RHSA-2017:1837: Important: eap7-jboss-ec2-eap security update

First published: Mon Jul 31 2017(Updated: )

The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2).<br>With this update, the eap7-jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 7.0.7.<br>Refer to the JBoss Enterprise Application Platform 7.0.7 Release Notes, linked to in the References section, for information on the most significant bug fixes and enhancements included in this release.<br>Security Fix(es):<br><li> A deserialization flaw was discovered in jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525)</li> <li> It was found that use of a JMS ObjectMessage does not safely handle user-supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the JMS ObjectMessage. (CVE-2016-4978)</li> Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-7525.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2017:1837
• agent/software-canonical-lookup
• package-manager/redhat