Red Hat Security Advisory 2011-0948-01 - JBoss Enterprise Application Platform is the market-leading platform for innovative and scalable Java applications. It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language (EL) constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework. Note: A properly configured and enabled Java Security Manager would prevent exploitation of this flaw.
8d76f11458581fec59d2e16dc5e5fffd42e0b1fda8cb4c02b621e8b990b6167c-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: JBoss Enterprise Application Platform 5.1.1 update
Advisory ID: RHSA-2011:0948-01
Product: JBoss Enterprise Application Platform
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0948.html
Issue date: 2011-07-18
CVE Names: CVE-2011-2196
=====================================================================
1. Summary:
Updated JBoss Enterprise Application Platform 5.1.1 packages that fix one
security issue and various bugs are now available for Red Hat Enterprise
Linux 5.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
2. Relevant releases/architectures:
JBoss Enterprise Application Platform 5 for RHEL 5 Server - i386, noarch, x86_64
3. Description:
JBoss Enterprise Application Platform is the market-leading platform for
innovative and scalable Java applications. JBoss Enterprise Application
Platform integrates the JBoss Application Server with JBoss Hibernate and
JBoss Seam into a complete and simple enterprise solution.
This JBoss Enterprise Application Platform 5.1.1 release for Red Hat
Enterprise Linux 5 serves as a replacement for JBoss Enterprise Application
Platform 5.1.0.
These updated packages include the bug fixes detailed in the release notes,
which are linked to from the References section of this erratum.
The following security issue is also fixed with this release:
It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2
did not block access to all malicious JBoss Expression Language (EL)
constructs in page exception handling, allowing arbitrary Java methods to
be executed. A remote attacker could use this flaw to execute arbitrary
code via a specially-crafted URL provided to certain applications based on
the JBoss Seam 2 framework. Note: A properly configured and enabled Java
Security Manager would prevent exploitation of this flaw. (CVE-2011-2196)
Red Hat would like to thank the ObjectWorks+ Development Team at Nomura
Research Institute for reporting this issue.
Warning: Before applying this update, please back up your JBoss Enterprise
Application Platform's "jboss-as/server/[PROFILE]/deploy/" directory, along
with all other customized configuration files.
All users of JBoss Enterprise Application Platform 5.1.0 on Red Hat
Enterprise Linux 5 are advised to upgrade to these updated packages. Manual
action is required for this update to take effect. Refer to the Solution
section for details.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
For this update to take effect:
1) If you have created custom applications that are packaged with a
copy of the JBoss Seam 2 library, those applications must be rebuilt
with the updated jboss-seam.jar file provided by this update.
2) Restart the JBoss server process.
5. Bugs fixed (http://bugzilla.redhat.com/):
712283 - CVE-2011-2196 JBoss Seam EL interpolation in exception handling
6. Package List:
JBoss Enterprise Application Platform 5 for RHEL 5 Server:
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/antlr-2.7.7-7.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/apache-cxf-2.2.12-3.patch_01.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/bcel-5.2-8.1.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/bsh2-2.0-0.b4.11.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/codehaus-stax-1.2.0-0.2.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/concurrent-1.3.4-10.1.4_jboss_update1.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/dom4j-1.6.1-11.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/facelets-1.1.15-1.B1.1.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/glassfish-javamail-1.4.2-0.4.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/hibernate3-3.3.2-1.4.GA_CP04.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/hibernate3-annotations-3.4.0-3.2.GA_CP04.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/hibernate3-commons-annotations-3.1.0-1.8.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/hibernate3-entitymanager-3.4.0-4.3.GA_CP04.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/hibernate3-search-3.1.1-2.3.GA_CP04.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/hibernate3-validator-3.1.0-1.5.4.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/hornetq-jopr-plugin-2.0.0-1.Final.4.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/hsqldb-1.8.0.10-9_patch_01.2.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jacorb-jboss-2.3.1-9.patch02.2.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jakarta-commons-collections-3.2.1-4.1.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jakarta-commons-dbcp-1.2.1-16.4.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jakarta-commons-fileupload-1.1.1-7.4.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jaxen-1.1.2-6.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-aop2-2.1.6-1.CP02.1.3.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-aspects-build-1.0.1-0.CR5.1.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-cache-core-3.2.7-5.1.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-cluster-ha-server-api-1.2.0-1.1.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-common-core-2.2.17-1.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-common-logging-jdk-2.1.2-1.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-common-logging-log4j-2.1.2-1.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-common-logging-spi-2.1.2-1.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-deployers-2.0.10-4.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-eap5-native-5.1.1-3.2.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-ejb3-core-1.3.7-0.3.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-ejb3-proxy-impl-1.0.6-2.SP1.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-ejb3-timerservice-spi-1.0.4-0.1.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-javaee-5.0.1-2.9.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-jaxr-2.0.1-7.1.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-jaxrpc-api_1.1_spec-1.0.0-15.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-logbridge-1.0.1-1.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-logmanager-1.1.2-2.1.GA.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-mdr-2.0.3-1.1.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-messaging-1.4.8-6.SP1.1.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-remoting-2.5.4-8.SP2.1.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-remoting-aspects-1.0.3-0.6.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-seam2-2.2.4.EAP5-4.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-security-spi-2.0.4-5.SP7.1.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-security-xacml-2.0.5-1.jdk6.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-serialization-1.0.5-2.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-specs-parent-1.0.0-0.3.Beta2.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-vfs2-2.2.0-4.SP1.3.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossas-5.1.1-16.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossas-messaging511-5.1.1-17.4.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossas-tp-licenses-5.1.1-1.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossas-ws-cxf-5.1.1-5.3.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbosssx2-2.0.4-5.SP7.2.1.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossts-4.6.1-10.CP11_patch_01.3.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossweb-2.1.11-5.4.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossws-3.1.2-6.SP10.1.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossws-common-1.1.0-3.SP7.1.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossws-framework-3.1.2-5.SP9.1.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossws-spi-1.1.2-4.SP6.1.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jdom-1.1.1-2.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jettison-1.2-4.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jgroups-2.6.19-2.1.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jopr-embedded-1.3.4-17.SP4.7.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jopr-hibernate-plugin-3.0.0-10.EmbJopr3.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jopr-jboss-as-5-plugin-3.0.0-8.EmbJopr3.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jopr-jboss-cache-v3-plugin-3.0.0-8.EmbJopr3.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/mod_cluster-1.0.10-2.1.GA_CP01.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/mod_cluster-native-1.0.10-2.1.GA_CP01.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/mod_jk-1.2.31-1.1.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/netty-3.2.3-5.1.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/resteasy-1.2.1-8.CP01.8.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/rh-eap-docs-5.1.1-6.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/rhq-3.0.0-17.EmbJopr3.2.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/rhq-jmx-plugin-3.0.0-14.EmbJopr3.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/rhq-platform-plugin-3.0.0-11.EmbJopr3.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/richfaces-3.3.1-1.SP3.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/slf4j-1.5.8-8.1.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/slf4j-jboss-logging-1.0.3-1.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/sun-saaj-1.3-api-1.3-6.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/sun-ws-metadata-2.0-api-1.0.MR1-11.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/tomcat-native-1.1.20-2.1.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/wss4j-1.5.10-3_patch_01.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/xalan-j2-2.7.1-5.3_patch_04.ep5.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/xerces-j2-2.9.1-3.patch01.1.ep5.el5.src.rpm
i386:
jboss-eap5-native-5.1.1-3.2.ep5.el5.i386.rpm
mod_cluster-native-1.0.10-2.1.GA_CP01.ep5.el5.i386.rpm
mod_cluster-native-debuginfo-1.0.10-2.1.GA_CP01.ep5.el5.i386.rpm
mod_jk-ap20-1.2.31-1.1.ep5.el5.i386.rpm
mod_jk-debuginfo-1.2.31-1.1.ep5.el5.i386.rpm
tomcat-native-1.1.20-2.1.ep5.el5.i386.rpm
tomcat-native-debuginfo-1.1.20-2.1.ep5.el5.i386.rpm
noarch:
antlr-2.7.7-7.ep5.el5.noarch.rpm
apache-cxf-2.2.12-3.patch_01.ep5.el5.noarch.rpm
bcel-5.2-8.1.ep5.el5.noarch.rpm
bsh2-2.0-0.b4.11.ep5.el5.noarch.rpm
bsh2-bsf-2.0-0.b4.11.ep5.el5.noarch.rpm
codehaus-stax-1.2.0-0.2.ep5.el5.noarch.rpm
codehaus-stax-api-1.2.0-0.2.ep5.el5.noarch.rpm
concurrent-1.3.4-10.1.4_jboss_update1.ep5.el5.noarch.rpm
dom4j-1.6.1-11.ep5.el5.noarch.rpm
facelets-1.1.15-1.B1.1.ep5.el5.noarch.rpm
glassfish-javamail-1.4.2-0.4.ep5.el5.noarch.rpm
hibernate3-3.3.2-1.4.GA_CP04.ep5.el5.noarch.rpm
hibernate3-annotations-3.4.0-3.2.GA_CP04.ep5.el5.noarch.rpm
hibernate3-annotations-javadoc-3.4.0-3.2.GA_CP04.ep5.el5.noarch.rpm
hibernate3-commons-annotations-3.1.0-1.8.ep5.el5.noarch.rpm
hibernate3-commons-annotations-javadoc-3.1.0-1.8.ep5.el5.noarch.rpm
hibernate3-entitymanager-3.4.0-4.3.GA_CP04.ep5.el5.noarch.rpm
hibernate3-entitymanager-javadoc-3.4.0-4.3.GA_CP04.ep5.el5.noarch.rpm
hibernate3-javadoc-3.3.2-1.4.GA_CP04.ep5.el5.noarch.rpm
hibernate3-search-3.1.1-2.3.GA_CP04.ep5.el5.noarch.rpm
hibernate3-search-javadoc-3.1.1-2.3.GA_CP04.ep5.el5.noarch.rpm
hibernate3-validator-3.1.0-1.5.4.ep5.el5.noarch.rpm
hibernate3-validator-javadoc-3.1.0-1.5.4.ep5.el5.noarch.rpm
hornetq-jopr-plugin-2.0.0-1.Final.4.ep5.el5.noarch.rpm
hsqldb-1.8.0.10-9_patch_01.2.ep5.el5.noarch.rpm
jacorb-jboss-2.3.1-9.patch02.2.ep5.el5.noarch.rpm
jakarta-commons-collections-3.2.1-4.1.ep5.el5.noarch.rpm
jakarta-commons-collections-tomcat5-3.2.1-4.1.ep5.el5.noarch.rpm
jakarta-commons-dbcp-1.2.1-16.4.ep5.el5.noarch.rpm
jakarta-commons-dbcp-tomcat5-1.2.1-16.4.ep5.el5.noarch.rpm
jakarta-commons-fileupload-1.1.1-7.4.ep5.el5.noarch.rpm
jaxen-1.1.2-6.ep5.el5.noarch.rpm
jboss-aop2-2.1.6-1.CP02.1.3.ep5.el5.noarch.rpm
jboss-aspects-build-1.0.1-0.CR5.1.ep5.el5.noarch.rpm
jboss-cache-core-3.2.7-5.1.ep5.el5.noarch.rpm
jboss-cluster-ha-server-api-1.2.0-1.1.ep5.el5.noarch.rpm
jboss-common-core-2.2.17-1.ep5.el5.noarch.rpm
jboss-common-logging-jdk-2.1.2-1.ep5.el5.noarch.rpm
jboss-common-logging-log4j-2.1.2-1.ep5.el5.noarch.rpm
jboss-common-logging-spi-2.1.2-1.ep5.el5.noarch.rpm
jboss-deployers-2.0.10-4.ep5.el5.noarch.rpm
jboss-ejb-3.0-api-5.0.1-2.9.ep5.el5.noarch.rpm
jboss-ejb3-core-1.3.7-0.3.ep5.el5.noarch.rpm
jboss-ejb3-proxy-impl-1.0.6-2.SP1.ep5.el5.noarch.rpm
jboss-ejb3-timerservice-spi-1.0.4-0.1.ep5.el5.noarch.rpm
jboss-jacc-1.1-api-5.0.1-2.9.ep5.el5.noarch.rpm
jboss-jad-1.2-api-5.0.1-2.9.ep5.el5.noarch.rpm
jboss-jaspi-1.0-api-5.0.1-2.9.ep5.el5.noarch.rpm
jboss-javaee-5.0.1-2.9.ep5.el5.noarch.rpm
jboss-javaee-poms-5.0.1-2.9.ep5.el5.noarch.rpm
jboss-jaxr-2.0.1-7.1.ep5.el5.noarch.rpm
jboss-jaxrpc-api_1.1_spec-1.0.0-15.ep5.el5.noarch.rpm
jboss-jca-1.5-api-5.0.1-2.9.ep5.el5.noarch.rpm
jboss-jms-1.1-api-5.0.1-2.9.ep5.el5.noarch.rpm
jboss-logbridge-1.0.1-1.ep5.el5.noarch.rpm
jboss-logmanager-1.1.2-2.1.GA.ep5.el5.noarch.rpm
jboss-mdr-2.0.3-1.1.ep5.el5.noarch.rpm
jboss-messaging-1.4.8-6.SP1.1.ep5.el5.noarch.rpm
jboss-remoting-2.5.4-8.SP2.1.ep5.el5.noarch.rpm
jboss-remoting-aspects-1.0.3-0.6.ep5.el5.noarch.rpm
jboss-seam2-2.2.4.EAP5-4.ep5.el5.noarch.rpm
jboss-seam2-docs-2.2.4.EAP5-4.ep5.el5.noarch.rpm
jboss-seam2-examples-2.2.4.EAP5-4.ep5.el5.noarch.rpm
jboss-seam2-runtime-2.2.4.EAP5-4.ep5.el5.noarch.rpm
jboss-security-spi-2.0.4-5.SP7.1.ep5.el5.noarch.rpm
jboss-security-xacml-2.0.5-1.jdk6.ep5.el5.noarch.rpm
jboss-serialization-1.0.5-2.ep5.el5.noarch.rpm
jboss-specs-parent-1.0.0-0.3.Beta2.ep5.el5.noarch.rpm
jboss-transaction-1.0.1-api-5.0.1-2.9.ep5.el5.noarch.rpm
jboss-vfs2-2.2.0-4.SP1.3.ep5.el5.noarch.rpm
jbossas-5.1.1-16.ep5.el5.noarch.rpm
jbossas-client-5.1.1-16.ep5.el5.noarch.rpm
jbossas-messaging511-5.1.1-17.4.ep5.el5.noarch.rpm
jbossas-tp-licenses-5.1.1-1.ep5.el5.noarch.rpm
jbossas-ws-cxf-5.1.1-5.3.ep5.el5.noarch.rpm
jbossas-ws-native-5.1.1-16.ep5.el5.noarch.rpm
jbosssx2-2.0.4-5.SP7.2.1.ep5.el5.noarch.rpm
jbossts-4.6.1-10.CP11_patch_01.3.ep5.el5.noarch.rpm
jbossts-javadoc-4.6.1-10.CP11_patch_01.3.ep5.el5.noarch.rpm
jbossweb-2.1.11-5.4.ep5.el5.noarch.rpm
jbossweb-el-1.0-api-2.1.11-5.4.ep5.el5.noarch.rpm
jbossweb-jsp-2.1-api-2.1.11-5.4.ep5.el5.noarch.rpm
jbossweb-lib-2.1.11-5.4.ep5.el5.noarch.rpm
jbossweb-servlet-2.5-api-2.1.11-5.4.ep5.el5.noarch.rpm
jbossws-3.1.2-6.SP10.1.ep5.el5.noarch.rpm
jbossws-common-1.1.0-3.SP7.1.ep5.el5.noarch.rpm
jbossws-framework-3.1.2-5.SP9.1.ep5.el5.noarch.rpm
jbossws-spi-1.1.2-4.SP6.1.ep5.el5.noarch.rpm
jdom-1.1.1-2.ep5.el5.noarch.rpm
jettison-1.2-4.ep5.el5.noarch.rpm
jgroups-2.6.19-2.1.ep5.el5.noarch.rpm
jopr-embedded-1.3.4-17.SP4.7.ep5.el5.noarch.rpm
jopr-hibernate-plugin-3.0.0-10.EmbJopr3.ep5.el5.noarch.rpm
jopr-jboss-as-5-plugin-3.0.0-8.EmbJopr3.ep5.el5.noarch.rpm
jopr-jboss-cache-v3-plugin-3.0.0-8.EmbJopr3.ep5.el5.noarch.rpm
mod_cluster-demo-1.0.10-2.1.GA_CP01.ep5.el5.noarch.rpm
mod_cluster-jbossas-1.0.10-2.1.GA_CP01.ep5.el5.noarch.rpm
mod_cluster-jbossweb2-1.0.10-2.1.GA_CP01.ep5.el5.noarch.rpm
mod_cluster-tomcat6-1.0.10-2.1.GA_CP01.ep5.el5.noarch.rpm
netty-3.2.3-5.1.ep5.el5.noarch.rpm
resteasy-1.2.1-8.CP01.8.ep5.el5.noarch.rpm
resteasy-examples-1.2.1-8.CP01.8.ep5.el5.noarch.rpm
resteasy-javadoc-1.2.1-8.CP01.8.ep5.el5.noarch.rpm
resteasy-manual-1.2.1-8.CP01.8.ep5.el5.noarch.rpm
rh-eap-docs-5.1.1-6.ep5.el5.noarch.rpm
rh-eap-docs-examples-5.1.1-6.ep5.el5.noarch.rpm
rhq-3.0.0-17.EmbJopr3.2.ep5.el5.noarch.rpm
rhq-ant-bundle-common-3.0.0-17.EmbJopr3.2.ep5.el5.noarch.rpm
rhq-common-parent-3.0.0-17.EmbJopr3.2.ep5.el5.noarch.rpm
rhq-core-client-api-3.0.0-17.EmbJopr3.2.ep5.el5.noarch.rpm
rhq-core-comm-api-3.0.0-17.EmbJopr3.2.ep5.el5.noarch.rpm
rhq-core-dbutils-3.0.0-17.EmbJopr3.2.ep5.el5.noarch.rpm
rhq-core-domain-3.0.0-17.EmbJopr3.2.ep5.el5.noarch.rpm
rhq-core-gui-3.0.0-17.EmbJopr3.2.ep5.el5.noarch.rpm
rhq-core-native-system-3.0.0-17.EmbJopr3.2.ep5.el5.noarch.rpm
rhq-core-parent-3.0.0-17.EmbJopr3.2.ep5.el5.noarch.rpm
rhq-core-plugin-api-3.0.0-17.EmbJopr3.2.ep5.el5.noarch.rpm
rhq-core-plugin-container-3.0.0-17.EmbJopr3.2.ep5.el5.noarch.rpm
rhq-core-plugindoc-3.0.0-17.EmbJopr3.2.ep5.el5.noarch.rpm
rhq-core-util-3.0.0-17.EmbJopr3.2.ep5.el5.noarch.rpm
rhq-filetemplate-bundle-common-3.0.0-17.EmbJopr3.2.ep5.el5.noarch.rpm
rhq-helpers-3.0.0-17.EmbJopr3.2.ep5.el5.noarch.rpm
rhq-jboss-as-common-3.0.0-17.EmbJopr3.2.ep5.el5.noarch.rpm
rhq-jmx-plugin-3.0.0-14.EmbJopr3.ep5.el5.noarch.rpm
rhq-modules-parent-3.0.0-17.EmbJopr3.2.ep5.el5.noarch.rpm
rhq-parent-3.0.0-17.EmbJopr3.2.ep5.el5.noarch.rpm
rhq-platform-plugin-3.0.0-11.EmbJopr3.ep5.el5.noarch.rpm
rhq-plugin-validator-3.0.0-17.EmbJopr3.2.ep5.el5.noarch.rpm
rhq-pluginAnnotations-3.0.0-17.EmbJopr3.2.ep5.el5.noarch.rpm
rhq-pluginGen-3.0.0-17.EmbJopr3.2.ep5.el5.noarch.rpm
rhq-plugins-parent-3.0.0-17.EmbJopr3.2.ep5.el5.noarch.rpm
rhq-rtfilter-3.0.0-17.EmbJopr3.2.ep5.el5.noarch.rpm
richfaces-3.3.1-1.SP3.ep5.el5.noarch.rpm
richfaces-cdk-3.3.1-1.SP3.ep5.el5.noarch.rpm
richfaces-demo-3.3.1-1.SP3.ep5.el5.noarch.rpm
richfaces-docs-3.3.1-1.SP3.ep5.el5.noarch.rpm
richfaces-framework-3.3.1-1.SP3.ep5.el5.noarch.rpm
richfaces-root-3.3.1-1.SP3.ep5.el5.noarch.rpm
richfaces-ui-3.3.1-1.SP3.ep5.el5.noarch.rpm
slf4j-1.5.8-8.1.ep5.el5.noarch.rpm
slf4j-jboss-logging-1.0.3-1.ep5.el5.noarch.rpm
sun-saaj-1.3-api-1.3-6.ep5.el5.noarch.rpm
sun-ws-metadata-2.0-api-1.0.MR1-11.ep5.el5.noarch.rpm
wss4j-1.5.10-3_patch_01.ep5.el5.noarch.rpm
xalan-j2-2.7.1-5.3_patch_04.ep5.el5.noarch.rpm
xerces-j2-2.9.1-3.patch01.1.ep5.el5.noarch.rpm
xerces-j2-scripts-2.9.1-3.patch01.1.ep5.el5.noarch.rpm
x86_64:
jboss-eap5-native-5.1.1-3.2.ep5.el5.x86_64.rpm
mod_cluster-native-1.0.10-2.1.GA_CP01.ep5.el5.x86_64.rpm
mod_cluster-native-debuginfo-1.0.10-2.1.GA_CP01.ep5.el5.x86_64.rpm
mod_jk-ap20-1.2.31-1.1.ep5.el5.x86_64.rpm
mod_jk-debuginfo-1.2.31-1.1.ep5.el5.x86_64.rpm
tomcat-native-1.1.20-2.1.ep5.el5.x86_64.rpm
tomcat-native-debuginfo-1.1.20-2.1.ep5.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2011-2196.html
https://access.redhat.com/security/updates/classification/#important
http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/5/html-single/Release_Notes_5.1.1/index.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFOJK7dXlSAg2UNWIIRAsk0AJ9Se5JpFFDPCNR4MYmFTBmMjLk//gCfbcQ6
gzTb9iSSzLouGCY8zUwPsRU=
=vD/I
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed