to 7.4.19</li> <li> postgresql-jdbc to 8.1.412</li> <li> unixODBC to 2.2.12</li>
Affected Software | Affected Version | How to fix |
---|
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.