-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.4 security update Advisory ID: RHSA-2023:0163-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2023:0163 Issue date: 2023-01-12 CVE Names: CVE-2022-46364 ===================================================================== 1. Summary: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.4 for RHEL 7 Server - noarch Red Hat JBoss EAP 7.4 for RHEL 8 - noarch Red Hat JBoss EAP 7.4 for RHEL 9 - noarch 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4. Security Fix(es): * CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2155682 - CVE-2022-46364 Apache CXF: SSRF Vulnerability 6. Package List: Red Hat JBoss EAP 7.4 for RHEL 7 Server: Source: eap7-apache-cxf-3.4.10-1.redhat_00001.1.el7eap.src.rpm eap7-wss4j-2.3.3-1.redhat_00001.1.el7eap.src.rpm eap7-xml-security-2.2.3-1.redhat_00001.1.el7eap.src.rpm noarch: eap7-apache-cxf-3.4.10-1.redhat_00001.1.el7eap.noarch.rpm eap7-apache-cxf-rt-3.4.10-1.redhat_00001.1.el7eap.noarch.rpm eap7-apache-cxf-services-3.4.10-1.redhat_00001.1.el7eap.noarch.rpm eap7-apache-cxf-tools-3.4.10-1.redhat_00001.1.el7eap.noarch.rpm eap7-wss4j-2.3.3-1.redhat_00001.1.el7eap.noarch.rpm eap7-wss4j-bindings-2.3.3-1.redhat_00001.1.el7eap.noarch.rpm eap7-wss4j-policy-2.3.3-1.redhat_00001.1.el7eap.noarch.rpm eap7-wss4j-ws-security-common-2.3.3-1.redhat_00001.1.el7eap.noarch.rpm eap7-wss4j-ws-security-dom-2.3.3-1.redhat_00001.1.el7eap.noarch.rpm eap7-wss4j-ws-security-policy-stax-2.3.3-1.redhat_00001.1.el7eap.noarch.rpm eap7-wss4j-ws-security-stax-2.3.3-1.redhat_00001.1.el7eap.noarch.rpm eap7-xml-security-2.2.3-1.redhat_00001.1.el7eap.noarch.rpm Red Hat JBoss EAP 7.4 for RHEL 8: Source: eap7-apache-cxf-3.4.10-1.redhat_00001.1.el8eap.src.rpm eap7-wss4j-2.3.3-1.redhat_00001.1.el8eap.src.rpm eap7-xml-security-2.2.3-1.redhat_00001.1.el8eap.src.rpm noarch: eap7-apache-cxf-3.4.10-1.redhat_00001.1.el8eap.noarch.rpm eap7-apache-cxf-rt-3.4.10-1.redhat_00001.1.el8eap.noarch.rpm eap7-apache-cxf-services-3.4.10-1.redhat_00001.1.el8eap.noarch.rpm eap7-apache-cxf-tools-3.4.10-1.redhat_00001.1.el8eap.noarch.rpm eap7-wss4j-2.3.3-1.redhat_00001.1.el8eap.noarch.rpm eap7-wss4j-bindings-2.3.3-1.redhat_00001.1.el8eap.noarch.rpm eap7-wss4j-policy-2.3.3-1.redhat_00001.1.el8eap.noarch.rpm eap7-wss4j-ws-security-common-2.3.3-1.redhat_00001.1.el8eap.noarch.rpm eap7-wss4j-ws-security-dom-2.3.3-1.redhat_00001.1.el8eap.noarch.rpm eap7-wss4j-ws-security-policy-stax-2.3.3-1.redhat_00001.1.el8eap.noarch.rpm eap7-wss4j-ws-security-stax-2.3.3-1.redhat_00001.1.el8eap.noarch.rpm eap7-xml-security-2.2.3-1.redhat_00001.1.el8eap.noarch.rpm Red Hat JBoss EAP 7.4 for RHEL 9: Source: eap7-apache-cxf-3.4.10-1.redhat_00001.1.el9eap.src.rpm eap7-wss4j-2.3.3-1.redhat_00001.1.el9eap.src.rpm eap7-xml-security-2.2.3-1.redhat_00001.1.el9eap.src.rpm noarch: eap7-apache-cxf-3.4.10-1.redhat_00001.1.el9eap.noarch.rpm eap7-apache-cxf-rt-3.4.10-1.redhat_00001.1.el9eap.noarch.rpm eap7-apache-cxf-services-3.4.10-1.redhat_00001.1.el9eap.noarch.rpm eap7-apache-cxf-tools-3.4.10-1.redhat_00001.1.el9eap.noarch.rpm eap7-wss4j-2.3.3-1.redhat_00001.1.el9eap.noarch.rpm eap7-wss4j-bindings-2.3.3-1.redhat_00001.1.el9eap.noarch.rpm eap7-wss4j-policy-2.3.3-1.redhat_00001.1.el9eap.noarch.rpm eap7-wss4j-ws-security-common-2.3.3-1.redhat_00001.1.el9eap.noarch.rpm eap7-wss4j-ws-security-dom-2.3.3-1.redhat_00001.1.el9eap.noarch.rpm eap7-wss4j-ws-security-policy-stax-2.3.3-1.redhat_00001.1.el9eap.noarch.rpm eap7-wss4j-ws-security-stax-2.3.3-1.redhat_00001.1.el9eap.noarch.rpm eap7-xml-security-2.2.3-1.redhat_00001.1.el9eap.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-46364 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY8CK9tzjgjWX9erEAQgWOw//Vfqbpq3u+7lYmAeXVMRf4xFFO4iSykHK g4GdAeRtSS/7H9+ARGYJi9iXpdqzF3acALosN0sKxhuQNAwNF72FGvDKX/iFeSmX NSw/QZzSVGdsuca6kCGQgm7QIMTtV9h5fySj2y84vS2VL4yPB7/fIc0oMw8A95zC KCN5TeHADYaw6LnwLmspsABtU7A/WZKy49RWhTRu0KU2DJ2eeCeOJUGQnGRl+q+B 8bx2J9LrWa051ib8347mUt4qelBtr2/ySKoJyqsV/YhhNspjAz47wzjbh4G/sa+D ts9aaTHw4at1BNhu8b5y6siV4uX48X8h6FboNf9vWvy40WoanGezec2L+Dxw23vG WXinYGDFtMTH9U2GNIgsUH2UB+ZW6UExK+wNxQzpW/BoL1A/mFeIWj0DXkKfdDby nO+raPzfIoXxWVlo7/iW2OiRbxOrnqg49GlafmPOYPLGmlcm7eRZeZWk51XlZFfD B41Y1vbCS/Hvrl8cx+ROjN99G2ypit3HrQy+BtC1MrvL6AKMonTKdfhPhWfwoQX5 NiWoeQ++bS6Ah3JA7xxFKpZMj3+hdiU/0ujrlQKkvyH3b698Ffg1Fzj3zkGXoIpj odioG5VkaUhMZU2DAwXT+Etd45l3keMD98BSqKVryeKnpXQG//yxT1WCmLfVqiB+ 2ZD9emBAP9s= =Aoiu -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce