RHSA-2019:1297: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP2 security update

First published: Thu May 30 2019(Updated: )

Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.<br>This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.29 Service Pack 2 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.29, and includes bug fixes for CVEs which are linked to in the References section.<br>Security Fix(es):<br><li> openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732)</li> <li> openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495)</li> <li> httpd: privilege escalation from modules scripts (CVE-2019-0211)</li> Details around this issue, including information about the CVE, severity of the issue, and CVSS scores can be found on the CVE pages listed in the References section below.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/severity
• agent/type
• agent/first-publish-date
• agent/softwarecombine
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/title
• agent/tags
• agent/description
• agent/event
• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2019:1297
• agent/software-canonical-lookup
• package-manager/redhat