- Vulnerability/
- RHSA-2017:0834
RHSA-2017:0834: Important: jboss-ec2-eap package for EAP 7.0.5
First published: Wed Mar 22 2017(Updated: )
The eap7-jboss-ec2-eap package provides scripts for Red Hat JBoss Enterprise<br>Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2).<br>With this update, the eap7-jboss-ec2-eap package has been updated to ensure<br>compatibility with Red Hat JBoss Enterprise Application Platform 7.0.5.<br>Refer to the JBoss Enterprise Application Platform 7.0.5 Release Notes, linked to in the References section, for information on the most significant bug fixes and enhancements included in this release.<br>Security Fix(es):<br><li>It was discovered that the jboss init script performed unsafe file handling</li> which could result in local privilege escalation.(CVE-2016-8656)<br><li>It was found that JBoss EAP 7 Header Cache was inefficient. An attacker could use this flaw to cause a denial of service attack.(CVE-2016-9589)</li> The CVE-2016-9589 issue was discovered by Gabriel Lavoie (Halogen Software).<br>Before applying this update, back up your existing Red Hat JBoss Enterprise<br>Application Platform installation and deployed applications.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/eap7-jboss-ec2-eap | <7.0.5-1.GA_redhat_1.ep7.el7 | 7.0.5-1.GA_redhat_1.ep7.el7 |
| redhat/eap7-jboss-ec2-eap | <7.0.5-1.GA_redhat_1.ep7.el7 | 7.0.5-1.GA_redhat_1.ep7.el7 |
| redhat/eap7-jboss-ec2-eap-samples | <7.0.5-1.GA_redhat_1.ep7.el7 | 7.0.5-1.GA_redhat_1.ep7.el7 |
| redhat/eap7-jboss-ec2-eap | <7.0.5-1.GA_redhat_1.ep7.el6 | 7.0.5-1.GA_redhat_1.ep7.el6 |
| redhat/eap7-jboss-ec2-eap | <7.0.5-1.GA_redhat_1.ep7.el6 | 7.0.5-1.GA_redhat_1.ep7.el6 |
| redhat/eap7-jboss-ec2-eap-samples | <7.0.5-1.GA_redhat_1.ep7.el6 | 7.0.5-1.GA_redhat_1.ep7.el6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1400344
- https://bugzilla.redhat.com/show_bug.cgi?id=1404782
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/
- https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/
- https://access.redhat.com/errata/RHSA-2017:0834 (Advisory)
Frequently Asked Questions
What is the severity of RHSA-2017:0834?
The severity of RHSA-2017:0834 is classified as important.
How do I fix RHSA-2017:0834?
To fix RHSA-2017:0834, upgrade the eap7-jboss-ec2-eap package to version 7.0.5-1.GA_redhat_1.ep7.el7 or the appropriate version for your distribution.
What packages are affected by RHSA-2017:0834?
The affected packages include eap7-jboss-ec2-eap and eap7-jboss-ec2-eap-samples for both el6 and el7.
Is RHSA-2017:0834 related to any specific platform?
Yes, RHSA-2017:0834 specifically pertains to the Red Hat JBoss Enterprise Application Platform running on Amazon Web Services (AWS) Elastic Compute Cloud (EC2).
When was the advisory for RHSA-2017:0834 released?
The advisory for RHSA-2017:0834 was released in 2017.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/redhat-errata
- anchor-id/RHSA-2017:0834
- package-manager/redhat