- Vulnerability/
- RHSA-2014:1892
RHSA-2014:1892: Important: Red Hat JBoss BPM Suite 6.0.3 update
First published: Mon Nov 24 2014(Updated: )
Red Hat JBoss BPM Suite is a business rules and processes management system<br>for the management, storage, creation, modification, and deployment of<br>JBoss rules and BPMN2-compliant business processes.<br>This roll up patch serves as a cumulative upgrade for Red Hat JBoss BPM<br>Suite 6.0.3, and includes bug fixes and enhancements. It includes various<br>bug fixes, which are listed in the README file included with the<br>patch files.<br>The following security issues are fixed with this release:<br>It was discovered that Jakarta Commons HttpClient incorrectly extracted the<br>host name from an X.509 certificate subject's Common Name (CN) field.<br>A man-in-the-middle attacker could use this flaw to spoof an SSL server<br>using a specially crafted X.509 certificate. (CVE-2012-6153, CVE-2014-3577)<br>The CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat<br>Product Security.<br>All users of Red Hat JBoss BPM Suite 6.0.3 as provided from the Red Hat<br>Customer Portal are advised to apply this roll up patch.
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1129074
- https://bugzilla.redhat.com/show_bug.cgi?id=1129916
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=bpm.suite&downloadType=distributions&version=6.0.3
- https://access.redhat.com/errata/RHSA-2014:1892 (Advisory)
- collector/redhat-errata
- anchor-id/RHSA-2014:1892
- agent/references
- agent/title
- agent/severity
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine