- Vulnerability/
- RHSA-2017:0832
22/3/2017
RHSA-2017:0832: Important: JBoss Enterprise Application Platform 7.0.5 on RHEL 7
First published: Wed Mar 22 2017(Updated: )
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.<br>This release of Red Hat JBoss Enterprise Application Platform 7.0.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.<br>Security Fix(es):<br><li> It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation. (CVE-2016-8656)</li> <li> It was found that JBoss EAP 7 Header Cache was inefficient. An attacker could use this flaw to cause a denial of service attack. (CVE-2016-9589)</li> Red Hat would like to thank Gabriel Lavoie (Halogen Software) for reporting CVE-2016-9589.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/eap7-activemq-artemis | <1.1.0-16.SP19_redhat_1.1.ep7.el7 | 1.1.0-16.SP19_redhat_1.1.ep7.el7 |
| redhat/eap7-artemis-native | <1.1.0-12.redhat_4.ep7.el7 | 1.1.0-12.redhat_4.ep7.el7 |
| redhat/eap7-hibernate | <5.0.12-1.Final_redhat_1.1.ep7.el7 | 5.0.12-1.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-infinispan | <8.1.7-1.Final_redhat_1.1.ep7.el7 | 8.1.7-1.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-jboss-msc | <1.2.7-1.SP1_redhat_1.1.ep7.el7 | 1.2.7-1.SP1_redhat_1.1.ep7.el7 |
| redhat/eap7-jboss-xnio-base | <3.4.3-2.Final_redhat_1.1.ep7.el7 | 3.4.3-2.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-narayana | <5.2.22-1.Final_redhat_1.1.ep7.el7 | 5.2.22-1.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-netty | <4.0.35-2.Final_redhat_1.1.ep7.el7 | 4.0.35-2.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-picketlink-bindings | <2.5.5-6.SP6_redhat_1.1.ep7.el7 | 2.5.5-6.SP6_redhat_1.1.ep7.el7 |
| redhat/eap7-picketlink-federation | <2.5.5-6.SP6_redhat_1.1.ep7.el7 | 2.5.5-6.SP6_redhat_1.1.ep7.el7 |
| redhat/eap7-resteasy | <3.0.19-3.SP1_redhat_1.1.ep7.el7 | 3.0.19-3.SP1_redhat_1.1.ep7.el7 |
| redhat/eap7-undertow | <1.3.27-1.Final_redhat_1.1.ep7.el7 | 1.3.27-1.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-wildfly | <7.0.5-3.GA_redhat_2.1.ep7.el7 | 7.0.5-3.GA_redhat_2.1.ep7.el7 |
| redhat/eap7-wildfly-javadocs | <7.0.5-2.GA_redhat_2.1.ep7.el7 | 7.0.5-2.GA_redhat_2.1.ep7.el7 |
| redhat/eap7-wildfly-web-console-eap | <2.8.29-1.Final_redhat_1.1.ep7.el7 | 2.8.29-1.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-xml-security | <2.0.8-1.redhat_1.1.ep7.el7 | 2.0.8-1.redhat_1.1.ep7.el7 |
| redhat/eap7-activemq-artemis | <1.1.0-16.SP19_redhat_1.1.ep7.el7 | 1.1.0-16.SP19_redhat_1.1.ep7.el7 |
| redhat/eap7-activemq-artemis-cli | <1.1.0-16.SP19_redhat_1.1.ep7.el7 | 1.1.0-16.SP19_redhat_1.1.ep7.el7 |
| redhat/eap7-activemq-artemis-commons | <1.1.0-16.SP19_redhat_1.1.ep7.el7 | 1.1.0-16.SP19_redhat_1.1.ep7.el7 |
| redhat/eap7-activemq-artemis-core-client | <1.1.0-16.SP19_redhat_1.1.ep7.el7 | 1.1.0-16.SP19_redhat_1.1.ep7.el7 |
| redhat/eap7-activemq-artemis-dto | <1.1.0-16.SP19_redhat_1.1.ep7.el7 | 1.1.0-16.SP19_redhat_1.1.ep7.el7 |
| redhat/eap7-activemq-artemis-hornetq-protocol | <1.1.0-16.SP19_redhat_1.1.ep7.el7 | 1.1.0-16.SP19_redhat_1.1.ep7.el7 |
| redhat/eap7-activemq-artemis-hqclient-protocol | <1.1.0-16.SP19_redhat_1.1.ep7.el7 | 1.1.0-16.SP19_redhat_1.1.ep7.el7 |
| redhat/eap7-activemq-artemis-jms-client | <1.1.0-16.SP19_redhat_1.1.ep7.el7 | 1.1.0-16.SP19_redhat_1.1.ep7.el7 |
| redhat/eap7-activemq-artemis-jms-server | <1.1.0-16.SP19_redhat_1.1.ep7.el7 | 1.1.0-16.SP19_redhat_1.1.ep7.el7 |
| redhat/eap7-activemq-artemis-journal | <1.1.0-16.SP19_redhat_1.1.ep7.el7 | 1.1.0-16.SP19_redhat_1.1.ep7.el7 |
| redhat/eap7-activemq-artemis-native | <1.1.0-16.SP19_redhat_1.1.ep7.el7 | 1.1.0-16.SP19_redhat_1.1.ep7.el7 |
| redhat/eap7-activemq-artemis-ra | <1.1.0-16.SP19_redhat_1.1.ep7.el7 | 1.1.0-16.SP19_redhat_1.1.ep7.el7 |
| redhat/eap7-activemq-artemis-selector | <1.1.0-16.SP19_redhat_1.1.ep7.el7 | 1.1.0-16.SP19_redhat_1.1.ep7.el7 |
| redhat/eap7-activemq-artemis-server | <1.1.0-16.SP19_redhat_1.1.ep7.el7 | 1.1.0-16.SP19_redhat_1.1.ep7.el7 |
| redhat/eap7-activemq-artemis-service-extensions | <1.1.0-16.SP19_redhat_1.1.ep7.el7 | 1.1.0-16.SP19_redhat_1.1.ep7.el7 |
| redhat/eap7-artemis-native | <1.1.0-12.redhat_4.ep7.el7 | 1.1.0-12.redhat_4.ep7.el7 |
| redhat/eap7-artemis-native-wildfly | <1.1.0-12.redhat_4.ep7.el7 | 1.1.0-12.redhat_4.ep7.el7 |
| redhat/eap7-hibernate | <5.0.12-1.Final_redhat_1.1.ep7.el7 | 5.0.12-1.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-hibernate-core | <5.0.12-1.Final_redhat_1.1.ep7.el7 | 5.0.12-1.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-hibernate-entitymanager | <5.0.12-1.Final_redhat_1.1.ep7.el7 | 5.0.12-1.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-hibernate-envers | <5.0.12-1.Final_redhat_1.1.ep7.el7 | 5.0.12-1.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-hibernate-infinispan | <5.0.12-1.Final_redhat_1.1.ep7.el7 | 5.0.12-1.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-hibernate-java8 | <5.0.12-1.Final_redhat_1.1.ep7.el7 | 5.0.12-1.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-infinispan | <8.1.7-1.Final_redhat_1.1.ep7.el7 | 8.1.7-1.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-infinispan-cachestore-jdbc | <8.1.7-1.Final_redhat_1.1.ep7.el7 | 8.1.7-1.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-infinispan-cachestore-remote | <8.1.7-1.Final_redhat_1.1.ep7.el7 | 8.1.7-1.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-infinispan-client-hotrod | <8.1.7-1.Final_redhat_1.1.ep7.el7 | 8.1.7-1.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-infinispan-commons | <8.1.7-1.Final_redhat_1.1.ep7.el7 | 8.1.7-1.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-infinispan-core | <8.1.7-1.Final_redhat_1.1.ep7.el7 | 8.1.7-1.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-jboss-msc | <1.2.7-1.SP1_redhat_1.1.ep7.el7 | 1.2.7-1.SP1_redhat_1.1.ep7.el7 |
