Exploit the possiblities

Red Hat Security Advisory 2016-2055-01

Red Hat Security Advisory 2016-2055-01
Posted Oct 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2055-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release includes bug fixes and enhancements, as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-3183, CVE-2015-3195, CVE-2015-4000, CVE-2016-2105, CVE-2016-2106, CVE-2016-2108, CVE-2016-2109, CVE-2016-3110, CVE-2016-4459
MD5 | 0b9225a8efe500fbba09cd0ae097ee1e

Red Hat Security Advisory 2016-2055-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Important: Red Hat JBoss Enterprise Application Platform 6.4.10 natives update on RHEL 6
Advisory ID: RHSA-2016:2055-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2055.html
Issue date: 2016-10-12
CVE Names: CVE-2015-3183 CVE-2015-3195 CVE-2015-4000
CVE-2016-2105 CVE-2016-2106 CVE-2016-2108
CVE-2016-2109 CVE-2016-3110 CVE-2016-4459
=====================================================================

1. Summary:

Updated packages that provide Red Hat JBoss Enterprise Application Platform
6.4.10 natives, fix several bugs, and add various enhancements are now
available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server - i386, noarch, ppc64, x86_64

3. Description:

Red Hat JBoss Enterprise Application Platform 6 is a platform for Java
applications based on JBoss Application Server 7.

This release includes bug fixes and enhancements, as well as a new release
of OpenSSL that addresses a number of outstanding security flaws. For
further information, see the knowledge base article linked to in the
References section. All users of Red Hat JBoss Enterprise Application
Platform 6.4 on Red Hat Enterprise Linux 6 are advised to upgrade to these
updated packages. The JBoss server process must be restarted for the update
to take effect.

Security Fix(es):

* A flaw was found in the way OpenSSL encoded certain ASN.1 data
structures. An attacker could use this flaw to create a specially crafted
certificate which, when verified or re-encoded by OpenSSL, could cause it
to crash, or execute arbitrary code using the permissions of the user
running an application compiled against the OpenSSL library.
(CVE-2016-2108)

* Multiple flaws were found in the way httpd parsed HTTP requests and
responses using chunked transfer encoding. A remote attacker could use
these flaws to create a specially crafted request, which httpd would decode
differently from an HTTP proxy software in front of it, possibly leading to
HTTP request smuggling attacks. (CVE-2015-3183)

* A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7
and CMS data. A remote attacker could use this flaw to cause an application
that parses PKCS#7 or CMS data from untrusted sources to use an excessive
amount of memory and possibly crash. (CVE-2015-3195)

* A flaw was found in the way the TLS protocol composes the Diffie-Hellman
exchange (for both export and non-export grade cipher suites). An attacker
could use this flaw to downgrade a DHE connection to use export-grade key
sizes, which could then be broken by sufficient pre-computation. This can
lead to a passive man-in-the-middle attack in which the attacker is able to
decrypt all traffic. (CVE-2015-4000)

* An integer overflow flaw, leading to a buffer overflow, was found in the
way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of
input data. A remote attacker could use this flaw to crash an application
using OpenSSL or, possibly, execute arbitrary code with the permissions of
the user running that application. (CVE-2016-2105)

* An integer overflow flaw, leading to a buffer overflow, was found in the
way the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts
of input data. A remote attacker could use this flaw to crash an
application using OpenSSL or, possibly, execute arbitrary code with the
permissions of the user running that application. (CVE-2016-2106)

* It was discovered that it is possible to remotely Segfault Apache http
server with a specially crafted string sent to the mod_cluster via service
messages (MCMP). (CVE-2016-3110)

* A denial of service flaw was found in the way OpenSSL parsed certain
ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An
application using OpenSSL that accepts untrusted ASN.1 BIO input could be
forced to allocate an excessive amount of data. (CVE-2016-2109)

* It was discovered that specifying configuration with a JVMRoute path
longer than 80 characters will cause segmentation fault leading to a server
crash. (CVE-2016-4459)

Red Hat would like to thank the OpenSSL project for reporting
CVE-2016-2108, CVE-2016-2105, and CVE-2016-2106 and Michal Karm Babacek for
reporting CVE-2016-3110. The CVE-2016-4459 issue was discovered by Robert
Bost (Red Hat). Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno
BAPck, and David Benjamin (Google) as the original reporters of
CVE-2016-2108; and Guido Vranken as the original reporter of CVE-2016-2105
and CVE-2016-2106.

