exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2015-1670-01

Red Hat Security Advisory 2015-1670-01
Posted Aug 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1670-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.2 and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-3158
SHA-256 | a35f01c8ed5eec4e01e9170a8bf2dcfe62054f8945135a6a356a21502684669b

Red Hat Security Advisory 2015-1670-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Red Hat JBoss Enterprise Application Platform security update
Advisory ID: RHSA-2015:1670-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1670.html
Issue date: 2015-08-24
CVE Names: CVE-2015-3158
=====================================================================

1. Summary:

An updated Red Hat JBoss Enterprise Application Platform 6.4.3 package that
fixes a security issue, several bugs and adds various enhancements is now
available for Red Hat Enterprise Linux 6.

2. Relevant releases/architectures:

Red Hat JBoss EAP 6.4 for RHEL 6 - noarch

3. Description:

Red Hat JBoss Enterprise Application Platform 6 is a platform for Java
applications based on JBoss Application Server 7.

This release serves as a replacement for Red Hat JBoss Enterprise
Application Platform 6.4.2 and includes bug fixes and enhancements.
Documentation for these changes is available from the Red Hat JBoss
Enterprise Application Platform 6.4.3 Release Notes, linked to in the
References.

The following security issue is also fixed with this release:

It was discovered that under specific conditions that PicketLink
IDP ignores role based authorization. This could lead to an
authenticated user being able to access application resources
that are not permitted for a given role. (CVE-2015-3158)

All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat
Enterprise Linux 6 are advised to upgrade to this updated package, which
fixes these bugs and adds these enhancements. The JBoss server process must
be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1216123 - CVE-2015-3158 PicketLink: PicketLink IDP ignores role based authorization
1247691 - RHEL6 RPMs: Upgrade hibernate4-eap6 to 4.2.20.Final-redhat-1
1247695 - RHEL6 RPMs: Upgrade jboss-modules to 1.3.7.Final-redhat-1
1247697 - RHEL6 RPMs: Upgrade jbossts to 4.17.30.Final-redhat-1
1247702 - RHEL6 RPMs: Upgrade jbossweb to 7.5.10.Final-redhat-1
1247707 - RHEL6 RPMs: Upgrade resteasy to 2.3.12.Final-redhat-1

6. Package List:

Red Hat JBoss EAP 6.4 for RHEL 6:

Source:
glassfish-jsf-eap6-2.1.28-9.redhat_10.1.ep6.el6.src.rpm
hibernate4-eap6-4.2.20-1.Final_redhat_1.1.ep6.el6.src.rpm
hornetq-2.3.25-4.SP3_redhat_1.1.ep6.el6.src.rpm
jboss-as-appclient-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-cli-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-client-all-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-clustering-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-cmp-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-configadmin-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-connector-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-console-2.5.6-2.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-controller-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-controller-client-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-core-security-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-deployment-repository-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-deployment-scanner-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-domain-http-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-domain-management-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-ee-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-ee-deployment-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-ejb3-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-embedded-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-host-controller-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-jacorb-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-jaxr-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-jaxrs-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-jdr-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-jmx-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-jpa-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-jsf-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-jsr77-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-logging-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-mail-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-management-client-content-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-messaging-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-modcluster-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-naming-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-network-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-osgi-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-osgi-configadmin-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-osgi-service-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-picketlink-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-platform-mbean-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-pojo-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-process-controller-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-protocol-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-remoting-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-sar-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-security-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-server-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-system-jmx-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-threads-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-transactions-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-version-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-web-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-webservices-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-weld-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-as-xts-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jboss-hal-2.5.6-2.Final_redhat_2.1.ep6.el6.src.rpm
jboss-modules-1.3.7-1.Final_redhat_1.1.ep6.el6.src.rpm
jbossas-appclient-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jbossas-bundles-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jbossas-core-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jbossas-domain-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jbossas-javadocs-7.5.3-2.Final_redhat_2.1.ep6.el6.src.rpm
jbossas-modules-eap-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jbossas-product-eap-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jbossas-standalone-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jbossas-welcome-content-eap-7.5.3-1.Final_redhat_2.1.ep6.el6.src.rpm
jbossts-4.17.30-1.Final_redhat_1.1.ep6.el6.src.rpm
jbossweb-7.5.10-1.Final_redhat_1.1.ep6.el6.src.rpm
picketlink-bindings-2.5.4-8.SP7_redhat_1.1.ep6.el6.src.rpm
picketlink-federation-2.5.4-8.SP7_redhat_1.1.ep6.el6.src.rpm
resteasy-2.3.12-1.Final_redhat_1.1.ep6.el6.src.rpm

noarch:
glassfish-jsf-eap6-2.1.28-9.redhat_10.1.ep6.el6.noarch.rpm
hibernate4-core-eap6-4.2.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
hibernate4-eap6-4.2.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
hibernate4-entitymanager-eap6-4.2.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
hibernate4-envers-eap6-4.2.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
hibernate4-infinispan-eap6-4.2.20-1.Final_redhat_1.1.ep6.el6.noarch.rpm
hornetq-2.3.25-4.SP3_redhat_1.1.ep6.el6.noarch.rpm
jboss-as-appclient-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-cli-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-client-all-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-clustering-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-cmp-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-configadmin-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-connector-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-console-2.5.6-2.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-controller-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-controller-client-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-core-security-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-deployment-repository-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-deployment-scanner-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-domain-http-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-domain-management-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-ee-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-ee-deployment-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-ejb3-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-embedded-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-host-controller-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-jacorb-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-jaxr-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-jaxrs-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-jdr-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-jmx-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-jpa-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-jsf-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-jsr77-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-logging-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-mail-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-management-client-content-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-messaging-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-modcluster-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-naming-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-network-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-osgi-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-osgi-configadmin-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-osgi-service-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-picketlink-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-platform-mbean-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-pojo-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-process-controller-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-protocol-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-remoting-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-sar-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-security-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-server-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-system-jmx-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-threads-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-transactions-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-version-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-web-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-webservices-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-weld-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-xts-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-hal-2.5.6-2.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-modules-1.3.7-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jbossas-appclient-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jbossas-bundles-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jbossas-core-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jbossas-domain-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jbossas-javadocs-7.5.3-2.Final_redhat_2.1.ep6.el6.noarch.rpm
jbossas-modules-eap-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jbossas-product-eap-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jbossas-standalone-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jbossas-welcome-content-eap-7.5.3-1.Final_redhat_2.1.ep6.el6.noarch.rpm
jbossts-4.17.30-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jbossweb-7.5.10-1.Final_redhat_1.1.ep6.el6.noarch.rpm
picketlink-bindings-2.5.4-8.SP7_redhat_1.1.ep6.el6.noarch.rpm
picketlink-federation-2.5.4-8.SP7_redhat_1.1.ep6.el6.noarch.rpm
resteasy-2.3.12-1.Final_redhat_1.1.ep6.el6.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-3158
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFV22c0XlSAg2UNWIIRAn1sAJ0b+offIPp75W3TcCxfdW0B6erBwwCgizmm
IJAVVeEqXHKWN1begc15zR8=
=+CD2
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close