RHSA-2019:2413: Important: Red Hat Fuse 7.4.0 security update

First published: Thu Aug 08 2019(Updated: )

This release of Red Hat Fuse 7.4.0 serves as a replacement for Red Hat Fuse 7.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.<br>Security Fix(es):<br><li> hazelcast: java deserialization in join cluster procedure leading to remote code execution (CVE-2016-10750)</li> <li> slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)</li> <li> jolokia: system-wide CSRF that could lead to Remote Code Execution (CVE-2018-10899)</li> <li> spring-security-oauth: Privilege escalation by manipulating saved authorization request (CVE-2018-15758)</li> <li> solr: remote code execution due to unsafe deserialization (CVE-2019-0192)</li> <li> thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class (CVE-2018-1320)</li> <li> spring-security-core: Unauthorized Access with Spring Security Method Security (CVE-2018-1258)</li> <li> wildfly: Race condition on PID file allows for termination of arbitrary processes by local users (CVE-2019-3805)</li> For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2019:2413
• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness