What is the severity of RHSA-2017:1675?

The severity of RHSA-2017:1675 is classified as important.

How do I fix RHSA-2017:1675?

To fix RHSA-2017:1675, update to Red Hat JBoss BPM Suite 6.4.4 or later.

What software is affected by RHSA-2017:1675?

RHSA-2017:1675 affects Red Hat JBoss BPM Suite versions prior to 6.4.4.

What issues does RHSA-2017:1675 address?

RHSA-2017:1675 addresses various security vulnerabilities in JBoss BPM Suite.

Is RHSA-2017:1675 related to any specific bugs?

Yes, RHSA-2017:1675 is related to several bugs reported in the Red Hat Bugzilla.

Vulnerability/
RHSA-2017:1675

4/7/2017

9/1/2025

RHSA-2017:1675: Moderate: Red Hat JBoss BPM Suite security update

First published: Tue Jul 04 2017(Updated: )

Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes.<br>This release of Red Hat JBoss BPM Suite 6.4.4 serves as a replacement for Red Hat JBoss BPM Suite 6.4.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.<br>Security Fix(es):<br><li> It was found that GZIPInterceptor is enabled when not necessarily required in RESTEasy. An attacker could use this flaw to launch a Denial of Service attack. (CVE-2016-6346)</li> <li> It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy. (CVE-2016-9606)</li> <li> It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to execute arbitrary code through deserialization of custom gadget chains. (CVE-2017-5929)</li> Red Hat would like to thank Mikhail Egorov (Odin) for reporting CVE-2016-6346 and Moritz Bechler (AgNO3 GmbH & Co. KG) for reporting CVE-2016-9606.

Affected Software	Affected Version	How to fix
Red Hat JBoss BPM Suite

Never miss a vulnerability like this again

Reference Links

https://access.redhat.com/errata/RHSA-2017:1675 (Advisory)

Frequently Asked Questions

What is the severity of RHSA-2017:1675?
The severity of RHSA-2017:1675 is classified as important.
How do I fix RHSA-2017:1675?
To fix RHSA-2017:1675, update to Red Hat JBoss BPM Suite 6.4.4 or later.
What software is affected by RHSA-2017:1675?
RHSA-2017:1675 affects Red Hat JBoss BPM Suite versions prior to 6.4.4.
What issues does RHSA-2017:1675 address?
RHSA-2017:1675 addresses various security vulnerabilities in JBoss BPM Suite.
Is RHSA-2017:1675 related to any specific bugs?
Yes, RHSA-2017:1675 is related to several bugs reported in the Red Hat Bugzilla.

agent/severity
agent/type
agent/first-publish-date
agent/last-modified-date
agent/trending
agent/remedy
agent/title
agent/description
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2017:1675
agent/references
agent/event
agent/source
agent/tags
agent/softwarecombine
agent/guess-ai
agent/software-canonical-lookup

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.