[Security Advisory] RHSA-2018:2740 Important: Red Hat JBoss Enterprise Application Platform 6.4.21 security update

The following Red Hat Security Advisory has been published which may affect subscriptions which you have purchased.

 RHSA-2018:2740 Important: Red Hat JBoss Enterprise Application Platform 6.4.21 security update

 Summary:


 An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

 Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.

 This release of Red Hat JBoss Enterprise Application Platform 6.4.21 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.20, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

 Security Fix(es):


 * hibernate-validator: Privilege escalation when running under the security manager (CVE-2017-7536)

 * guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service (CVE-2018-10237)

 * picketlink: The fix for CVE-2017-2582 breaks the feature of attribute replacement with system property in picketlink.xml (CVE-2017-2582)

 * jbossweb: tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336)

 For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

 The CVE-2017-2582 issue was discovered by Hynek Mlnarik (Red Hat) and the CVE-2017-7536 issue was discovered by Gunnar Morling (Red Hat).

 Full details and references:


[login]隐藏的内容[reply]隐藏的内容 https://access.redhat.com/errata/RHSA-2018:2740?sc_cid=701600000006NHXAA2[/reply][/login]

 CVE Names:

 CVE-2017-2582 CVE-2017-7536 CVE-2018-1336 CVE-2018-10237

 Revision History:

 Issue Date: 2018-09-24

Updated: 2018-09-24

「点点赞赏,手留余香」

    还没有人赞赏,快来当第一个赞赏的人吧!
免责声明: IT学馆所发布的一切资源及文章仅限用于学习和研究目的;不得将上述内容用于商业或者非法用途,否则,一切后果请用户自负。本站信息来自网络,版权争议与本站无关。您必须在下载后的24个小时之内,从您的电脑中彻底删除上述内容。如果您喜欢该程序,请支持正版软件,购买注册,得到更好的正版服务。如有侵权请邮件与我们联系处理。admin@itxueguan.com
0 条回复 A 作者 M 管理员
    所有的伟大,都源于一个勇敢的开始!
欢迎您,新朋友,感谢参与互动!欢迎您 {{author}},您在本站有{{commentsCount}}条评论