| redhat/eap7-jboss-xnio-base | <3.4.3-2.Final_redhat_1.1.ep7.el7 | 3.4.3-2.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-narayana | <5.2.22-1.Final_redhat_1.1.ep7.el7 | 5.2.22-1.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-narayana-compensations | <5.2.22-1.Final_redhat_1.1.ep7.el7 | 5.2.22-1.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-narayana-jbosstxbridge | <5.2.22-1.Final_redhat_1.1.ep7.el7 | 5.2.22-1.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-narayana-jbossxts | <5.2.22-1.Final_redhat_1.1.ep7.el7 | 5.2.22-1.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-narayana-jts-idlj | <5.2.22-1.Final_redhat_1.1.ep7.el7 | 5.2.22-1.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-narayana-jts-integration | <5.2.22-1.Final_redhat_1.1.ep7.el7 | 5.2.22-1.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-narayana-restat-api | <5.2.22-1.Final_redhat_1.1.ep7.el7 | 5.2.22-1.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-narayana-restat-bridge | <5.2.22-1.Final_redhat_1.1.ep7.el7 | 5.2.22-1.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-narayana-restat-integration | <5.2.22-1.Final_redhat_1.1.ep7.el7 | 5.2.22-1.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-narayana-restat-util | <5.2.22-1.Final_redhat_1.1.ep7.el7 | 5.2.22-1.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-narayana-txframework | <5.2.22-1.Final_redhat_1.1.ep7.el7 | 5.2.22-1.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-netty | <4.0.35-2.Final_redhat_1.1.ep7.el7 | 4.0.35-2.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-netty-all | <4.0.35-2.Final_redhat_1.1.ep7.el7 | 4.0.35-2.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-picketlink-api | <2.5.5-6.SP6_redhat_1.1.ep7.el7 | 2.5.5-6.SP6_redhat_1.1.ep7.el7 |
| redhat/eap7-picketlink-bindings | <2.5.5-6.SP6_redhat_1.1.ep7.el7 | 2.5.5-6.SP6_redhat_1.1.ep7.el7 |
| redhat/eap7-picketlink-common | <2.5.5-6.SP6_redhat_1.1.ep7.el7 | 2.5.5-6.SP6_redhat_1.1.ep7.el7 |
| redhat/eap7-picketlink-config | <2.5.5-6.SP6_redhat_1.1.ep7.el7 | 2.5.5-6.SP6_redhat_1.1.ep7.el7 |
| redhat/eap7-picketlink-federation | <2.5.5-6.SP6_redhat_1.1.ep7.el7 | 2.5.5-6.SP6_redhat_1.1.ep7.el7 |
| redhat/eap7-picketlink-idm-api | <2.5.5-6.SP6_redhat_1.1.ep7.el7 | 2.5.5-6.SP6_redhat_1.1.ep7.el7 |
| redhat/eap7-picketlink-idm-impl | <2.5.5-6.SP6_redhat_1.1.ep7.el7 | 2.5.5-6.SP6_redhat_1.1.ep7.el7 |
| redhat/eap7-picketlink-idm-simple-schema | <2.5.5-6.SP6_redhat_1.1.ep7.el7 | 2.5.5-6.SP6_redhat_1.1.ep7.el7 |
| redhat/eap7-picketlink-impl | <2.5.5-6.SP6_redhat_1.1.ep7.el7 | 2.5.5-6.SP6_redhat_1.1.ep7.el7 |
| redhat/eap7-picketlink-wildfly8 | <2.5.5-6.SP6_redhat_1.1.ep7.el7 | 2.5.5-6.SP6_redhat_1.1.ep7.el7 |
| redhat/eap7-resteasy | <3.0.19-3.SP1_redhat_1.1.ep7.el7 | 3.0.19-3.SP1_redhat_1.1.ep7.el7 |
| redhat/eap7-resteasy-async-http-servlet | <3.0-3.0.19-3.SP1_redhat_1.1.ep7.el7 | 3.0-3.0.19-3.SP1_redhat_1.1.ep7.el7 |
| redhat/eap7-resteasy-atom-provider | <3.0.19-3.SP1_redhat_1.1.ep7.el7 | 3.0.19-3.SP1_redhat_1.1.ep7.el7 |
| redhat/eap7-resteasy-cdi | <3.0.19-3.SP1_redhat_1.1.ep7.el7 | 3.0.19-3.SP1_redhat_1.1.ep7.el7 |
| redhat/eap7-resteasy-client | <3.0.19-3.SP1_redhat_1.1.ep7.el7 | 3.0.19-3.SP1_redhat_1.1.ep7.el7 |
| redhat/eap7-resteasy-crypto | <3.0.19-3.SP1_redhat_1.1.ep7.el7 | 3.0.19-3.SP1_redhat_1.1.ep7.el7 |
| redhat/eap7-resteasy-jackson-provider | <3.0.19-3.SP1_redhat_1.1.ep7.el7 | 3.0.19-3.SP1_redhat_1.1.ep7.el7 |
| redhat/eap7-resteasy-jackson2-provider | <3.0.19-3.SP1_redhat_1.1.ep7.el7 | 3.0.19-3.SP1_redhat_1.1.ep7.el7 |
| redhat/eap7-resteasy-jaxb-provider | <3.0.19-3.SP1_redhat_1.1.ep7.el7 | 3.0.19-3.SP1_redhat_1.1.ep7.el7 |
| redhat/eap7-resteasy-jaxrs | <3.0.19-3.SP1_redhat_1.1.ep7.el7 | 3.0.19-3.SP1_redhat_1.1.ep7.el7 |
| redhat/eap7-resteasy-jettison-provider | <3.0.19-3.SP1_redhat_1.1.ep7.el7 | 3.0.19-3.SP1_redhat_1.1.ep7.el7 |
| redhat/eap7-resteasy-jose-jwt | <3.0.19-3.SP1_redhat_1.1.ep7.el7 | 3.0.19-3.SP1_redhat_1.1.ep7.el7 |
| redhat/eap7-resteasy-jsapi | <3.0.19-3.SP1_redhat_1.1.ep7.el7 | 3.0.19-3.SP1_redhat_1.1.ep7.el7 |
| redhat/eap7-resteasy-json-p-provider | <3.0.19-3.SP1_redhat_1.1.ep7.el7 | 3.0.19-3.SP1_redhat_1.1.ep7.el7 |
| redhat/eap7-resteasy-multipart-provider | <3.0.19-3.SP1_redhat_1.1.ep7.el7 | 3.0.19-3.SP1_redhat_1.1.ep7.el7 |
| redhat/eap7-resteasy-spring | <3.0.19-3.SP1_redhat_1.1.ep7.el7 | 3.0.19-3.SP1_redhat_1.1.ep7.el7 |
| redhat/eap7-resteasy-validator-provider | <11-3.0.19-3.SP1_redhat_1.1.ep7.el7 | 11-3.0.19-3.SP1_redhat_1.1.ep7.el7 |
| redhat/eap7-resteasy-yaml-provider | <3.0.19-3.SP1_redhat_1.1.ep7.el7 | 3.0.19-3.SP1_redhat_1.1.ep7.el7 |
| redhat/eap7-undertow | <1.3.27-1.Final_redhat_1.1.ep7.el7 | 1.3.27-1.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-wildfly | <7.0.5-3.GA_redhat_2.1.ep7.el7 | 7.0.5-3.GA_redhat_2.1.ep7.el7 |
| redhat/eap7-wildfly-javadocs | <7.0.5-2.GA_redhat_2.1.ep7.el7 | 7.0.5-2.GA_redhat_2.1.ep7.el7 |
| redhat/eap7-wildfly-modules | <7.0.5-3.GA_redhat_2.1.ep7.el7 | 7.0.5-3.GA_redhat_2.1.ep7.el7 |
| redhat/eap7-wildfly-web-console-eap | <2.8.29-1.Final_redhat_1.1.ep7.el7 | 2.8.29-1.Final_redhat_1.1.ep7.el7 |
| redhat/eap7-xml-security | <2.0.8-1.redhat_1.1.ep7.el7 | 2.0.8-1.redhat_1.1.ep7.el7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1400344
- https://bugzilla.redhat.com/show_bug.cgi?id=1404782
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/
- https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/installation-guide/
- https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/
- https://access.redhat.com/errata/RHSA-2017:0832 (Advisory)
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/redhat-errata
- anchor-id/RHSA-2017:0832
- package-manager/redhat