4. Solution:

Before applying this update, back up your existing Red Hat JBoss Enterprise
Application Platform installation and deployed applications.

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library
must be restarted, or the system rebooted.

5. Bugs fixed (https://bugzilla.redhat.com/):

1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
1243887 - CVE-2015-3183 httpd: HTTP request smuggling attack against chunked request parser
1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak
1326320 - CVE-2016-3110 mod_cluster: remotely Segfault Apache http server
1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data
1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder
1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow
1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow
1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute
1345987 - RHEL6 RPMs: Upgrade mod_cluster-native to 1.2.13.Final-redhat-1
1345991 - RHEL6 RPMs: Upgrade mod_jk to 1.2.41.redhat-1
1345995 - RHEL6 RPMs: Upgrade tomcat-native to 1.1.34

6. Package List:

Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server:

Source:
hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el6.src.rpm
httpd-2.2.26-54.ep6.el6.src.rpm
jbcs-httpd24-openssl-1.0.2h-4.jbcs.el6.src.rpm
mod_jk-1.2.41-2.redhat_4.ep6.el6.src.rpm
tomcat-native-1.1.34-5.redhat_1.ep6.el6.src.rpm

i386:
hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el6.i386.rpm
hornetq-native-debuginfo-2.3.25-4.SP11_redhat_1.ep6.el6.i386.rpm
httpd-2.2.26-54.ep6.el6.i386.rpm
httpd-debuginfo-2.2.26-54.ep6.el6.i386.rpm
httpd-devel-2.2.26-54.ep6.el6.i386.rpm
httpd-manual-2.2.26-54.ep6.el6.i386.rpm
httpd-tools-2.2.26-54.ep6.el6.i386.rpm
jbcs-httpd24-openssl-1.0.2h-4.jbcs.el6.i686.rpm
jbcs-httpd24-openssl-debuginfo-1.0.2h-4.jbcs.el6.i686.rpm
jbcs-httpd24-openssl-devel-1.0.2h-4.jbcs.el6.i686.rpm
jbcs-httpd24-openssl-libs-1.0.2h-4.jbcs.el6.i686.rpm
jbcs-httpd24-openssl-perl-1.0.2h-4.jbcs.el6.i686.rpm
jbcs-httpd24-openssl-static-1.0.2h-4.jbcs.el6.i686.rpm
jbossas-hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el6.i386.rpm
jbossas-jbossweb-native-1.1.34-5.redhat_1.ep6.el6.i386.rpm
mod_jk-ap22-1.2.41-2.redhat_4.ep6.el6.i386.rpm
mod_jk-debuginfo-1.2.41-2.redhat_4.ep6.el6.i386.rpm
mod_ldap-2.2.26-54.ep6.el6.i386.rpm
mod_ssl-2.2.26-54.ep6.el6.i386.rpm
tomcat-native-1.1.34-5.redhat_1.ep6.el6.i386.rpm
tomcat-native-debuginfo-1.1.34-5.redhat_1.ep6.el6.i386.rpm

noarch:
jbcs-httpd24-1-3.jbcs.el6.noarch.rpm
jbcs-httpd24-runtime-1-3.jbcs.el6.noarch.rpm

ppc64:
hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el6.ppc64.rpm
hornetq-native-debuginfo-2.3.25-4.SP11_redhat_1.ep6.el6.ppc64.rpm
httpd-2.2.26-54.ep6.el6.ppc64.rpm
httpd-debuginfo-2.2.26-54.ep6.el6.ppc64.rpm
httpd-devel-2.2.26-54.ep6.el6.ppc64.rpm
httpd-manual-2.2.26-54.ep6.el6.ppc64.rpm
httpd-tools-2.2.26-54.ep6.el6.ppc64.rpm
jbcs-httpd24-openssl-1.0.2h-4.jbcs.el6.ppc64.rpm
jbcs-httpd24-openssl-debuginfo-1.0.2h-4.jbcs.el6.ppc64.rpm
jbcs-httpd24-openssl-devel-1.0.2h-4.jbcs.el6.ppc64.rpm
jbcs-httpd24-openssl-libs-1.0.2h-4.jbcs.el6.ppc64.rpm
jbcs-httpd24-openssl-perl-1.0.2h-4.jbcs.el6.ppc64.rpm
jbcs-httpd24-openssl-static-1.0.2h-4.jbcs.el6.ppc64.rpm
jbossas-hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el6.ppc64.rpm
jbossas-jbossweb-native-1.1.34-5.redhat_1.ep6.el6.ppc64.rpm
mod_jk-ap22-1.2.41-2.redhat_4.ep6.el6.ppc64.rpm
mod_jk-debuginfo-1.2.41-2.redhat_4.ep6.el6.ppc64.rpm
mod_ldap-2.2.26-54.ep6.el6.ppc64.rpm
mod_ssl-2.2.26-54.ep6.el6.ppc64.rpm
tomcat-native-1.1.34-5.redhat_1.ep6.el6.ppc64.rpm
tomcat-native-debuginfo-1.1.34-5.redhat_1.ep6.el6.ppc64.rpm

x86_64:
hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el6.x86_64.rpm
hornetq-native-debuginfo-2.3.25-4.SP11_redhat_1.ep6.el6.x86_64.rpm
httpd-2.2.26-54.ep6.el6.x86_64.rpm
httpd-debuginfo-2.2.26-54.ep6.el6.x86_64.rpm
httpd-devel-2.2.26-54.ep6.el6.x86_64.rpm
httpd-manual-2.2.26-54.ep6.el6.x86_64.rpm
httpd-tools-2.2.26-54.ep6.el6.x86_64.rpm
jbcs-httpd24-openssl-1.0.2h-4.jbcs.el6.x86_64.rpm
jbcs-httpd24-openssl-debuginfo-1.0.2h-4.jbcs.el6.x86_64.rpm
jbcs-httpd24-openssl-devel-1.0.2h-4.jbcs.el6.x86_64.rpm
jbcs-httpd24-openssl-libs-1.0.2h-4.jbcs.el6.x86_64.rpm
jbcs-httpd24-openssl-perl-1.0.2h-4.jbcs.el6.x86_64.rpm
jbcs-httpd24-openssl-static-1.0.2h-4.jbcs.el6.x86_64.rpm
jbossas-hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el6.x86_64.rpm
jbossas-jbossweb-native-1.1.34-5.redhat_1.ep6.el6.x86_64.rpm
mod_jk-ap22-1.2.41-2.redhat_4.ep6.el6.x86_64.rpm
mod_jk-debuginfo-1.2.41-2.redhat_4.ep6.el6.x86_64.rpm
mod_ldap-2.2.26-54.ep6.el6.x86_64.rpm
mod_ssl-2.2.26-54.ep6.el6.x86_64.rpm
tomcat-native-1.1.34-5.redhat_1.ep6.el6.x86_64.rpm
tomcat-native-debuginfo-1.1.34-5.redhat_1.ep6.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-3183
https://access.redhat.com/security/cve/CVE-2015-3195
https://access.redhat.com/security/cve/CVE-2015-4000
https://access.redhat.com/security/cve/CVE-2016-2105
https://access.redhat.com/security/cve/CVE-2016-2106
https://access.redhat.com/security/cve/CVE-2016-2108
https://access.redhat.com/security/cve/CVE-2016-2109
https://access.redhat.com/security/cve/CVE-2016-3110
https://access.redhat.com/security/cve/CVE-2016-4459
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/articles/2688611
https://access.redhat.com/solutions/222023
https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=6.4

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFX/nC3XlSAg2UNWIIRAl73AJwMWQGEz9iZUcT7H8h4DJigvv8JtgCdHdCf
4sZxcVqDWWAwzVeNvxo3kSk=
=hA1L
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    42 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close