Red Hat Security Advisory 2023-0756-01 - This is a cumulative patch release zip for the JBoss EAP XP 4.0.0 runtime distribution for use with EAP 7.4.9. Issues addressed include code execution, information leakage, and integer overflow vulnerabilities.
59995ac54ee4a5fedc4f2f01ce05e5a7863fc8c0058a065e034eb36a2c8027b4-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 XP 4.0.0.GA Security release
Advisory ID: RHSA-2023:0756-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2023:0756
Issue date: 2023-02-14
CVE Names: CVE-2021-0341 CVE-2022-47629
=====================================================================
1. Summary:
JBoss EAP XP 4.0.0.GA Security release on the EAP 7.4.9 base. See
references for release notes.
Red Hat Product Security has rated this update as having a security impact
of
Important. A Common Vulnerability Scoring System (CVSS) base score, which
gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
2. Description:
This is a cumulative patch release zip for the JBoss EAP XP 4.0.0 runtime
distribution for use with EAP 7.4.9.
Security Fix(es):
* libksba: integer overflow to code execution (CVE-2022-47629)
* okhttp: information disclosure via improperly used cryptographic function
(CVE-2021-0341)
3. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
4. Bugs fixed (https://bugzilla.redhat.com/):
2154086 - CVE-2021-0341 okhttp: information disclosure via improperly used cryptographic function
2161571 - CVE-2022-47629 libksba: integer overflow to code execution
5. JIRA issues fixed (https://issues.jboss.org/):
JBEAP-24408 - EAP XP 4.0.0.GA for EAP 7.4.9
6. References:
https://access.redhat.com/security/cve/CVE-2021-0341
https://access.redhat.com/security/cve/CVE-2022-47629
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/red_hat_jboss_eap_xp_4.0.0_release_notes/
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html/jboss_eap_xp_4.0_upgrade_and_migration_guide/index
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/using_jboss_eap_xp_4.0.0/index
7. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBY+vS39zjgjWX9erEAQgT8g//aLuYwP7xted5GVKPQVWt0BMKviNDUygt
vqaasjwsQlm8QAmKU2UQgZ85GP/GovItewMHHHyTO765v568PQjb7KgNAFpZBWGt
idVuh47fGpUiFWc0fnunToE0HlqsSzzdgb4pzZEGwMrSJuDkP8sNIWkwcJR5sHVA
zV6o0pBYyjnWZLB3tW6L0Kzaseh1rI3TXogyTvqT6L64y06B5qxnr1OHP6QAPmRa
sHsjxlotvSqDnbUN0cWPPhC6QNYEWO0PLOol7DRcNbMlR7887snzaO/2Bgk3Gba6
jxfHW1KMvEYwFWcDuq4mO0X0u7ebYKrGS0CYsQG1MJcqVYrurGXZHPAmkKDVz9+p
Ob97W2a8262vqA88DNzs69Dz6S/NcAPwLLeJ00cMQa3vc4J7wKGsJNNwj6gvBl/q
sXgJUBIlkYmuwzoNPoXR+mepiT6qyW4PrDt3y7SY9Yr2zEv+Nb2pwIA/6V0cgoDC
oySQG/SqUMDZdQzLd18xP6dJornd5GooQqrEJyY6uUCLqE85HQaFbXKcz9yX57IP
6MPN5cRuje9oTvy7j4PAqvxbVPkfgvpYIl3/yGd2vwZEnAG17ll6GOaYzVfTA3Ta
YXyY+gvUxAy1uUU959g9F+Aa07SzNlQBFj1ant+NfbdZBGTP5xyrnQcwSX4gCVPx
rsOwLU04OSM=
=wpU0
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed