[RHSA-2018:3528-01] Moderate: Red Hat JBoss Enterprise Application Platform 7.1.5 on RHEL 7 security update
Security announcements for all Red Hat products and services.
rhsa-announce at redhat.com
Thu Nov 8 15:55:15 UTC 2018
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat JBoss Enterprise Application Platform 7.1.5 on RHEL 7 security update
Advisory ID: RHSA-2018:3528-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2018:3528
Issue date: 2018-11-08
CVE Names: CVE-2018-14627
=====================================================================
1. Summary:
An update is now available for Red Hat JBoss Enterprise Application
Platform 7.1 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server - noarch, x86_64
3. Description:
Red Hat JBoss Enterprise Application Platform is a platform for Java
applications based on the JBoss Application Server.
This release of Red Hat JBoss Enterprise Application Platform 7.1.5 serves
as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.4,
and includes bug fixes and enhancements, which are documented in the
Release Notes document linked to in the References.
Security Fix(es):
* wildfly-iiop-openjdk: iiop does not honour strict transport
confidentiality (CVE-2018-14627)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1624664 - CVE-2018-14627 JBoss/WildFly: iiop does not honour strict transport confidentiality
6. JIRA issues fixed (https://issues.jboss.org/):
JBEAP-14939 - (7.1.z) Upgrade Elytron from 1.1.10.Final to 1.1.11.Final
JBEAP-14950 - (7.1.z) Upgrade wildfly-client-config from 1.0.0 to 1.0.1
JBEAP-14958 - [GSS](7.1.z) Upgrade Undertow from 1.4.18.SP8 to 1.4.18.SP9
JBEAP-14987 - [GSS](7.1.z) Upgrade ActiveMQ Artemis from 1.5.5.jbossorg-013 to 1.5.5.jbossorg-014
JBEAP-14997 - [GSS](7.1.z) Upgrade Hibernate ORM from 5.1.15 to 5.1.16
JBEAP-15013 - [GSS](7.1.z) Upgrade to ironjacamar from 1.4.10 Final to 1.4.11 Final
JBEAP-15015 - Tracker bug for the EAP 7.1.5 release for RHEL-7
JBEAP-15025 - (7.1.z) Upgrade WildFly Core to 3.0.19.Final-redhat-1
JBEAP-15043 - (7.1.z) Upgrade PicketLink from 2.5.5.SP12 to 2.5.5.SP12-redhat-2
JBEAP-15065 - [GSS](7.1.z) Upgrade Migration Tool from 1.0.6.Final-redhat-3 to 1.0.7.Final-redhat-1
JBEAP-15072 - [GSS](7.1.z) Upgrade jboss-vfs to 3.2.13.Final
JBEAP-15129 - [GSS](7.1.z) Upgrade JBoss Modules from 1.6.4.Final-redhat-1 to 1.6.5.Final-redhat-1
JBEAP-15131 - [GSS](7.1.z) Upgrade Mojarra from 2.2.13.SP5 to 2.2.13.SP6
JBEAP-15170 - [GSS](7.1.z) Upgrade JBossWS Common from 3.1.5.Final to 3.1.6.Final
JBEAP-15216 - (7.1.z) Upgrade Elytron-Tool from 1.0.7 to 1.0.8.Final
JBEAP-15217 - (7.1.z) Upgrade Elytron Web from 1.0.1.Final to 1.0.2.Final
JBEAP-15244 - [GSS](7.1.z) Upgrade PicketBox from 5.0.3.Final-redhat-1 to 5.0.3.Final-redhat-3
JBEAP-15251 - [GSS](7.1.z) Upgrade jastow from 2.0.3 to 2.0.6
JBEAP-15270 - [GSS](7.1.z) Upgrade JBoss Marshalling from 2.0.5 to 2.0.6
JBEAP-15280 - (7.1.z) Upgrade XNIO from 3.5.5.Final-redhat-1 to 3.5.6
JBEAP-15300 - [GSS](7.1.z) Upgrade to JBoss WS CXF to 5.1.11.Final
JBEAP-15313 - [GSS](7.1.z) Upgrade log4j-jboss-logmanager from 1.1.4.Final to 1.1.6.Final
JBEAP-15314 - (7.1.z) Upgrade PicketLink bindings from 2.5.5.SP12 to 2.5.5.SP12-redhat-2
JBEAP-15454 - [PROD](7.1.z) Upgrade to wildfly-openssl from 1.0.6.Final-redhat-1 to 1.0.6.Final-redhat-2
7. Package List:
Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server:
Source:
eap7-activemq-artemis-1.5.5.014-1.redhat_00001.1.ep7.el7.src.rpm
eap7-elytron-web-1.0.2-1.Final_redhat_00001.1.ep7.el7.src.rpm
eap7-glassfish-jsf-2.2.13-7.SP6_redhat_00001.1.ep7.el7.src.rpm
eap7-hibernate-5.1.16-1.Final_redhat_00001.1.ep7.el7.src.rpm
eap7-ironjacamar-1.4.11-1.Final_redhat_00001.1.ep7.el7.src.rpm
eap7-jboss-marshalling-2.0.6-1.Final_redhat_00001.1.ep7.el7.src.rpm
eap7-jboss-modules-1.6.5-1.Final_redhat_00001.1.ep7.el7.src.rpm
eap7-jboss-server-migration-1.0.7-1.Final_redhat_00001.1.ep7.el7.src.rpm
eap7-jboss-vfs-3.2.13-1.Final_redhat_1.1.ep7.el7.src.rpm
eap7-jboss-xnio-base-3.5.6-1.Final_redhat_00001.1.ep7.el7.src.rpm
eap7-jbossws-common-3.1.6-1.Final_redhat_00001.1.ep7.el7.src.rpm
eap7-jbossws-cxf-5.1.11-1.Final_redhat_00001.1.ep7.el7.src.rpm
eap7-log4j-jboss-logmanager-1.1.6-1.Final_redhat_00001.1.ep7.el7.src.rpm
eap7-picketbox-5.0.3-2.Final_redhat_3.1.ep7.el7.src.rpm
eap7-picketlink-bindings-2.5.5-14.SP12_redhat_2.1.ep7.el7.src.rpm
eap7-picketlink-federation-2.5.5-14.SP12_redhat_2.1.ep7.el7.src.rpm
eap7-undertow-1.4.18-8.SP9_redhat_00001.1.ep7.el7.src.rpm
eap7-undertow-jastow-2.0.6-1.Final_redhat_00001.1.ep7.el7.src.rpm
eap7-wildfly-7.1.5-4.GA_redhat_00002.1.ep7.el7.src.rpm
eap7-wildfly-client-config-1.0.1-1.Final_redhat_00001.1.ep7.el7.src.rpm
eap7-wildfly-elytron-1.1.11-1.Final_redhat_00001.1.ep7.el7.src.rpm
eap7-wildfly-elytron-tool-1.0.8-1.Final_redhat_00001.1.ep7.el7.src.rpm
eap7-wildfly-javadocs-7.1.5-2.GA_redhat_00002.1.ep7.el7.src.rpm
eap7-wildfly-openssl-1.0.6-2.Final_redhat_2.1.ep7.el7.src.rpm
eap7-wildfly-openssl-linux-1.0.6-15.Final_redhat_2.1.ep7.el7.src.rpm
noarch:
eap7-activemq-artemis-1.5.5.014-1.redhat_00001.1.ep7.el7.noarch.rpm
eap7-activemq-artemis-cli-1.5.5.014-1.redhat_00001.1.ep7.el7.noarch.rpm
eap7-activemq-artemis-commons-1.5.5.014-1.redhat_00001.1.ep7.el7.noarch.rpm
eap7-activemq-artemis-core-client-1.5.5.014-1.redhat_00001.1.ep7.el7.noarch.rpm
eap7-activemq-artemis-dto-1.5.5.014-1.redhat_00001.1.ep7.el7.noarch.rpm
eap7-activemq-artemis-hornetq-protocol-1.5.5.014-1.redhat_00001.1.ep7.el7.noarch.rpm
eap7-activemq-artemis-hqclient-protocol-1.5.5.014-1.redhat_00001.1.ep7.el7.noarch.rpm
eap7-activemq-artemis-jdbc-store-1.5.5.014-1.redhat_00001.1.ep7.el7.noarch.rpm
eap7-activemq-artemis-jms-client-1.5.5.014-1.redhat_00001.1.ep7.el7.noarch.rpm
eap7-activemq-artemis-jms-server-1.5.5.014-1.redhat_00001.1.ep7.el7.noarch.rpm
eap7-activemq-artemis-journal-1.5.5.014-1.redhat_00001.1.ep7.el7.noarch.rpm
eap7-activemq-artemis-native-1.5.5.014-1.redhat_00001.1.ep7.el7.noarch.rpm
eap7-activemq-artemis-ra-1.5.5.014-1.redhat_00001.1.ep7.el7.noarch.rpm
eap7-activemq-artemis-selector-1.5.5.014-1.redhat_00001.1.ep7.el7.noarch.rpm
eap7-activemq-artemis-server-1.5.5.014-1.redhat_00001.1.ep7.el7.noarch.rpm
eap7-activemq-artemis-service-extensions-1.5.5.014-1.redhat_00001.1.ep7.el7.noarch.rpm
eap7-glassfish-jsf-2.2.13-7.SP6_redhat_00001.1.ep7.el7.noarch.rpm
eap7-hibernate-5.1.16-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-hibernate-core-5.1.16-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-hibernate-entitymanager-5.1.16-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-hibernate-envers-5.1.16-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-hibernate-infinispan-5.1.16-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-hibernate-java8-5.1.16-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-ironjacamar-1.4.11-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-ironjacamar-common-api-1.4.11-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-ironjacamar-common-impl-1.4.11-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-ironjacamar-common-spi-1.4.11-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-ironjacamar-core-api-1.4.11-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-ironjacamar-core-impl-1.4.11-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-ironjacamar-deployers-common-1.4.11-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-ironjacamar-jdbc-1.4.11-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-ironjacamar-validator-1.4.11-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-jboss-marshalling-2.0.6-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-jboss-marshalling-river-2.0.6-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-jboss-modules-1.6.5-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-jboss-server-migration-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-jboss-server-migration-cli-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-jboss-server-migration-core-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-jboss-server-migration-eap6.4-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-jboss-server-migration-eap6.4-to-eap7.0-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-jboss-server-migration-eap6.4-to-eap7.1-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-jboss-server-migration-eap7.0-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-jboss-server-migration-eap7.0-to-eap7.1-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-jboss-server-migration-eap7.1-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-jboss-server-migration-wildfly10.0-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-jboss-server-migration-wildfly10.0-to-eap7.1-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-jboss-server-migration-wildfly10.1-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-jboss-server-migration-wildfly10.1-to-eap7.1-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-jboss-server-migration-wildfly8.2-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-jboss-server-migration-wildfly8.2-to-eap7.0-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-jboss-server-migration-wildfly8.2-to-eap7.1-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-jboss-server-migration-wildfly9.0-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-jboss-server-migration-wildfly9.0-to-eap7.0-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-jboss-server-migration-wildfly9.0-to-eap7.1-1.0.7-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-jboss-vfs-3.2.13-1.Final_redhat_1.1.ep7.el7.noarch.rpm
eap7-jboss-xnio-base-3.5.6-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-jbossws-common-3.1.6-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-jbossws-cxf-5.1.11-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-log4j-jboss-logmanager-1.1.6-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-picketbox-5.0.3-2.Final_redhat_3.1.ep7.el7.noarch.rpm
eap7-picketbox-infinispan-5.0.3-2.Final_redhat_3.1.ep7.el7.noarch.rpm
eap7-picketlink-api-2.5.5-14.SP12_redhat_2.1.ep7.el7.noarch.rpm
eap7-picketlink-bindings-2.5.5-14.SP12_redhat_2.1.ep7.el7.noarch.rpm
eap7-picketlink-common-2.5.5-14.SP12_redhat_2.1.ep7.el7.noarch.rpm
eap7-picketlink-config-2.5.5-14.SP12_redhat_2.1.ep7.el7.noarch.rpm
eap7-picketlink-federation-2.5.5-14.SP12_redhat_2.1.ep7.el7.noarch.rpm
eap7-picketlink-idm-api-2.5.5-14.SP12_redhat_2.1.ep7.el7.noarch.rpm
eap7-picketlink-idm-impl-2.5.5-14.SP12_redhat_2.1.ep7.el7.noarch.rpm
eap7-picketlink-idm-simple-schema-2.5.5-14.SP12_redhat_2.1.ep7.el7.noarch.rpm
eap7-picketlink-impl-2.5.5-14.SP12_redhat_2.1.ep7.el7.noarch.rpm
eap7-picketlink-wildfly8-2.5.5-14.SP12_redhat_2.1.ep7.el7.noarch.rpm
eap7-undertow-1.4.18-8.SP9_redhat_00001.1.ep7.el7.noarch.rpm
eap7-undertow-jastow-2.0.6-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-undertow-server-1.0.2-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-wildfly-7.1.5-4.GA_redhat_00002.1.ep7.el7.noarch.rpm
eap7-wildfly-client-config-1.0.1-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-wildfly-elytron-1.1.11-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-wildfly-elytron-tool-1.0.8-1.Final_redhat_00001.1.ep7.el7.noarch.rpm
eap7-wildfly-javadocs-7.1.5-2.GA_redhat_00002.1.ep7.el7.noarch.rpm
eap7-wildfly-modules-7.1.5-4.GA_redhat_00002.1.ep7.el7.noarch.rpm
eap7-wildfly-openssl-1.0.6-2.Final_redhat_2.1.ep7.el7.noarch.rpm
eap7-wildfly-openssl-java-1.0.6-2.Final_redhat_2.1.ep7.el7.noarch.rpm
x86_64:
eap7-wildfly-openssl-linux-1.0.6-15.Final_redhat_2.1.ep7.el7.x86_64.rpm
eap7-wildfly-openssl-linux-debuginfo-1.0.6-15.Final_redhat_2.1.ep7.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
8. References:
https://access.redhat.com/security/cve/CVE-2018-14627
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=7.1
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/
9. Contact:
The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBW+RcXtzjgjWX9erEAQiC6g/+McB28J2dHAk9mG6j5TDoBmlVtu6sUEDi
MluWkKQXvRfdd8Kh5d+9c49WzOGmXFJxRLtIzP0v6G9Q9A8af0+Tu6yFGD621Wal
uJV2qZ96FLYMmZ+tvQ0pmPfqMZ4q+Z5lOvyN8rQiIYSlf/DSnoDfkc6zhelbcoxU
TdNRShsjtfbRtSSV80m9iriQX/JY7/30R6MAvhPppW3gkHIrgm/iQSZO1r3RMNlN
jDtZRmtoluVCmCTpogts4eXTjgczettiPCQQyCl2Xq3COPNaYtfnTDY9sxfZMgti
iEpPYPwJnOUgfNAMIeiFg4YpzRaom+sxRfkzCE2opypg4WJd2h46ChXRAESJ6Bh6
2ZM4Yqt5hsX53KhAd9P4XNuKE3ShdFRK+befPbKjfdyLfUy/IpwdPcuXsbjicrbi
fAVwP/JXJXSUq13eDO6GqxMKik8wihiVS0jZbMHbwqwcroKTYoSjUGgrVpPiBwtf
k99IfH2i2TGVKl8YxCnlkDu00pQLTS1p2yE78r2NHodPEHJX7wK5gm1f6betsFwK
Fa4lnbeoLCuRDpmJrN8pPffunq3MbKMJD35izOHXHjMrduOH3SkQlvZoBJ8d8Z0B
Wj1/yToEL5e6BO+gFz8VnNFVn609fblp2+gavQAmaepOqR2KRxQTScfFj7R5TsSu
jqcShoo7hwM=
=W8JE
-----END PGP SIGNATURE-----
More information about the RHSA-announce
mailing list