RHSA-2014:0374: Important: Red Hat JBoss Data Grid 6.2.1 update
First published: Thu Apr 03 2014(Updated: )
Red Hat JBoss Data Grid is a distributed in-memory data grid, based on<br>Infinispan.<br>This release of Red Hat JBoss Data Grid 6.2.1 serves as a replacement for<br>Red Hat JBoss Data Grid 6.2.0. It includes various bug fixes and<br>enhancements which are detailed in the Red Hat JBoss Data Grid 6.2.1<br>Release Notes. The Release Notes will be available shortly from<br><a href="https://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_Data_Grid/" target="_blank">https://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_Data_Grid/</a> This update also fixes the following security issues:<br>It was found that XStream could deserialize arbitrary user-supplied XML<br>content, representing objects of any type. A remote attacker able to pass<br>XML to XStream could use this flaw to perform a variety of attacks,<br>including remote code execution in the context of the server running the<br>XStream application. (CVE-2013-7285)<br>It was found that when Tomcat processed a series of HTTP requests in which<br>at least one request contained either multiple content-length headers, or<br>one content-length header with a chunked transfer-encoding header, Tomcat<br>would incorrectly handle the request. A remote attacker could use this flaw<br>to poison a web cache, perform cross-site scripting (XSS) attacks, or<br>obtain sensitive information from other requests. (CVE-2013-4286)<br>All users of Red Hat JBoss Data Grid 6.2.0 as provided from the Red Hat<br>Customer Portal are advised to upgrade to Red Hat JBoss Data Grid 6.2.1.
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1051277
- https://bugzilla.redhat.com/show_bug.cgi?id=1069921
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=data.grid&version=6.2.1
- https://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_Data_Grid/
- https://access.redhat.com/errata/RHSA-2014:0374 (Advisory)
- collector/redhat-errata
- anchor-id/RHSA-2014:0374
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness