First published: Tue Apr 03 2018(Updated: )
Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.<br>This asynchronous patch is a security update for slf4j package in Red Hat JBoss Enterprise Application Platform 6.4.<br>Security Fix(es):<br><li> An XML deserialization vulnerability was discovered in slf4j's EventData which accepts xml serialized string and can lead to arbitrary code execution. (CVE-2018-8088)</li> The Simple Logging Facade for Java or (SLF4J) is a simple facade for various logging APIs allowing the end-user to plug in the desired implementation at deployment time. SLF4J also allows for a gradual migration path away from Jakarta Commons Logging (JCL).<br>Red Hat would like to thank Chris McCown for reporting CVE-2018-8088.
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/slf4j-eap6 | <1.7.2-14.redhat_4.1.ep6.el7 | 1.7.2-14.redhat_4.1.ep6.el7 |
redhat/slf4j-eap6 | <1.7.2-14.redhat_4.1.ep6.el7 | 1.7.2-14.redhat_4.1.ep6.el7 |
redhat/slf4j-eap6 | <1.7.2-14.redhat_4.1.ep6.el6 | 1.7.2-14.redhat_4.1.ep6.el6 |
redhat/slf4j-eap6 | <1.7.2-14.redhat_4.1.ep6.el6 | 1.7.2-14.redhat_4.1.ep6.el6 |
redhat/slf4j-eap6 | <1.7.2-14.redhat_4.1.ep6.el5 | 1.7.2-14.redhat_4.1.ep6.el5 |
redhat/slf4j | <1.7.2-14.redhat_4.1.ep6.el5 | 1.7.2-14.redhat_4.1.ep6.el5 |
redhat/slf4j-eap6 | <1.7.2-14.redhat_4.1.ep6.el5 | 1.7.2-14.redhat_4.1.ep6.el5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.