exploit the possibilities

Red Hat Security Advisory 2021-0489-01

Red Hat Security Advisory 2021-0489-01
Posted Feb 11, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0489-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 11 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include a null pointer vulnerability.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2020-1971
MD5 | 56006494dd0d09ae89dae01e17650717

Red Hat Security Advisory 2021-0489-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Low: Red Hat JBoss Web Server 3.1 Service Pack 11 security update
Advisory ID: RHSA-2021:0489-01
Product: Red Hat JBoss Web Server
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0489
Issue date: 2021-02-11
CVE Names: CVE-2020-1971
====================================================================
1. Summary:

An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 7.

Red Hat Product Security has rated this release as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat JBoss Web Server 3.1 for RHEL 7 - x86_64

3. Description:

Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the Apache
HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector
(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat
Native library.

This release of Red Hat JBoss Web Server 3.1 Service Pack 11 serves as a
replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which
are documented in the Release Notes document linked to in the References.

Security Fix(es):

* openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1903409 - CVE-2020-1971 openssl: EDIPARTYNAME NULL pointer de-reference

6. JIRA issues fixed (https://issues.jboss.org/):

JWS-1938 - Update to the latest JBCS version - Drop RHEL6

7. Package List:

Red Hat JBoss Web Server 3.1 for RHEL 7:

Source:
tomcat-native-1.2.23-23.redhat_23.ep7.el7.src.rpm

x86_64:
tomcat-native-1.2.23-23.redhat_23.ep7.el7.x86_64.rpm
tomcat-native-debuginfo-1.2.23-23.redhat_23.ep7.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

8. References:

https://access.redhat.com/security/cve/CVE-2020-1971
https://access.redhat.com/security/updates/classification/#low

9. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYCUzSdzjgjWX9erEAQhezg//aTexLHlDGTrqV+pOKk3IAlauE8Pd7+DJ
hxifoGNalrgXYhY/8bWREEa/o4MO8QeJdvPSwtG/MJ9WETeGYRoofp3cMIP0J+nt
7MxOMm9ZyOuAgM9COERsOykyddEMF1b3Xl5rjuDICrSiPMjp5AExbHmOdMH5l44c
RcRExhmlL6i+/aLSNDfO5QjGae6oXZnDKaMVavbhv2gllHDQ4lewIP+omgiiV72c
bjALMk6QulenYJ69ClqONDBKJbnu1/zfj2V3OOkQG5VbvlhzxQ6JYmXixDNNEC3p
U/KhdhaD0E2MGz92SCRvj6AvO3UdTRIkb2heby896J41YcnypGSrmDurjcUDJ3u2
NpWF+p5BEEFiHkzRuP5e8PgTNjxy7Ye7WtR1KhCLFK/OcI4R8Hs5qu0ufQHqcHGF
cJNaOmKObdZ6vhees45s9mv6K6EJi6G5oY+82VzUPm1HOxjLU+gkxEws8uJTpKc4
goRzO7rCdsgFXXFcniLYJKn70jj0ngGG/3X4YgxlJHrJiEMRuuiQvRCbqRwkcYA7
ViCJ/pPqh0KxqtkFTGNtIHJUvEelSNcizlWu+gmE3BclLihD5x+8R9g3Zfo0xW7f
B0hy/QhSoc+UXwBYJ03TvCvy2Z3CA14g3Q28x6v42tY+QUzwzGwwot0NWHcWCbxQ
8WOFuknf+mY=It3J
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    4 Files
  • 13
    Apr 13th
    15 Files
  • 14
    Apr 14th
    27 Files
  • 15
    Apr 15th
    19 Files
  • 16
    Apr 16th
    7 Files
  • 17
    Apr 17th
    1 Files
  • 18
    Apr 18th
    1 Files
  • 19
    Apr 19th
    19 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close