RHSA-2014:1007: Important: Red Hat JBoss BRMS 5.3.1 update

First published: Tue Aug 05 2014(Updated: )

Red Hat JBoss BRMS is a business rules management system for the<br>management, storage, creation, modification, and deployment of JBoss Rules.<br>This roll up patch serves as a cumulative upgrade for Red Hat JBoss BRMS<br>5.3.1. It includes various bug fixes. The following security issues are<br>also fixed with this release:<br>It was found that XStream could deserialize arbitrary user-supplied XML<br>content, representing objects of any type. A remote attacker able to pass<br>XML to XStream could use this flaw to perform a variety of attacks,<br>including remote code execution in the context of the server running the<br>XStream application. (CVE-2013-7285)<br>It was found that the secure processing feature of Xalan-Java had<br>insufficient restrictions defined for certain properties and features.<br>A remote attacker able to provide Extensible Stylesheet Language<br>Transformations (XSLT) content to be processed by an application using<br>Xalan-Java could use this flaw to bypass the intended constraints of the<br>secure processing feature. Depending on the components available in the<br>classpath, this could lead to arbitrary remote code execution in the<br>context of the application server running the application that uses<br>Xalan-Java. (CVE-2014-0107)<br>All users of Red Hat JBoss BRMS 5.3.1 as provided from the Red Hat Customer<br>Portal are advised to apply this roll up patch.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• anchor-id/RHSA-2014:1007
• agent/references
• agent/title
• agent/severity
• agent/tags
• agent/description
• agent/type
• agent/event
• agent/first-publish-date
• agent/softwarecombine
• agent/remedy
• agent/last-modified-date