Security Advisory Moderate: JBoss Enterprise Application Platform security update

Advisory: RHSA-2008:0158-4
Type: Security Advisory
Severity: Moderate
Issued on: 2008-03-24
Last updated on: 2008-03-24
Affected Products: Red Hat Application Stack v1 for Enterprise Linux AS (v.4)
Red Hat Application Stack v1 for Enterprise Linux ES (v.4)
Red Hat Application Stack v2
OVAL: N/A
CVEs (cve.mitre.org): CVE-2007-4575
CVE-2007-5461
CVE-2007-6306
CVE-2007-6433
CVE-2008-0002

Details

Updated JBoss Enterprise Application Platform packages that fix several
security issues and bugs are now available for Red Hat Application Stack v1
and v2.

This update has been rated as having moderate security impact by the Red Hat
Security Response Team.

JBEAP is a middleware platform for Java 2 Platform, Enterprise Edition
(J2EE) applications.

This release of JBEAP for Red Hat Enterprise Linux 4 contains the JBoss
Application Server and JBoss Seam. This release serves as a replacement to
JBEAP 4.2.0.GA.

The updated packages address the following security vulnerabilities:

* the JFreeChart component was vulnerable to multiple cross-site scripting
(XSS) vulnerabilities. An attacker could misuse the image map feature to
inject arbitrary web script or HTML via several attributes of the chart
area. (CVE-2007-6306)

* a vulnerability caused by exposing static java methods was located within
the HSQLDB component. This could be utilized by an attacker to execute
arbitrary static java methods. (CVE-2007-4575)

* the setOrder method in the org.jboss.seam.framework.Query class did not
properly validate user-supplied parameters. This vulnerability allowed
remote attackers to inject and execute arbitrary EJBQL commands via the
order parameter. (CVE-2007-6433)

All users are advised to upgrade to this release of JBEAP, which addresses
these vulnerabilities.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Application Stack v1 for Enterprise Linux AS (v.4)
SRPMS:
concurrent-1.3.4-7jpp.ep1.6.el4.src.rpm     04b34722d6bbc4ceaae81d754760358c
glassfish-jaf-1.1.0-0jpp.ep1.10.el4.src.rpm     a6f215133cd9f3560b174f4a332f2717
glassfish-javamail-1.4.0-0jpp.ep1.8.src.rpm     64812c9a424af06a4109e29a18cb4ea0
glassfish-jsf-1.2_04-1.p02.0jpp.ep1.18.src.rpm     a282f47fcd7e7e285ec39588224ac9b7
glassfish-jstl-1.2.0-0jpp.ep1.2.src.rpm     bb28324af22feef313162e7d0abf4eda
hibernate3-3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src.rpm     d49f89c505c8c72856ec9b933a9be1a5
hibernate3-annotations-3.2.1-1.patch02.1jpp.ep1.2.el4.src.rpm     4a511bb9b633420f8d21ad1b1881db4b
hibernate3-entitymanager-3.2.1-1jpp.ep1.6.el4.src.rpm     98693f4d1dd2ee2f44c37c35b7afed47
hsqldb-1.8.0.8-2.patch01.1jpp.ep1.1.src.rpm     dc473a0493469d3f6c05ccbd0b8996a7
jacorb-2.3.0-1jpp.ep1.4.src.rpm     c7341a22ff98a7d48392a34f9b7778a9
jboss-aop-1.5.5-1.CP01.0jpp.ep1.1.el4.src.rpm     369c3420a9e3954be92c132373d89de3
jboss-cache-1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src.rpm     e3011bfb6020fe6bbd24603b2fdd02a9
jboss-common-1.2.1-0jpp.ep1.2.src.rpm     c8b105f404565eabc19bd9e904233781
jboss-remoting-2.2.2-3.SP4.0jpp.ep1.1.src.rpm     1af2397d82121c3eb438946634289d3b
jboss-seam-1.2.1-1.ep1.3.el4.src.rpm     28debc376f479119544260cb5935f728
jbossas-4.2.0-3.GA_CP02.ep1.3.el4.src.rpm     dc4378d8cf8e5c2bdba79b91c024a73d
jbossweb-2.0.0-3.CP05.0jpp.ep1.1.src.rpm     33e8cab4b089356bdb31433283862609
jbossws-jboss42-1.2.1-0jpp.ep1.2.el4.src.rpm     842afcb21e2af954dbfaf5f7077169e7
jbossws-wsconsume-impl-2.0.0-0jpp.ep1.3.src.rpm     786de0d6d4c5063453063961c5c1c894
jbossxb-1.0.0-2.SP1.0jpp.ep1.2.el4.src.rpm     17c7751a09ff90df01d94f2ac93e2626
jcommon-1.0.12-1jpp.ep1.2.el4.src.rpm     a803cc750f51c7b8eeaf5e504d2c57f0
jfreechart-1.0.9-1jpp.ep1.2.el4.src.rpm     18138ffe5b828606aab531006c6222f8
jgroups-2.4.1-1.SP4.0jpp.ep1.2.src.rpm     8424b72226a9c76225cfb11e786227f2
rh-eap-docs-4.2.0-3.GA_CP02.ep1.1.el4.src.rpm     66764f79856f327b1dded1e352968390
wsdl4j-1.6.2-1jpp.ep1.8.src.rpm     c98396c0a230baf727996f71cecb7676
 
IA-32:
concurrent-1.3.4-7jpp.ep1.6.el4.noarch.rpm     635d11a6d386397c21a1474b943e663c
glassfish-jaf-1.1.0-0jpp.ep1.10.el4.noarch.rpm     12d9a471dbe7db35aefcb6b7d4931f2a
glassfish-javamail-1.4.0-0jpp.ep1.8.noarch.rpm     db7bb41ad5545a383d8d07c6c024498a
glassfish-jsf-1.2_04-1.p02.0jpp.ep1.18.noarch.rpm     8141405089b2a57c1e911b1ccc0229c2
glassfish-jstl-1.2.0-0jpp.ep1.2.noarch.rpm     5b982e27f3df910200a941fb9c37bbfc
hibernate3-annotations-3.2.1-1.patch02.1jpp.ep1.2.el4.noarch.rpm     fde4041a6d739b5347fa14cd4ccb11f1
hibernate3-annotations-javadoc-3.2.1-1.patch02.1jpp.ep1.2.el4.noarch     c8f4390e25192407b499b9ecd35731b6
hibernate3-entitymanager-3.2.1-1jpp.ep1.6.el4.noarch.rpm     8da4316ff579a01393ba41a881212b94
hibernate3-entitymanager-javadoc-3.2.1-1jpp.ep1.6.el4.noarch.rpm     46cfce8b0732738baeee8d949c9ba577
hibernate3-javadoc-3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch.rpm     427fd3e8c9572e2744e4a5982920470e
hsqldb-1.8.0.8-2.patch01.1jpp.ep1.1.noarch.rpm     e2614d246bfc9a33f2ba386495c25dc9
jacorb-2.3.0-1jpp.ep1.4.noarch.rpm     51d81b51fe7e3aed40da1108a18027e1
jboss-aop-1.5.5-1.CP01.0jpp.ep1.1.el4.noarch.rpm     72944b7bb519111780acf3bf19c612ff
jboss-cache-1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch.rpm     acf78f7b8edc26c8094dabd2a06cedf8
jboss-common-1.2.1-0jpp.ep1.2.noarch.rpm     86b7be11159237e90234c7f282a46eb4
jboss-remoting-2.2.2-3.SP4.0jpp.ep1.1.noarch.rpm     d129c48173437d333406da84a3ae11c1
jboss-seam-1.2.1-1.ep1.3.el4.noarch.rpm     1c853c6436981f419554a34a852906c3
jboss-seam-docs-1.2.1-1.ep1.3.el4.noarch.rpm     bb6c7fc0e25305ef117a234ab2da2605
jbossas-4.2.0-3.GA_CP02.ep1.3.el4.noarch.rpm     2ec2056ffe675a088e51e586824d4fc8
jbossweb-2.0.0-3.CP05.0jpp.ep1.1.noarch.rpm     8e96f96c70039b8381796d9a69091617
jbossws-jboss42-1.2.1-0jpp.ep1.2.el4.noarch.rpm     5470ea7a5be500656ddedaef79b47a20
jbossws-wsconsume-impl-2.0.0-0jpp.ep1.3.noarch.rpm     4104d7c2ec376d430c419f41fe927b65
jbossxb-1.0.0-2.SP1.0jpp.ep1.2.el4.noarch.rpm     e63bc3e28ebbfbda1add7da00233b75e
jcommon-1.0.12-1jpp.ep1.2.el4.noarch.rpm     35ce9727d1b167d0b578f004d8e8c27e
jfreechart-1.0.9-1jpp.ep1.2.el4.noarch.rpm     034064e56cf3b84da7edaf6af9f65043
jgroups-2.4.1-1.SP4.0jpp.ep1.2.noarch.rpm     4394510d5dae6166bcaa5f2765e62cc5
rh-eap-docs-4.2.0-3.GA_CP02.ep1.1.el4.noarch.rpm     a831356bbbd5a4cab67e7b6e329fb50c
rh-eap-docs-examples-4.2.0-3.GA_CP02.ep1.1.el4.noarch.rpm     4d4894e5e11d63099b65ff808739581b
wsdl4j-1.6.2-1jpp.ep1.8.noarch.rpm     370476987105866f2f7dfdb272ed054a
 
x86_64:
concurrent-1.3.4-7jpp.ep1.6.el4.noarch.rpm     635d11a6d386397c21a1474b943e663c
glassfish-jaf-1.1.0-0jpp.ep1.10.el4.noarch.rpm     12d9a471dbe7db35aefcb6b7d4931f2a
glassfish-javamail-1.4.0-0jpp.ep1.8.noarch.rpm     db7bb41ad5545a383d8d07c6c024498a
glassfish-jsf-1.2_04-1.p02.0jpp.ep1.18.noarch.rpm     8141405089b2a57c1e911b1ccc0229c2
glassfish-jstl-1.2.0-0jpp.ep1.2.noarch.rpm     5b982e27f3df910200a941fb9c37bbfc
hibernate3-annotations-3.2.1-1.patch02.1jpp.ep1.2.el4.noarch.rpm     fde4041a6d739b5347fa14cd4ccb11f1
hibernate3-annotations-javadoc-3.2.1-1.patch02.1jpp.ep1.2.el4.noarch     c8f4390e25192407b499b9ecd35731b6
hibernate3-entitymanager-3.2.1-1jpp.ep1.6.el4.noarch.rpm     8da4316ff579a01393ba41a881212b94
hibernate3-entitymanager-javadoc-3.2.1-1jpp.ep1.6.el4.noarch.rpm     46cfce8b0732738baeee8d949c9ba577
hibernate3-javadoc-3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch.rpm     427fd3e8c9572e2744e4a5982920470e
hsqldb-1.8.0.8-2.patch01.1jpp.ep1.1.noarch.rpm     e2614d246bfc9a33f2ba386495c25dc9
jacorb-2.3.0-1jpp.ep1.4.noarch.rpm     51d81b51fe7e3aed40da1108a18027e1
jboss-aop-1.5.5-1.CP01.0jpp.ep1.1.el4.noarch.rpm     72944b7bb519111780acf3bf19c612ff
jboss-cache-1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch.rpm     acf78f7b8edc26c8094dabd2a06cedf8
jboss-common-1.2.1-0jpp.ep1.2.noarch.rpm     86b7be11159237e90234c7f282a46eb4
jboss-remoting-2.2.2-3.SP4.0jpp.ep1.1.noarch.rpm     d129c48173437d333406da84a3ae11c1
jboss-seam-1.2.1-1.ep1.3.el4.noarch.rpm     1c853c6436981f419554a34a852906c3
jboss-seam-docs-1.2.1-1.ep1.3.el4.noarch.rpm     bb6c7fc0e25305ef117a234ab2da2605
jbossas-4.2.0-3.GA_CP02.ep1.3.el4.noarch.rpm     2ec2056ffe675a088e51e586824d4fc8
jbossweb-2.0.0-3.CP05.0jpp.ep1.1.noarch.rpm     8e96f96c70039b8381796d9a69091617
jbossws-jboss42-1.2.1-0jpp.ep1.2.el4.noarch.rpm     5470ea7a5be500656ddedaef79b47a20
jbossws-wsconsume-impl-2.0.0-0jpp.ep1.3.noarch.rpm     4104d7c2ec376d430c419f41fe927b65
jbossxb-1.0.0-2.SP1.0jpp.ep1.2.el4.noarch.rpm     e63bc3e28ebbfbda1add7da00233b75e
jcommon-1.0.12-1jpp.ep1.2.el4.noarch.rpm     35ce9727d1b167d0b578f004d8e8c27e
jfreechart-1.0.9-1jpp.ep1.2.el4.noarch.rpm     034064e56cf3b84da7edaf6af9f65043
jgroups-2.4.1-1.SP4.0jpp.ep1.2.noarch.rpm     4394510d5dae6166bcaa5f2765e62cc5
rh-eap-docs-4.2.0-3.GA_CP02.ep1.1.el4.noarch.rpm     a831356bbbd5a4cab67e7b6e329fb50c
rh-eap-docs-examples-4.2.0-3.GA_CP02.ep1.1.el4.noarch.rpm     4d4894e5e11d63099b65ff808739581b
wsdl4j-1.6.2-1jpp.ep1.8.noarch.rpm     370476987105866f2f7dfdb272ed054a
 
Red Hat Application Stack v1 for Enterprise Linux ES (v.4)
SRPMS:
concurrent-1.3.4-7jpp.ep1.6.el4.src.rpm     04b34722d6bbc4ceaae81d754760358c
glassfish-jaf-1.1.0-0jpp.ep1.10.el4.src.rpm     a6f215133cd9f3560b174f4a332f2717
glassfish-javamail-1.4.0-0jpp.ep1.8.src.rpm     64812c9a424af06a4109e29a18cb4ea0
glassfish-jsf-1.2_04-1.p02.0jpp.ep1.18.src.rpm     a282f47fcd7e7e285ec39588224ac9b7
glassfish-jstl-1.2.0-0jpp.ep1.2.src.rpm     bb28324af22feef313162e7d0abf4eda
hibernate3-3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.src.rpm     d49f89c505c8c72856ec9b933a9be1a5
hibernate3-annotations-3.2.1-1.patch02.1jpp.ep1.2.el4.src.rpm     4a511bb9b633420f8d21ad1b1881db4b
hibernate3-entitymanager-3.2.1-1jpp.ep1.6.el4.src.rpm     98693f4d1dd2ee2f44c37c35b7afed47
hsqldb-1.8.0.8-2.patch01.1jpp.ep1.1.src.rpm     dc473a0493469d3f6c05ccbd0b8996a7
jacorb-2.3.0-1jpp.ep1.4.src.rpm     c7341a22ff98a7d48392a34f9b7778a9
jboss-aop-1.5.5-1.CP01.0jpp.ep1.1.el4.src.rpm     369c3420a9e3954be92c132373d89de3
jboss-cache-1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.src.rpm     e3011bfb6020fe6bbd24603b2fdd02a9
jboss-common-1.2.1-0jpp.ep1.2.src.rpm     c8b105f404565eabc19bd9e904233781
jboss-remoting-2.2.2-3.SP4.0jpp.ep1.1.src.rpm     1af2397d82121c3eb438946634289d3b
jboss-seam-1.2.1-1.ep1.3.el4.src.rpm     28debc376f479119544260cb5935f728
jbossas-4.2.0-3.GA_CP02.ep1.3.el4.src.rpm     dc4378d8cf8e5c2bdba79b91c024a73d
jbossweb-2.0.0-3.CP05.0jpp.ep1.1.src.rpm     33e8cab4b089356bdb31433283862609
jbossws-jboss42-1.2.1-0jpp.ep1.2.el4.src.rpm     842afcb21e2af954dbfaf5f7077169e7
jbossws-wsconsume-impl-2.0.0-0jpp.ep1.3.src.rpm     786de0d6d4c5063453063961c5c1c894
jbossxb-1.0.0-2.SP1.0jpp.ep1.2.el4.src.rpm     17c7751a09ff90df01d94f2ac93e2626
jcommon-1.0.12-1jpp.ep1.2.el4.src.rpm     a803cc750f51c7b8eeaf5e504d2c57f0
jfreechart-1.0.9-1jpp.ep1.2.el4.src.rpm     18138ffe5b828606aab531006c6222f8
jgroups-2.4.1-1.SP4.0jpp.ep1.2.src.rpm     8424b72226a9c76225cfb11e786227f2
rh-eap-docs-4.2.0-3.GA_CP02.ep1.1.el4.src.rpm     66764f79856f327b1dded1e352968390
wsdl4j-1.6.2-1jpp.ep1.8.src.rpm     c98396c0a230baf727996f71cecb7676
 
IA-32:
concurrent-1.3.4-7jpp.ep1.6.el4.noarch.rpm     635d11a6d386397c21a1474b943e663c
glassfish-jaf-1.1.0-0jpp.ep1.10.el4.noarch.rpm     12d9a471dbe7db35aefcb6b7d4931f2a
glassfish-javamail-1.4.0-0jpp.ep1.8.noarch.rpm     db7bb41ad5545a383d8d07c6c024498a
glassfish-jsf-1.2_04-1.p02.0jpp.ep1.18.noarch.rpm     8141405089b2a57c1e911b1ccc0229c2
glassfish-jstl-1.2.0-0jpp.ep1.2.noarch.rpm     5b982e27f3df910200a941fb9c37bbfc
hibernate3-annotations-3.2.1-1.patch02.1jpp.ep1.2.el4.noarch.rpm     fde4041a6d739b5347fa14cd4ccb11f1
hibernate3-annotations-javadoc-3.2.1-1.patch02.1jpp.ep1.2.el4.noarch     c8f4390e25192407b499b9ecd35731b6
hibernate3-entitymanager-3.2.1-1jpp.ep1.6.el4.noarch.rpm     8da4316ff579a01393ba41a881212b94
hibernate3-entitymanager-javadoc-3.2.1-1jpp.ep1.6.el4.noarch.rpm     46cfce8b0732738baeee8d949c9ba577
hibernate3-javadoc-3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch.rpm     427fd3e8c9572e2744e4a5982920470e
hsqldb-1.8.0.8-2.patch01.1jpp.ep1.1.noarch.rpm     e2614d246bfc9a33f2ba386495c25dc9
jacorb-2.3.0-1jpp.ep1.4.noarch.rpm     51d81b51fe7e3aed40da1108a18027e1
jboss-aop-1.5.5-1.CP01.0jpp.ep1.1.el4.noarch.rpm     72944b7bb519111780acf3bf19c612ff
jboss-cache-1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch.rpm     acf78f7b8edc26c8094dabd2a06cedf8
jboss-common-1.2.1-0jpp.ep1.2.noarch.rpm     86b7be11159237e90234c7f282a46eb4
jboss-remoting-2.2.2-3.SP4.0jpp.ep1.1.noarch.rpm     d129c48173437d333406da84a3ae11c1
jboss-seam-1.2.1-1.ep1.3.el4.noarch.rpm     1c853c6436981f419554a34a852906c3
jboss-seam-docs-1.2.1-1.ep1.3.el4.noarch.rpm     bb6c7fc0e25305ef117a234ab2da2605
jbossas-4.2.0-3.GA_CP02.ep1.3.el4.noarch.rpm     2ec2056ffe675a088e51e586824d4fc8
jbossweb-2.0.0-3.CP05.0jpp.ep1.1.noarch.rpm     8e96f96c70039b8381796d9a69091617
jbossws-jboss42-1.2.1-0jpp.ep1.2.el4.noarch.rpm     5470ea7a5be500656ddedaef79b47a20
jbossws-wsconsume-impl-2.0.0-0jpp.ep1.3.noarch.rpm     4104d7c2ec376d430c419f41fe927b65
jbossxb-1.0.0-2.SP1.0jpp.ep1.2.el4.noarch.rpm     e63bc3e28ebbfbda1add7da00233b75e
jcommon-1.0.12-1jpp.ep1.2.el4.noarch.rpm     35ce9727d1b167d0b578f004d8e8c27e
jfreechart-1.0.9-1jpp.ep1.2.el4.noarch.rpm     034064e56cf3b84da7edaf6af9f65043
jgroups-2.4.1-1.SP4.0jpp.ep1.2.noarch.rpm     4394510d5dae6166bcaa5f2765e62cc5
rh-eap-docs-4.2.0-3.GA_CP02.ep1.1.el4.noarch.rpm     a831356bbbd5a4cab67e7b6e329fb50c
rh-eap-docs-examples-4.2.0-3.GA_CP02.ep1.1.el4.noarch.rpm     4d4894e5e11d63099b65ff808739581b
wsdl4j-1.6.2-1jpp.ep1.8.noarch.rpm     370476987105866f2f7dfdb272ed054a
 
x86_64:
concurrent-1.3.4-7jpp.ep1.6.el4.noarch.rpm     635d11a6d386397c21a1474b943e663c
glassfish-jaf-1.1.0-0jpp.ep1.10.el4.noarch.rpm     12d9a471dbe7db35aefcb6b7d4931f2a
glassfish-javamail-1.4.0-0jpp.ep1.8.noarch.rpm     db7bb41ad5545a383d8d07c6c024498a
glassfish-jsf-1.2_04-1.p02.0jpp.ep1.18.noarch.rpm     8141405089b2a57c1e911b1ccc0229c2
glassfish-jstl-1.2.0-0jpp.ep1.2.noarch.rpm     5b982e27f3df910200a941fb9c37bbfc
hibernate3-annotations-3.2.1-1.patch02.1jpp.ep1.2.el4.noarch.rpm     fde4041a6d739b5347fa14cd4ccb11f1
hibernate3-annotations-javadoc-3.2.1-1.patch02.1jpp.ep1.2.el4.noarch     c8f4390e25192407b499b9ecd35731b6
hibernate3-entitymanager-3.2.1-1jpp.ep1.6.el4.noarch.rpm     8da4316ff579a01393ba41a881212b94
hibernate3-entitymanager-javadoc-3.2.1-1jpp.ep1.6.el4.noarch.rpm     46cfce8b0732738baeee8d949c9ba577
hibernate3-javadoc-3.2.4-1.SP1_CP02.0jpp.ep1.1.el4.noarch.rpm     427fd3e8c9572e2744e4a5982920470e
hsqldb-1.8.0.8-2.patch01.1jpp.ep1.1.noarch.rpm     e2614d246bfc9a33f2ba386495c25dc9
jacorb-2.3.0-1jpp.ep1.4.noarch.rpm     51d81b51fe7e3aed40da1108a18027e1
jboss-aop-1.5.5-1.CP01.0jpp.ep1.1.el4.noarch.rpm     72944b7bb519111780acf3bf19c612ff
jboss-cache-1.4.1-4.SP8_CP01.1jpp.ep1.1.el4.noarch.rpm     acf78f7b8edc26c8094dabd2a06cedf8
jboss-common-1.2.1-0jpp.ep1.2.noarch.rpm     86b7be11159237e90234c7f282a46eb4
jboss-remoting-2.2.2-3.SP4.0jpp.ep1.1.noarch.rpm     d129c48173437d333406da84a3ae11c1
jboss-seam-1.2.1-1.ep1.3.el4.noarch.rpm     1c853c6436981f419554a34a852906c3
jboss-seam-docs-1.2.1-1.ep1.3.el4.noarch.rpm     bb6c7fc0e25305ef117a234ab2da2605
jbossas-4.2.0-3.GA_CP02.ep1.3.el4.noarch.rpm     2ec2056ffe675a088e51e586824d4fc8
jbossweb-2.0.0-3.CP05.0jpp.ep1.1.noarch.rpm     8e96f96c70039b8381796d9a69091617
jbossws-jboss42-1.2.1-0jpp.ep1.2.el4.noarch.rpm     5470ea7a5be500656ddedaef79b47a20
jbossws-wsconsume-impl-2.0.0-0jpp.ep1.3.noarch.rpm     4104d7c2ec376d430c419f41fe927b65
jbossxb-1.0.0-2.SP1.0jpp.ep1.2.el4.noarch.rpm     e63bc3e28ebbfbda1add7da00233b75e
jcommon-1.0.12-1jpp.ep1.2.el4.noarch.rpm     35ce9727d1b167d0b578f004d8e8c27e
jfreechart-1.0.9-1jpp.ep1.2.el4.noarch.rpm     034064e56cf3b84da7edaf6af9f65043
jgroups-2.4.1-1.SP4.0jpp.ep1.2.noarch.rpm     4394510d5dae6166bcaa5f2765e62cc5
rh-eap-docs-4.2.0-3.GA_CP02.ep1.1.el4.noarch.rpm     a831356bbbd5a4cab67e7b6e329fb50c
rh-eap-docs-examples-4.2.0-3.GA_CP02.ep1.1.el4.noarch.rpm     4d4894e5e11d63099b65ff808739581b
wsdl4j-1.6.2-1jpp.ep1.8.noarch.rpm     370476987105866f2f7dfdb272ed054a
 
Red Hat Application Stack v2
SRPMS:
concurrent-1.3.4-8jpp.ep1.6.el5.1.src.rpm     4b1a28a0f5cbad38c9089aa8efabc2e4
glassfish-jsf-1.2_04-1.p02.0jpp.ep1.18.el5.src.rpm     29be13061faab565c30a6ae580137fbe
glassfish-jstl-1.2.0-0jpp.ep1.2.el5.src.rpm     c176e74aac65157c397433e4ea4f8803
hibernate3-3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.src.rpm     6a3fff49543c6d6b1837795db2207d9a
hibernate3-annotations-3.2.1-1.patch02.1jpp.ep1.2.el5.1.src.rpm     1a1079a34680d7cc5830d87654d825a3
hibernate3-entitymanager-3.2.1-1jpp.ep1.6.el5.src.rpm     7071851a0848a4a09b42b1b343e80f14
jacorb-2.3.0-1jpp.ep1.5.el5.src.rpm     318258ca57800b20d0ea4841c5ec5be1
jboss-aop-1.5.5-1.CP01.0jpp.ep1.1.el5.src.rpm     a86660adad7d6f14bc02b73e85090660
jboss-cache-1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.src.rpm     0090ea6fe69b55d8611dd112430f4d8a
jboss-common-1.2.1-0jpp.ep1.2.el5.1.src.rpm     d19f0303ba94a0eed607d7ae80a837f1
jboss-remoting-2.2.2-3.SP4.0jpp.ep1.1.el5.src.rpm     3dd7bbb6f75b13b35a8ef2d391d006e3
jboss-seam-1.2.1-1.ep1.3.el5.src.rpm     d3a33e81b7f2d012e46a53e9f90c3805
jbossas-4.2.0-4.GA_CP02.ep1.3.el5.3.src.rpm     89145b7a2c5188a07f781e4c84a17c85
jbossweb-2.0.0-3.CP05.0jpp.ep1.1.el5.src.rpm     942df465e27101d4b1dd502c60204ae6
jbossws-jboss42-1.2.1-0jpp.ep1.2.el5.1.src.rpm     4b80c5742e51095802c4c062d671fa32
jbossws-wsconsume-impl-2.0.0-0jpp.ep1.3.el5.src.rpm     7b49775418f1b3a6f7fd3d95a0f7c4bd
jbossxb-1.0.0-2.SP1.0jpp.ep1.2.el5.1.src.rpm     32dae1e08f4e6ea44c1b3bcea5de09a9
jcommon-1.0.12-1jpp.ep1.2.el5.src.rpm     0063cb1951b0dff37a8d28c9bd016952
jfreechart-1.0.9-1jpp.ep1.2.el5.1.src.rpm     014b9d23f7457fac4c6eff777bcf6d72
jgroups-2.4.1-1.SP4.0jpp.ep1.2.el5.src.rpm     bcfb43f8195c71519c0d5b9595e8deb5
juddi-0.9-0.rc4.2jpp.ep1.3.el5.1.src.rpm     25ae367ec8a734a7d81cfb9ccd3abfa7
rh-eap-docs-4.2.0-3.GA_CP02.ep1.1.el5.1.src.rpm     205470a3bbdfb2628dcd7af975853662
 
IA-32:
concurrent-1.3.4-8jpp.ep1.6.el5.1.noarch.rpm     fe545180815317bf224f14110ef6c7e6
glassfish-jsf-1.2_04-1.p02.0jpp.ep1.18.el5.noarch.rpm     26dc4286f9d1d81c5fdede1ecaaf127e
glassfish-jstl-1.2.0-0jpp.ep1.2.el5.noarch.rpm     ec7339934b490831798853ea53f00673
hibernate3-annotations-3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch.rpm     064da895c91bce16f1adc55d5b0f0d87
hibernate3-annotations-javadoc-3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch.     a031eff191fd33e4f3ea0475724bc5f8
hibernate3-entitymanager-3.2.1-1jpp.ep1.6.el5.noarch.rpm     c3abd71d3a9cfdff3a9e9a2c43c2d574
hibernate3-entitymanager-javadoc-3.2.1-1jpp.ep1.6.el5.noarch.rpm     7362c1e1826f5543b96dc282e5f78393
hibernate3-javadoc-3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch.rpm     ef44030f39d5098c207e4e66a1c4e26e
jacorb-2.3.0-1jpp.ep1.5.el5.noarch.rpm     91ad498ae1112b09eec7e4e14297b82c
jboss-aop-1.5.5-1.CP01.0jpp.ep1.1.el5.noarch.rpm     cc5490755f79618e7dd9439d89773efb
jboss-cache-1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.noarch.rpm     733d0bb8876bb7d1e74130cb2a31018b
jboss-common-1.2.1-0jpp.ep1.2.el5.1.noarch.rpm     f4742b71f05f6fed88ebba4c78fa4cd7
jboss-remoting-2.2.2-3.SP4.0jpp.ep1.1.el5.noarch.rpm     e7e598b4c047f820ced94cf390d9969e
jboss-seam-1.2.1-1.ep1.3.el5.noarch.rpm     35f97d6339cad257e6aaec630227fd68
jboss-seam-docs-1.2.1-1.ep1.3.el5.noarch.rpm     23cf1bb992d42c2113c4b41b8b940a0c
jbossas-4.2.0-4.GA_CP02.ep1.3.el5.3.noarch.rpm     2891e79ab68638edb0b138a803fdc1ab
jbossweb-2.0.0-3.CP05.0jpp.ep1.1.el5.noarch.rpm     dfe8dd4e6a915b1fd10141dbb6a902b2
jbossws-jboss42-1.2.1-0jpp.ep1.2.el5.1.noarch.rpm     bafda4dd3156096ca92961375dfc52c6
jbossws-wsconsume-impl-2.0.0-0jpp.ep1.3.el5.noarch.rpm     97086942c8b8021c4b64f1065cc94b8e
jbossxb-1.0.0-2.SP1.0jpp.ep1.2.el5.1.noarch.rpm     f1919486974d8af039dc376c40e4d28c
jcommon-1.0.12-1jpp.ep1.2.el5.noarch.rpm     01af24aff675561c6b84241dfbacb7f1
jfreechart-1.0.9-1jpp.ep1.2.el5.1.noarch.rpm     414d766194902be8ee4de5fb3d051de6
jgroups-2.4.1-1.SP4.0jpp.ep1.2.el5.noarch.rpm     08457129dca8fe5b0128e01f2a2a198f
juddi-0.9-0.rc4.2jpp.ep1.3.el5.1.noarch.rpm     f3a7533e2ae929a8056afe91623548cf
rh-eap-docs-4.2.0-3.GA_CP02.ep1.1.el5.1.noarch.rpm     0a89ddd0606154be0467b7cc321da9c4
rh-eap-docs-examples-4.2.0-3.GA_CP02.ep1.1.el5.1.noarch.rpm     241213cd81ad4d38d2add5f3d7a572ec
 
x86_64:
concurrent-1.3.4-8jpp.ep1.6.el5.1.noarch.rpm     fe545180815317bf224f14110ef6c7e6
glassfish-jsf-1.2_04-1.p02.0jpp.ep1.18.el5.noarch.rpm     26dc4286f9d1d81c5fdede1ecaaf127e
glassfish-jstl-1.2.0-0jpp.ep1.2.el5.noarch.rpm     ec7339934b490831798853ea53f00673
hibernate3-annotations-3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch.rpm     064da895c91bce16f1adc55d5b0f0d87
hibernate3-annotations-javadoc-3.2.1-1.patch02.1jpp.ep1.2.el5.1.noarch.     a031eff191fd33e4f3ea0475724bc5f8
hibernate3-entitymanager-3.2.1-1jpp.ep1.6.el5.noarch.rpm     c3abd71d3a9cfdff3a9e9a2c43c2d574
hibernate3-entitymanager-javadoc-3.2.1-1jpp.ep1.6.el5.noarch.rpm     7362c1e1826f5543b96dc282e5f78393
hibernate3-javadoc-3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1.noarch.rpm     ef44030f39d5098c207e4e66a1c4e26e
jacorb-2.3.0-1jpp.ep1.5.el5.noarch.rpm     91ad498ae1112b09eec7e4e14297b82c
jboss-aop-1.5.5-1.CP01.0jpp.ep1.1.el5.noarch.rpm     cc5490755f79618e7dd9439d89773efb
jboss-cache-1.4.1-4.SP8_CP01.1jpp.ep1.1.el5.noarch.rpm     733d0bb8876bb7d1e74130cb2a31018b
jboss-common-1.2.1-0jpp.ep1.2.el5.1.noarch.rpm     f4742b71f05f6fed88ebba4c78fa4cd7
jboss-remoting-2.2.2-3.SP4.0jpp.ep1.1.el5.noarch.rpm     e7e598b4c047f820ced94cf390d9969e
jboss-seam-1.2.1-1.ep1.3.el5.noarch.rpm     35f97d6339cad257e6aaec630227fd68
jboss-seam-docs-1.2.1-1.ep1.3.el5.noarch.rpm     23cf1bb992d42c2113c4b41b8b940a0c
jbossas-4.2.0-4.GA_CP02.ep1.3.el5.3.noarch.rpm     2891e79ab68638edb0b138a803fdc1ab
jbossweb-2.0.0-3.CP05.0jpp.ep1.1.el5.noarch.rpm     dfe8dd4e6a915b1fd10141dbb6a902b2
jbossws-jboss42-1.2.1-0jpp.ep1.2.el5.1.noarch.rpm     bafda4dd3156096ca92961375dfc52c6
jbossws-wsconsume-impl-2.0.0-0jpp.ep1.3.el5.noarch.rpm     97086942c8b8021c4b64f1065cc94b8e
jbossxb-1.0.0-2.SP1.0jpp.ep1.2.el5.1.noarch.rpm     f1919486974d8af039dc376c40e4d28c
jcommon-1.0.12-1jpp.ep1.2.el5.noarch.rpm     01af24aff675561c6b84241dfbacb7f1
jfreechart-1.0.9-1jpp.ep1.2.el5.1.noarch.rpm     414d766194902be8ee4de5fb3d051de6
jgroups-2.4.1-1.SP4.0jpp.ep1.2.el5.noarch.rpm     08457129dca8fe5b0128e01f2a2a198f
juddi-0.9-0.rc4.2jpp.ep1.3.el5.1.noarch.rpm     f3a7533e2ae929a8056afe91623548cf
rh-eap-docs-4.2.0-3.GA_CP02.ep1.1.el5.1.noarch.rpm     0a89ddd0606154be0467b7cc321da9c4
rh-eap-docs-examples-4.2.0-3.GA_CP02.ep1.1.el5.1.noarch.rpm     241213cd81ad4d38d2add5f3d7a572ec
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

299801 - CVE-2007-4575 OpenOffice.org-base allows Denial-of-Service and command injection
421081 - CVE-2007-6306 JFreeChart: XSS vulnerabilities in the image map feature
426206 - CVE-2007-6433 EJBQL injection via 'order' parameter


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4575
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6306
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0002
http://www.redhat.com/docs/manuals/jboss/jboss-eap-4.2.0.cp02/readme.html
https://rhstack.108.redhat.com/docs/Red_Hat_Application_Stack_V.1.2_Release_Notes.html
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/