RHSA-2017:0834: Important: jboss-ec2-eap package for EAP 7.0.5

First published: Wed Mar 22 2017(Updated: )

The eap7-jboss-ec2-eap package provides scripts for Red Hat JBoss Enterprise<br>Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2).<br>With this update, the eap7-jboss-ec2-eap package has been updated to ensure<br>compatibility with Red Hat JBoss Enterprise Application Platform 7.0.5.<br>Refer to the JBoss Enterprise Application Platform 7.0.5 Release Notes, linked to in the References section, for information on the most significant bug fixes and enhancements included in this release.<br>Security Fix(es):<br><li>It was discovered that the jboss init script performed unsafe file handling</li> which could result in local privilege escalation.(CVE-2016-8656)<br><li>It was found that JBoss EAP 7 Header Cache was inefficient. An attacker could use this flaw to cause a denial of service attack.(CVE-2016-9589)</li> The CVE-2016-9589 issue was discovered by Gabriel Lavoie (Halogen Software).<br>Before applying this update, back up your existing Red Hat JBoss Enterprise<br>Application Platform installation and deployed applications.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• collector/redhat-errata
• anchor-id/RHSA-2017:0834
• package-manager/redhat