- Vulnerability/
- RHSA-2018:0481
RHSA-2018:0481: Important: jboss-ec2-eap package for EAP 7.1.1
First published: Mon Mar 12 2018(Updated: )
The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2).<br>With this update, the eap7-jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 7.1.1<br>Refer to the JBoss Enterprise Application Platform 7.1 Release Notes, linked to in the References section, for information on the most significant bug fixes and enhancements included in this release.<br>Security Fix(es):<br><li> artemis/hornetq: memory exhaustion via UDP and JGroups discovery (CVE-2017-12174)</li> <li> infinispan: Unsafe deserialization of malicious object injected into data cache (CVE-2017-15089)</li> <li> jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) (CVE-2017-15095)</li> <li> jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) (CVE-2017-17485)</li> <li> resteasy: Vary header not added by CORS filter leading to cache poisoning (CVE-2017-7561)</li> <li> undertow: Client can use bogus uri in Digest authentication (CVE-2017-12196)</li> <li> undertow: ALLOW_ENCODED_SLASH option not taken into account in the AjpRequestParser (CVE-2018-1048)</li> <li> jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485) (CVE-2018-5968)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/eap7-jboss-ec2-eap | <7.1.1-3.1.GA_redhat_3.ep7.el7 | 7.1.1-3.1.GA_redhat_3.ep7.el7 |
| redhat/eap7-jboss-ec2-eap | <7.1.1-3.1.GA_redhat_3.ep7.el7 | 7.1.1-3.1.GA_redhat_3.ep7.el7 |
| redhat/eap7-jboss-ec2-eap-samples | <7.1.1-3.1.GA_redhat_3.ep7.el7 | 7.1.1-3.1.GA_redhat_3.ep7.el7 |
| redhat/eap7-jboss-ec2-eap | <7.1.1-3.1.GA_redhat_3.ep7.el6 | 7.1.1-3.1.GA_redhat_3.ep7.el6 |
| redhat/eap7-jboss-ec2-eap | <7.1.1-3.1.GA_redhat_3.ep7.el6 | 7.1.1-3.1.GA_redhat_3.ep7.el6 |
| redhat/eap7-jboss-ec2-eap-samples | <7.1.1-3.1.GA_redhat_3.ep7.el6 | 7.1.1-3.1.GA_redhat_3.ep7.el6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1483823
- https://bugzilla.redhat.com/show_bug.cgi?id=1498378
- https://bugzilla.redhat.com/show_bug.cgi?id=1503055
- https://bugzilla.redhat.com/show_bug.cgi?id=1503610
- https://bugzilla.redhat.com/show_bug.cgi?id=1506612
- https://bugzilla.redhat.com/show_bug.cgi?id=1528565
- https://bugzilla.redhat.com/show_bug.cgi?id=1534343
- https://bugzilla.redhat.com/show_bug.cgi?id=1538332
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/
- https://access.redhat.com/errata/RHSA-2018:0481 (Advisory)
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2018:0481
- agent/software-canonical-lookup
- package-manager/redhat