- Vulnerability/
- RHSA-2022:5892
3/8/2022
RHSA-2022:5892: Moderate: Red Hat JBoss Enterprise Application Platform 7.4.6 Security update
First published: Wed Aug 03 2022(Updated: )
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.6 Release Notes for information about the most significant bug fixes and enhancements included in this release.<br>Security Fix(es):<br><li> com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647)</li> <li> org.jboss.hal-hal-parent: minimist: prototype pollution (CVE-2021-44906)</li> <li> netty: world readable temporary file containing sensitive data (CVE-2022-24823)</li>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/eap7-apache-cxf | <3.3.13-1.redhat_00001.1.el7ea | 3.3.13-1.redhat_00001.1.el7ea |
| redhat/eap7-glassfish-jsf | <2.3.14-4.SP05_redhat_00001.1.el7ea | 2.3.14-4.SP05_redhat_00001.1.el7ea |
| redhat/eap7-gson | <2.8.9-1.redhat_00001.1.el7ea | 2.8.9-1.redhat_00001.1.el7ea |
| redhat/eap7-hal-console | <3.3.13-1.Final_redhat_00001.1.el7ea | 3.3.13-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-hibernate | <5.3.27-1.Final_redhat_00001.1.el7ea | 5.3.27-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-ironjacamar | <1.5.3-2.SP1_redhat_00001.1.el7ea | 1.5.3-2.SP1_redhat_00001.1.el7ea |
| redhat/eap7-jackson-databind | <2.12.6.1-2.redhat_00004.1.el7ea | 2.12.6.1-2.redhat_00004.1.el7ea |
| redhat/eap7-jandex | <2.4.2-1.Final_redhat_00001.1.el7ea | 2.4.2-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-jberet | <1.3.9-2.SP2_redhat_00001.1.el7ea | 1.3.9-2.SP2_redhat_00001.1.el7ea |
| redhat/eap7-jboss-remoting | <5.0.25-1.SP1_redhat_00001.1.el7ea | 5.0.25-1.SP1_redhat_00001.1.el7ea |
| redhat/eap7-jboss-server-migration | <1.10.0-18.Final_redhat_00017.1.el7ea | 1.10.0-18.Final_redhat_00017.1.el7ea |
| redhat/eap7-netty | <4.1.77-1.Final_redhat_00001.1.el7ea | 4.1.77-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-netty-tcnative | <2.0.52-1.Final_redhat_00001.1.el7ea | 2.0.52-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-netty-transport-native-epoll | <4.1.77-1.Final_redhat_00001.1.el7ea | 4.1.77-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-picketbox | <5.0.3-10.Final_redhat_00009.1.el7ea | 5.0.3-10.Final_redhat_00009.1.el7ea |
| redhat/eap7-picketlink-bindings | <2.5.5-26.SP12_redhat_00014.1.el7ea | 2.5.5-26.SP12_redhat_00014.1.el7ea |
| redhat/eap7-picketlink-federation | <2.5.5-21.SP12_redhat_00011.1.el7ea | 2.5.5-21.SP12_redhat_00011.1.el7ea |
| redhat/eap7-undertow | <2.2.18-2.SP2_redhat_00001.1.el7ea | 2.2.18-2.SP2_redhat_00001.1.el7ea |
| redhat/eap7-wildfly | <7.4.6-5.GA_redhat_00002.1.el7ea | 7.4.6-5.GA_redhat_00002.1.el7ea |
| redhat/eap7-wildfly-elytron | <1.15.13-1.Final_redhat_00001.1.el7ea | 1.15.13-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-wildfly-http-client | <1.1.12-1.SP1_redhat_00001.1.el7ea | 1.1.12-1.SP1_redhat_00001.1.el7ea |
| redhat/eap7-wildfly-openssl | <2.2.3-1.Final_redhat_00001.1.el7ea | 2.2.3-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-apache-cxf-rt | <3.3.13-1.redhat_00001.1.el7ea | 3.3.13-1.redhat_00001.1.el7ea |
| redhat/eap7-apache-cxf-services | <3.3.13-1.redhat_00001.1.el7ea | 3.3.13-1.redhat_00001.1.el7ea |
| redhat/eap7-apache-cxf-tools | <3.3.13-1.redhat_00001.1.el7ea | 3.3.13-1.redhat_00001.1.el7ea |
| redhat/eap7-hibernate-core | <5.3.27-1.Final_redhat_00001.1.el7ea | 5.3.27-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-hibernate-entitymanager | <5.3.27-1.Final_redhat_00001.1.el7ea | 5.3.27-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-hibernate-envers | <5.3.27-1.Final_redhat_00001.1.el7ea | 5.3.27-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-hibernate-java8 | <5.3.27-1.Final_redhat_00001.1.el7ea | 5.3.27-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-ironjacamar-common-api | <1.5.3-2.SP1_redhat_00001.1.el7ea | 1.5.3-2.SP1_redhat_00001.1.el7ea |
| redhat/eap7-ironjacamar-common-impl | <1.5.3-2.SP1_redhat_00001.1.el7ea | 1.5.3-2.SP1_redhat_00001.1.el7ea |
| redhat/eap7-ironjacamar-common-spi | <1.5.3-2.SP1_redhat_00001.1.el7ea | 1.5.3-2.SP1_redhat_00001.1.el7ea |
| redhat/eap7-ironjacamar-core-api | <1.5.3-2.SP1_redhat_00001.1.el7ea | 1.5.3-2.SP1_redhat_00001.1.el7ea |
| redhat/eap7-ironjacamar-core-impl | <1.5.3-2.SP1_redhat_00001.1.el7ea | 1.5.3-2.SP1_redhat_00001.1.el7ea |
| redhat/eap7-ironjacamar-deployers-common | <1.5.3-2.SP1_redhat_00001.1.el7ea | 1.5.3-2.SP1_redhat_00001.1.el7ea |
| redhat/eap7-ironjacamar-jdbc | <1.5.3-2.SP1_redhat_00001.1.el7ea | 1.5.3-2.SP1_redhat_00001.1.el7ea |
| redhat/eap7-ironjacamar-validator | <1.5.3-2.SP1_redhat_00001.1.el7ea | 1.5.3-2.SP1_redhat_00001.1.el7ea |
| redhat/eap7-jberet-core | <1.3.9-2.SP2_redhat_00001.1.el7ea | 1.3.9-2.SP2_redhat_00001.1.el7ea |
| redhat/eap7-jboss-server-migration-cli | <1.10.0-18.Final_redhat_00017.1.el7ea | 1.10.0-18.Final_redhat_00017.1.el7ea |
| redhat/eap7-jboss-server-migration-core | <1.10.0-18.Final_redhat_00017.1.el7ea | 1.10.0-18.Final_redhat_00017.1.el7ea |
| redhat/eap7-netty-all | <4.1.77-1.Final_redhat_00001.1.el7ea | 4.1.77-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-netty-buffer | <4.1.77-1.Final_redhat_00001.1.el7ea | 4.1.77-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-netty-codec | <4.1.77-1.Final_redhat_00001.1.el7ea | 4.1.77-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-netty-codec-dns | <4.1.77-1.Final_redhat_00001.1.el7ea | 4.1.77-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-netty-codec-haproxy | <4.1.77-1.Final_redhat_00001.1.el7ea | 4.1.77-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-netty-codec-http | <4.1.77-1.Final_redhat_00001.1.el7ea | 4.1.77-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-netty-codec-http2 | <4.1.77-1.Final_redhat_00001.1.el7ea | 4.1.77-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-netty-codec-memcache | <4.1.77-1.Final_redhat_00001.1.el7ea | 4.1.77-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-netty-codec-mqtt | <4.1.77-1.Final_redhat_00001.1.el7ea | 4.1.77-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-netty-codec-redis | <4.1.77-1.Final_redhat_00001.1.el7ea | 4.1.77-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-netty-codec-smtp | <4.1.77-1.Final_redhat_00001.1.el7ea | 4.1.77-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-netty-codec-socks | <4.1.77-1.Final_redhat_00001.1.el7ea | 4.1.77-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-netty-codec-stomp | <4.1.77-1.Final_redhat_00001.1.el7ea | 4.1.77-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-netty-codec-xml | <4.1.77-1.Final_redhat_00001.1.el7ea | 4.1.77-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-netty-common | <4.1.77-1.Final_redhat_00001.1.el7ea | 4.1.77-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-netty-handler | <4.1.77-1.Final_redhat_00001.1.el7ea | 4.1.77-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-netty-handler-proxy | <4.1.77-1.Final_redhat_00001.1.el7ea | 4.1.77-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-netty-resolver | <4.1.77-1.Final_redhat_00001.1.el7ea | 4.1.77-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-netty-resolver-dns | <4.1.77-1.Final_redhat_00001.1.el7ea | 4.1.77-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-netty-resolver-dns-classes-macos | <4.1.77-1.Final_redhat_00001.1.el7ea | 4.1.77-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-netty-transport | <4.1.77-1.Final_redhat_00001.1.el7ea | 4.1.77-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-netty-transport-classes-epoll | <4.1.77-1.Final_redhat_00001.1.el7ea | 4.1.77-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-netty-transport-classes-kqueue | <4.1.77-1.Final_redhat_00001.1.el7ea | 4.1.77-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-netty-transport-native-epoll-debuginfo | <4.1.77-1.Final_redhat_00001.1.el7ea | 4.1.77-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-netty-transport-native-unix-common | <4.1.77-1.Final_redhat_00001.1.el7ea | 4.1.77-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-netty-transport-rxtx | <4.1.77-1.Final_redhat_00001.1.el7ea | 4.1.77-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-netty-transport-sctp | <4.1.77-1.Final_redhat_00001.1.el7ea | 4.1.77-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-netty-transport-udt | <4.1.77-1.Final_redhat_00001.1.el7ea | 4.1.77-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-picketbox-infinispan | <5.0.3-10.Final_redhat_00009.1.el7ea | 5.0.3-10.Final_redhat_00009.1.el7ea |
| redhat/eap7-picketlink-api | <2.5.5-21.SP12_redhat_00011.1.el7ea | 2.5.5-21.SP12_redhat_00011.1.el7ea |
| redhat/eap7-picketlink-common | <2.5.5-21.SP12_redhat_00011.1.el7ea | 2.5.5-21.SP12_redhat_00011.1.el7ea |
| redhat/eap7-picketlink-config | <2.5.5-21.SP12_redhat_00011.1.el7ea | 2.5.5-21.SP12_redhat_00011.1.el7ea |
| redhat/eap7-picketlink-idm-api | <2.5.5-21.SP12_redhat_00011.1.el7ea | 2.5.5-21.SP12_redhat_00011.1.el7ea |
| redhat/eap7-picketlink-idm-impl | <2.5.5-21.SP12_redhat_00011.1.el7ea | 2.5.5-21.SP12_redhat_00011.1.el7ea |
| redhat/eap7-picketlink-idm-simple-schema | <2.5.5-21.SP12_redhat_00011.1.el7ea | 2.5.5-21.SP12_redhat_00011.1.el7ea |
| redhat/eap7-picketlink-impl | <2.5.5-21.SP12_redhat_00011.1.el7ea | 2.5.5-21.SP12_redhat_00011.1.el7ea |
| redhat/eap7-picketlink-wildfly8 | <2.5.5-26.SP12_redhat_00014.1.el7ea | 2.5.5-26.SP12_redhat_00014.1.el7ea |
| redhat/eap7-wildfly-elytron-tool | <1.15.13-1.Final_redhat_00001.1.el7ea | 1.15.13-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-wildfly-http-client-common | <1.1.12-1.SP1_redhat_00001.1.el7ea | 1.1.12-1.SP1_redhat_00001.1.el7ea |
| redhat/eap7-wildfly-http-ejb-client | <1.1.12-1.SP1_redhat_00001.1.el7ea | 1.1.12-1.SP1_redhat_00001.1.el7ea |
| redhat/eap7-wildfly-http-naming-client | <1.1.12-1.SP1_redhat_00001.1.el7ea | 1.1.12-1.SP1_redhat_00001.1.el7ea |
| redhat/eap7-wildfly-http-transaction-client | <1.1.12-1.SP1_redhat_00001.1.el7ea | 1.1.12-1.SP1_redhat_00001.1.el7ea |
| redhat/eap7-wildfly-java-jdk11 | <7.4.6-5.GA_redhat_00002.1.el7ea | 7.4.6-5.GA_redhat_00002.1.el7ea |
| redhat/eap7-wildfly-java-jdk8 | <7.4.6-5.GA_redhat_00002.1.el7ea | 7.4.6-5.GA_redhat_00002.1.el7ea |
| redhat/eap7-wildfly-javadocs | <7.4.6-5.GA_redhat_00002.1.el7ea | 7.4.6-5.GA_redhat_00002.1.el7ea |
| redhat/eap7-wildfly-modules | <7.4.6-5.GA_redhat_00002.1.el7ea | 7.4.6-5.GA_redhat_00002.1.el7ea |
| redhat/eap7-wildfly-openssl-java | <2.2.3-1.Final_redhat_00001.1.el7ea | 2.2.3-1.Final_redhat_00001.1.el7ea |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=2066009
- https://bugzilla.redhat.com/show_bug.cgi?id=2080850
- https://bugzilla.redhat.com/show_bug.cgi?id=2087186
- https://issues.redhat.com/browse/JBEAP-23360
- https://issues.redhat.com/browse/JBEAP-17119
- https://issues.redhat.com/browse/JBEAP-23344
- https://issues.redhat.com/browse/JBEAP-23444
- https://issues.redhat.com/browse/JBEAP-23492
- https://issues.redhat.com/browse/JBEAP-23526
- https://issues.redhat.com/browse/JBEAP-23528
- https://issues.redhat.com/browse/JBEAP-23546
- https://issues.redhat.com/browse/JBEAP-23550
- https://issues.redhat.com/browse/JBEAP-23551
- https://issues.redhat.com/browse/JBEAP-23554
- https://issues.redhat.com/browse/JBEAP-23556
- https://issues.redhat.com/browse/JBEAP-23557
- https://issues.redhat.com/browse/JBEAP-23559
- https://issues.redhat.com/browse/JBEAP-23561
- https://issues.redhat.com/browse/JBEAP-23566
- https://issues.redhat.com/browse/JBEAP-23571
- https://issues.redhat.com/browse/JBEAP-23626
- https://issues.redhat.com/browse/JBEAP-23659
- https://issues.redhat.com/browse/JBEAP-23671
- https://issues.redhat.com/browse/JBEAP-23686
- https://issues.redhat.com/browse/JBEAP-23726
- https://issues.redhat.com/browse/JBEAP-23728
- https://issues.redhat.com/browse/JBEAP-23806
- https://issues.redhat.com/browse/JBEAP-23807
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/
- https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/
- https://access.redhat.com/errata/RHSA-2022:5892 (Advisory)
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2022:5892
- agent/software-canonical-lookup
- package-manager/redhat