Security Advisory Moderate: JBoss Enterprise Application Platform security update

Advisory: RHSA-2007:0950-13
Type: Security Advisory
Severity: Moderate
Issued on: 2007-11-05
Last updated on: 2007-11-05
Affected Products: Red Hat Application Stack v1 for Enterprise Linux AS (v.4)
Red Hat Application Stack v1 for Enterprise Linux ES (v.4)
Red Hat Application Stack v2
OVAL: N/A
CVEs (cve.mitre.org): CVE-2007-3382
CVE-2007-3385

Details

Updated JBoss Enterprise Application Platform packages that fix several
security issues and bugs are now available for Red Hat Application Stack v1
and v2.

This update has been rated as having moderate security impact by the Red Hat
Security Response Team.

The updated packages address the following security vulnerabilities:

Tomcat incorrectly treated a single quote character (') in a cookie value
as a delimiter. In some circumstances this lead to the leaking of
information such as session ID to an attacker (CVE-2007-3382).

Tomcat incorrectly handled the character sequence \" in a cookie value. In
some circumstances this lead to the leaking of information such as session
ID to an attacker (CVE-2007-3385).

In addition to these security fixes, this update also fixes several bugs in
JBoss Enterprise Application Platform. Please see the referenced release
notes for the list of bugs fixed.

Users of JBoss Enterprise Application Platform should upgrade to these
updated packages which contain fixes to correct these issues.

For users of Red Hat Application Stack v1, installation of this errata will
automatically bring the system up to V.1.2. Please note the following
changes that may affect you:

- Stacks V.1.2 has a new version of JBoss Application Server which
requires Java version 1.5 to run.

- Unless the JBOSS_IP variable is explicitly set in the configuration
file, JBoss Application Server services are now bound to localhost.

- Unless the JBOSSCONF variable is explicitly set in the configuration
file, JBoss Application Server will start with the production config
when started via the init script.

Refer to the release notes for more information on how to set the
JBOSS_IP and JBOSSCONF variables.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Application Stack v1 for Enterprise Linux AS (v.4)
SRPMS:
berkeleydb-2.0.90-1jpp.ep1.1.src.rpm     3e6d36d2288f3119b14d0e3dd25599c9
hibernate3-annotations-3.2.1-1.patch01.1jpp.ep1.2.src.rpm
File outdated by:  RHSA-2008:0158		     c45bea49f9a9460400a2da68565b49cb
hibernate3-ejb-persistence-3.0-api-3.2.1-1jpp.ep1.1.src.rpm     3e32c2ce08a2f07dd027ff86446af6d8
hibernate3-entitymanager-3.2.1-1jpp.ep1.5.src.rpm
File outdated by:  RHSA-2008:0158		     3b350d7de3b713a06221d2edb18abbc4
jacorb-2.3.0-1jpp.ep1.1.src.rpm
File outdated by:  RHSA-2008:0158		     ff1beb2147c7a5aad8e64de2b83ba0aa
jboss-aop-1.5.5-0jpp.ep1.2.1.src.rpm
File outdated by:  RHSA-2008:0158		     15e5b40fbc9f3e41dbf0b74cdf7b0017
jboss-cache-1.4.1-1.SP3.1jpp.ep1.1.src.rpm
File outdated by:  RHSA-2008:0158		     c638e8e39f4524bfddbf07c914024c0b
jboss-remoting-2.2.2-1jpp.ep1.4.src.rpm
File outdated by:  RHSA-2008:0158		     d56036f4b74525ae351030f4c1a8eb9a
jboss-seam-1.2.1-1.ep1.2.src.rpm
File outdated by:  RHSA-2008:0158		     0c5d62cc1e37bb8dd47b2e17b96b7149
jboss-serialization-1.0.3-1jpp.ep1.3.src.rpm     862809bc4e78e5a8777c0c31fcd3a555
jbossas-4.2.0-2.CP01.ep1.4.src.rpm
File outdated by:  RHSA-2008:0158		     d137454d4f562778a0cfd9475ed3bbf0
jbossweb-2.0.0-2.CP01.0jpp.ep1.4.src.rpm
File outdated by:  RHSA-2008:0158		     cba7829b13f79de64b4cbd0422acbaa2
jbossxb-1.0.0-1.CP01.0jpp.ep1.1.src.rpm
File outdated by:  RHSA-2008:0158		     16a51b52b0d53b65d474c1c104c125e9
jcommon-0.9.7-1jpp.el4ep1.1.src.rpm
File outdated by:  RHSA-2008:0158		     92c34a206cecaf59e62d7a3eb38fdc1f
jfreechart-0.9.21-2jpp.el4ep1.1.src.rpm
File outdated by:  RHSA-2008:0158		     d474fd5e30d873738eec028c88164bab
rh-eap-docs-4.2.0-2.CP01.ep1.2.src.rpm
File outdated by:  RHSA-2008:0158		     723a3f1afb218740be1f5d782e80cc25
 
IA-32:
berkeleydb-2.0.90-1jpp.ep1.1.noarch.rpm     9603b96542df9e138e252ee5a701aed4
hibernate3-annotations-3.2.1-1.patch01.1jpp.ep1.2.noarch.rpm
File outdated by:  RHSA-2008:0158		     379f1308aa47160a341c35e9bf45aa65
hibernate3-annotations-javadoc-3.2.1-1.patch01.1jpp.ep1.2.noarch.rpm
File outdated by:  RHSA-2008:0158		     5e39db41c091e098c95edd53c94d3c2d
hibernate3-ejb-persistence-3.0-api-3.2.1-1jpp.ep1.1.noarch.rpm     53896bfbb3bb3f874e160e237b30e2ca
hibernate3-ejb-persistence-3.0-api-javadoc-3.2.1-1jpp.ep1.1.noarch.r     c54b366b96e62fee6ea225d802c0e3d2
hibernate3-entitymanager-3.2.1-1jpp.ep1.5.noarch.rpm
File outdated by:  RHSA-2008:0158		     8635620bce0bef87a8256ec82577f804
hibernate3-entitymanager-javadoc-3.2.1-1jpp.ep1.5.noarch.rpm
File outdated by:  RHSA-2008:0158		     11076de6fc94fe5fc92ededfa22b46a6
jacorb-2.3.0-1jpp.ep1.1.noarch.rpm
File outdated by:  RHSA-2008:0158		     05b568ffc52cefb9abad01678b8cd7ef
jboss-aop-1.5.5-0jpp.ep1.2.1.noarch.rpm
File outdated by:  RHSA-2008:0158		     75f791f3a359dac015d7159e1fdee9ce
jboss-cache-1.4.1-1.SP3.1jpp.ep1.1.noarch.rpm
File outdated by:  RHSA-2008:0158		     dc933213e3041cbe05a61685913b234b
jboss-remoting-2.2.2-1jpp.ep1.4.noarch.rpm
File outdated by:  RHSA-2008:0158		     30d63ec755235f595dd4fc8207926fa7
jboss-seam-1.2.1-1.ep1.2.noarch.rpm
File outdated by:  RHSA-2008:0158		     63b040353b821f8cbc5ccd186cd4d792
jboss-seam-docs-1.2.1-1.ep1.2.noarch.rpm
File outdated by:  RHSA-2008:0158		     5543500f72d98d57105e45e33f227fea
jboss-serialization-1.0.3-1jpp.ep1.3.noarch.rpm     6b3266b5951ed27bedf610e47c619bb1
jbossas-4.2.0-2.CP01.ep1.4.noarch.rpm
File outdated by:  RHSA-2008:0158		     672f485649dcfbb7a2720939a946893b
jbossweb-2.0.0-2.CP01.0jpp.ep1.4.noarch.rpm
File outdated by:  RHSA-2008:0158		     fb3cc11b0a1719c625820d63c3eb0d5d
jbossxb-1.0.0-1.CP01.0jpp.ep1.1.noarch.rpm
File outdated by:  RHSA-2008:0158		     3a03da161c9148892c706332f97cc53d
jcommon-0.9.7-1jpp.el4ep1.1.noarch.rpm
File outdated by:  RHSA-2008:0158		     ec2d3af5e0a2dbc092e334444d31f2f4
jfreechart-0.9.21-2jpp.el4ep1.1.noarch.rpm
File outdated by:  RHSA-2008:0158		     e064470349b6cc22b1ce1a5bb0b91034
rh-eap-docs-4.2.0-2.CP01.ep1.2.noarch.rpm
File outdated by:  RHSA-2008:0158		     18e8c6084efaa0be97865e3f97b13db2
 
x86_64:
berkeleydb-2.0.90-1jpp.ep1.1.noarch.rpm     9603b96542df9e138e252ee5a701aed4
hibernate3-annotations-3.2.1-1.patch01.1jpp.ep1.2.noarch.rpm
File outdated by:  RHSA-2008:0158		     379f1308aa47160a341c35e9bf45aa65
hibernate3-annotations-javadoc-3.2.1-1.patch01.1jpp.ep1.2.noarch.rpm
File outdated by:  RHSA-2008:0158		     5e39db41c091e098c95edd53c94d3c2d
hibernate3-ejb-persistence-3.0-api-3.2.1-1jpp.ep1.1.noarch.rpm     53896bfbb3bb3f874e160e237b30e2ca
hibernate3-ejb-persistence-3.0-api-javadoc-3.2.1-1jpp.ep1.1.noarch.r     c54b366b96e62fee6ea225d802c0e3d2
hibernate3-entitymanager-3.2.1-1jpp.ep1.5.noarch.rpm
File outdated by:  RHSA-2008:0158		     8635620bce0bef87a8256ec82577f804
hibernate3-entitymanager-javadoc-3.2.1-1jpp.ep1.5.noarch.rpm
File outdated by:  RHSA-2008:0158		     11076de6fc94fe5fc92ededfa22b46a6
jacorb-2.3.0-1jpp.ep1.1.noarch.rpm
File outdated by:  RHSA-2008:0158		     05b568ffc52cefb9abad01678b8cd7ef
jboss-aop-1.5.5-0jpp.ep1.2.1.noarch.rpm
File outdated by:  RHSA-2008:0158		     75f791f3a359dac015d7159e1fdee9ce
jboss-cache-1.4.1-1.SP3.1jpp.ep1.1.noarch.rpm
File outdated by:  RHSA-2008:0158		     dc933213e3041cbe05a61685913b234b
jboss-remoting-2.2.2-1jpp.ep1.4.noarch.rpm
File outdated by:  RHSA-2008:0158		     30d63ec755235f595dd4fc8207926fa7
jboss-seam-1.2.1-1.ep1.2.noarch.rpm
File outdated by:  RHSA-2008:0158		     63b040353b821f8cbc5ccd186cd4d792
jboss-seam-docs-1.2.1-1.ep1.2.noarch.rpm
File outdated by:  RHSA-2008:0158		     5543500f72d98d57105e45e33f227fea
jboss-serialization-1.0.3-1jpp.ep1.3.noarch.rpm     6b3266b5951ed27bedf610e47c619bb1
jbossas-4.2.0-2.CP01.ep1.4.noarch.rpm
File outdated by:  RHSA-2008:0158		     672f485649dcfbb7a2720939a946893b
jbossweb-2.0.0-2.CP01.0jpp.ep1.4.noarch.rpm
File outdated by:  RHSA-2008:0158		     fb3cc11b0a1719c625820d63c3eb0d5d
jbossxb-1.0.0-1.CP01.0jpp.ep1.1.noarch.rpm
File outdated by:  RHSA-2008:0158		     3a03da161c9148892c706332f97cc53d
jcommon-0.9.7-1jpp.el4ep1.1.noarch.rpm
File outdated by:  RHSA-2008:0158		     ec2d3af5e0a2dbc092e334444d31f2f4
jfreechart-0.9.21-2jpp.el4ep1.1.noarch.rpm
File outdated by:  RHSA-2008:0158		     e064470349b6cc22b1ce1a5bb0b91034
rh-eap-docs-4.2.0-2.CP01.ep1.2.noarch.rpm
File outdated by:  RHSA-2008:0158		     18e8c6084efaa0be97865e3f97b13db2
 
Red Hat Application Stack v1 for Enterprise Linux ES (v.4)
SRPMS:
berkeleydb-2.0.90-1jpp.ep1.1.src.rpm     3e6d36d2288f3119b14d0e3dd25599c9
hibernate3-annotations-3.2.1-1.patch01.1jpp.ep1.2.src.rpm
File outdated by:  RHSA-2008:0158		     c45bea49f9a9460400a2da68565b49cb
hibernate3-ejb-persistence-3.0-api-3.2.1-1jpp.ep1.1.src.rpm     3e32c2ce08a2f07dd027ff86446af6d8
hibernate3-entitymanager-3.2.1-1jpp.ep1.5.src.rpm
File outdated by:  RHSA-2008:0158		     3b350d7de3b713a06221d2edb18abbc4
jacorb-2.3.0-1jpp.ep1.1.src.rpm
File outdated by:  RHSA-2008:0158		     ff1beb2147c7a5aad8e64de2b83ba0aa
jboss-aop-1.5.5-0jpp.ep1.2.1.src.rpm
File outdated by:  RHSA-2008:0158		     15e5b40fbc9f3e41dbf0b74cdf7b0017
jboss-cache-1.4.1-1.SP3.1jpp.ep1.1.src.rpm
File outdated by:  RHSA-2008:0158		     c638e8e39f4524bfddbf07c914024c0b
jboss-remoting-2.2.2-1jpp.ep1.4.src.rpm
File outdated by:  RHSA-2008:0158		     d56036f4b74525ae351030f4c1a8eb9a
jboss-seam-1.2.1-1.ep1.2.src.rpm
File outdated by:  RHSA-2008:0158		     0c5d62cc1e37bb8dd47b2e17b96b7149
jboss-serialization-1.0.3-1jpp.ep1.3.src.rpm     862809bc4e78e5a8777c0c31fcd3a555
jbossas-4.2.0-2.CP01.ep1.4.src.rpm
File outdated by:  RHSA-2008:0158		     d137454d4f562778a0cfd9475ed3bbf0
jbossweb-2.0.0-2.CP01.0jpp.ep1.4.src.rpm
File outdated by:  RHSA-2008:0158		     cba7829b13f79de64b4cbd0422acbaa2
jbossxb-1.0.0-1.CP01.0jpp.ep1.1.src.rpm
File outdated by:  RHSA-2008:0158		     16a51b52b0d53b65d474c1c104c125e9
jcommon-0.9.7-1jpp.el4ep1.1.src.rpm
File outdated by:  RHSA-2008:0158		     92c34a206cecaf59e62d7a3eb38fdc1f
jfreechart-0.9.21-2jpp.el4ep1.1.src.rpm
File outdated by:  RHSA-2008:0158		     d474fd5e30d873738eec028c88164bab
rh-eap-docs-4.2.0-2.CP01.ep1.2.src.rpm
File outdated by:  RHSA-2008:0158		     723a3f1afb218740be1f5d782e80cc25
 
IA-32:
berkeleydb-2.0.90-1jpp.ep1.1.noarch.rpm     9603b96542df9e138e252ee5a701aed4
hibernate3-annotations-3.2.1-1.patch01.1jpp.ep1.2.noarch.rpm
File outdated by:  RHSA-2008:0158		     379f1308aa47160a341c35e9bf45aa65
hibernate3-annotations-javadoc-3.2.1-1.patch01.1jpp.ep1.2.noarch.rpm
File outdated by:  RHSA-2008:0158		     5e39db41c091e098c95edd53c94d3c2d
hibernate3-ejb-persistence-3.0-api-3.2.1-1jpp.ep1.1.noarch.rpm     53896bfbb3bb3f874e160e237b30e2ca
hibernate3-ejb-persistence-3.0-api-javadoc-3.2.1-1jpp.ep1.1.noarch.r     c54b366b96e62fee6ea225d802c0e3d2
hibernate3-entitymanager-3.2.1-1jpp.ep1.5.noarch.rpm
File outdated by:  RHSA-2008:0158		     8635620bce0bef87a8256ec82577f804
hibernate3-entitymanager-javadoc-3.2.1-1jpp.ep1.5.noarch.rpm
File outdated by:  RHSA-2008:0158		     11076de6fc94fe5fc92ededfa22b46a6
jacorb-2.3.0-1jpp.ep1.1.noarch.rpm
File outdated by:  RHSA-2008:0158		     05b568ffc52cefb9abad01678b8cd7ef
jboss-aop-1.5.5-0jpp.ep1.2.1.noarch.rpm
File outdated by:  RHSA-2008:0158		     75f791f3a359dac015d7159e1fdee9ce
jboss-cache-1.4.1-1.SP3.1jpp.ep1.1.noarch.rpm
File outdated by:  RHSA-2008:0158		     dc933213e3041cbe05a61685913b234b
jboss-remoting-2.2.2-1jpp.ep1.4.noarch.rpm
File outdated by:  RHSA-2008:0158		     30d63ec755235f595dd4fc8207926fa7
jboss-seam-1.2.1-1.ep1.2.noarch.rpm
File outdated by:  RHSA-2008:0158		     63b040353b821f8cbc5ccd186cd4d792
jboss-seam-docs-1.2.1-1.ep1.2.noarch.rpm
File outdated by:  RHSA-2008:0158		     5543500f72d98d57105e45e33f227fea
jboss-serialization-1.0.3-1jpp.ep1.3.noarch.rpm     6b3266b5951ed27bedf610e47c619bb1
jbossas-4.2.0-2.CP01.ep1.4.noarch.rpm
File outdated by:  RHSA-2008:0158		     672f485649dcfbb7a2720939a946893b
jbossweb-2.0.0-2.CP01.0jpp.ep1.4.noarch.rpm
File outdated by:  RHSA-2008:0158		     fb3cc11b0a1719c625820d63c3eb0d5d
jbossxb-1.0.0-1.CP01.0jpp.ep1.1.noarch.rpm
File outdated by:  RHSA-2008:0158		     3a03da161c9148892c706332f97cc53d
jcommon-0.9.7-1jpp.el4ep1.1.noarch.rpm
File outdated by:  RHSA-2008:0158		     ec2d3af5e0a2dbc092e334444d31f2f4
jfreechart-0.9.21-2jpp.el4ep1.1.noarch.rpm
File outdated by:  RHSA-2008:0158		     e064470349b6cc22b1ce1a5bb0b91034
rh-eap-docs-4.2.0-2.CP01.ep1.2.noarch.rpm
File outdated by:  RHSA-2008:0158		     18e8c6084efaa0be97865e3f97b13db2
 
x86_64:
berkeleydb-2.0.90-1jpp.ep1.1.noarch.rpm     9603b96542df9e138e252ee5a701aed4
hibernate3-annotations-3.2.1-1.patch01.1jpp.ep1.2.noarch.rpm
File outdated by:  RHSA-2008:0158		     379f1308aa47160a341c35e9bf45aa65
hibernate3-annotations-javadoc-3.2.1-1.patch01.1jpp.ep1.2.noarch.rpm
File outdated by:  RHSA-2008:0158		     5e39db41c091e098c95edd53c94d3c2d
hibernate3-ejb-persistence-3.0-api-3.2.1-1jpp.ep1.1.noarch.rpm     53896bfbb3bb3f874e160e237b30e2ca
hibernate3-ejb-persistence-3.0-api-javadoc-3.2.1-1jpp.ep1.1.noarch.r     c54b366b96e62fee6ea225d802c0e3d2
hibernate3-entitymanager-3.2.1-1jpp.ep1.5.noarch.rpm
File outdated by:  RHSA-2008:0158		     8635620bce0bef87a8256ec82577f804
hibernate3-entitymanager-javadoc-3.2.1-1jpp.ep1.5.noarch.rpm
File outdated by:  RHSA-2008:0158		     11076de6fc94fe5fc92ededfa22b46a6
jacorb-2.3.0-1jpp.ep1.1.noarch.rpm
File outdated by:  RHSA-2008:0158		     05b568ffc52cefb9abad01678b8cd7ef
jboss-aop-1.5.5-0jpp.ep1.2.1.noarch.rpm
File outdated by:  RHSA-2008:0158		     75f791f3a359dac015d7159e1fdee9ce
jboss-cache-1.4.1-1.SP3.1jpp.ep1.1.noarch.rpm
File outdated by:  RHSA-2008:0158		     dc933213e3041cbe05a61685913b234b
jboss-remoting-2.2.2-1jpp.ep1.4.noarch.rpm
File outdated by:  RHSA-2008:0158		     30d63ec755235f595dd4fc8207926fa7
jboss-seam-1.2.1-1.ep1.2.noarch.rpm
File outdated by:  RHSA-2008:0158		     63b040353b821f8cbc5ccd186cd4d792
jboss-seam-docs-1.2.1-1.ep1.2.noarch.rpm
File outdated by:  RHSA-2008:0158		     5543500f72d98d57105e45e33f227fea
jboss-serialization-1.0.3-1jpp.ep1.3.noarch.rpm     6b3266b5951ed27bedf610e47c619bb1
jbossas-4.2.0-2.CP01.ep1.4.noarch.rpm
File outdated by:  RHSA-2008:0158		     672f485649dcfbb7a2720939a946893b
jbossweb-2.0.0-2.CP01.0jpp.ep1.4.noarch.rpm
File outdated by:  RHSA-2008:0158		     fb3cc11b0a1719c625820d63c3eb0d5d
jbossxb-1.0.0-1.CP01.0jpp.ep1.1.noarch.rpm
File outdated by:  RHSA-2008:0158		     3a03da161c9148892c706332f97cc53d
jcommon-0.9.7-1jpp.el4ep1.1.noarch.rpm
File outdated by:  RHSA-2008:0158		     ec2d3af5e0a2dbc092e334444d31f2f4
jfreechart-0.9.21-2jpp.el4ep1.1.noarch.rpm
File outdated by:  RHSA-2008:0158		     e064470349b6cc22b1ce1a5bb0b91034
rh-eap-docs-4.2.0-2.CP01.ep1.2.noarch.rpm
File outdated by:  RHSA-2008:0158		     18e8c6084efaa0be97865e3f97b13db2
 
Red Hat Application Stack v2
SRPMS:
berkeleydb-2.0.90-1jpp.ep1.1.el5.src.rpm     1364824c1ee97e7f0fcb241328e9df69
bsh2-2.0-0.b4.1jpp.ep1.1.el5.src.rpm     40d5faea59fd9e5f9436fd45523c8070
hibernate3-annotations-3.2.1-1.patch01.1jpp.ep1.3.el5.src.rpm
File outdated by:  RHSA-2008:0158		     8f6f712b7a2253f1d6b29ae35f8b7c94
hibernate3-ejb-persistence-3.0-api-3.2.1-1jpp.ep1.1.el5.src.rpm     9cdd12f342aa59b7107739ee4d8705be
hibernate3-entitymanager-3.2.1-1jpp.ep1.5.el5.src.rpm
File outdated by:  RHSA-2008:0158		     aae323eb86189e960036688084c3fe44
jboss-cache-1.4.1-1.SP3.1jpp.ep1.1.el5.src.rpm
File outdated by:  RHSA-2008:0158		     8fbbf0b14100f6321d390b8778ef4c1e
jboss-remoting-2.2.2-1jpp.ep1.5.el5.src.rpm
File outdated by:  RHSA-2008:0158		     ce29506939a744277b93b37c7dafec83
jboss-seam-1.2.1-1.ep1.2.el5.src.rpm
File outdated by:  RHSA-2008:0158		     e563128ec97b2be57b56b9997711f36b
jboss-serialization-1.0.3-1jpp.ep1.4.el5.src.rpm     60d15223c3215e23627723e5603da12b
jbossas-4.2.0-2.CP01.ep1.3.el5.src.rpm
File outdated by:  RHSA-2008:0158		     e7f2185315348598788131da1c83dec8
jbossweb-2.0.0-2.CP01.0jpp.ep1.4.el5.src.rpm
File outdated by:  RHSA-2008:0158		     d82e72da9bac49c8ba90ab425cbaa894
jbossxb-1.0.0-1.CP01.0jpp.ep1.2.el5.src.rpm
File outdated by:  RHSA-2008:0158		     07c5344200f93a07e8e46619a8b0d469
jcommon-0.9.7-1jpp.ep1.1.el5.src.rpm
File outdated by:  RHSA-2008:0158		     854f94d9d2d8816ab556233173e262d2
jfreechart-0.9.21-2jpp.ep1.1.el5.2.src.rpm
File outdated by:  RHSA-2008:0158		     61d66b662ef265be93c48a09b30dde4d
rh-eap-docs-4.2.0-2.CP01.ep1.2.el5.src.rpm
File outdated by:  RHSA-2008:0158		     7c8b1e2360100685e1b0ac4b4e05cc26
 
IA-32:
berkeleydb-2.0.90-1jpp.ep1.1.el5.noarch.rpm     ff70a7c2ece755ce4ce357b484eda115
bsh2-2.0-0.b4.1jpp.ep1.1.el5.noarch.rpm     c6ca766ab43cca7b1988989c87c8024e
hibernate3-annotations-3.2.1-1.patch01.1jpp.ep1.3.el5.noarch.rpm
File outdated by:  RHSA-2008:0158		     39220cf779de34db59de5f911dc83fe4
hibernate3-annotations-javadoc-3.2.1-1.patch01.1jpp.ep1.3.el5.noarch.rpm
File outdated by:  RHSA-2008:0158		     38d14e60c80432ae28d64c55df8263f0
hibernate3-ejb-persistence-3.0-api-3.2.1-1jpp.ep1.1.el5.noarch.rpm     b66229122a3a9c50a738734dc3b52543
hibernate3-ejb-persistence-3.0-api-javadoc-3.2.1-1jpp.ep1.1.el5.noarch.r     96e5571896595832aa0f03d4bdac01d7
hibernate3-entitymanager-3.2.1-1jpp.ep1.5.el5.noarch.rpm
File outdated by:  RHSA-2008:0158		     1f12ab51909c31709d1322a8b425997b
hibernate3-entitymanager-javadoc-3.2.1-1jpp.ep1.5.el5.noarch.rpm
File outdated by:  RHSA-2008:0158		     d084bb0e4cf54d4a2ac3c0a520310dbd
jboss-cache-1.4.1-1.SP3.1jpp.ep1.1.el5.noarch.rpm
File outdated by:  RHSA-2008:0158		     55e29258406c1decddc23793152dd497
jboss-remoting-2.2.2-1jpp.ep1.5.el5.noarch.rpm
File outdated by:  RHSA-2008:0158		     a836aa273e7af578292fc7327db7c005
jboss-seam-1.2.1-1.ep1.2.el5.noarch.rpm
File outdated by:  RHSA-2008:0158		     37aefe6fa970e840ed69ed5b0169cd92
jboss-seam-docs-1.2.1-1.ep1.2.el5.noarch.rpm
File outdated by:  RHSA-2008:0158		     56032018c262062aec27e7909b526e39
jboss-serialization-1.0.3-1jpp.ep1.4.el5.noarch.rpm     a1f90135b91310cbbc57dcb983684022
jbossas-4.2.0-2.CP01.ep1.3.el5.noarch.rpm
File outdated by:  RHSA-2008:0158		     2baed88bbd3d80ca3f9835f50d44dec2
jbossweb-2.0.0-2.CP01.0jpp.ep1.4.el5.noarch.rpm
File outdated by:  RHSA-2008:0158		     f0fb7530810ea9edff633c6080b09116
jbossxb-1.0.0-1.CP01.0jpp.ep1.2.el5.noarch.rpm
File outdated by:  RHSA-2008:0158		     8aa3b658479515e7caae1eb304c3f6a1
jcommon-0.9.7-1jpp.ep1.1.el5.noarch.rpm
File outdated by:  RHSA-2008:0158		     be2f08599120e22b74e37b360c984348
jfreechart-0.9.21-2jpp.ep1.1.el5.2.noarch.rpm
File outdated by:  RHSA-2008:0158		     33366ca9ba0a15acb3d77e884d58675e
rh-eap-docs-4.2.0-2.CP01.ep1.2.el5.noarch.rpm
File outdated by:  RHSA-2008:0158		     6ac949ba8f4dd30894a2260e038c30c8
 
x86_64:
berkeleydb-2.0.90-1jpp.ep1.1.el5.noarch.rpm     ff70a7c2ece755ce4ce357b484eda115
bsh2-2.0-0.b4.1jpp.ep1.1.el5.noarch.rpm     c6ca766ab43cca7b1988989c87c8024e
hibernate3-annotations-3.2.1-1.patch01.1jpp.ep1.3.el5.noarch.rpm
File outdated by:  RHSA-2008:0158		     39220cf779de34db59de5f911dc83fe4
hibernate3-annotations-javadoc-3.2.1-1.patch01.1jpp.ep1.3.el5.noarch.rpm
File outdated by:  RHSA-2008:0158		     38d14e60c80432ae28d64c55df8263f0
hibernate3-ejb-persistence-3.0-api-3.2.1-1jpp.ep1.1.el5.noarch.rpm     b66229122a3a9c50a738734dc3b52543
hibernate3-ejb-persistence-3.0-api-javadoc-3.2.1-1jpp.ep1.1.el5.noarch.r     96e5571896595832aa0f03d4bdac01d7
hibernate3-entitymanager-3.2.1-1jpp.ep1.5.el5.noarch.rpm
File outdated by:  RHSA-2008:0158		     1f12ab51909c31709d1322a8b425997b
hibernate3-entitymanager-javadoc-3.2.1-1jpp.ep1.5.el5.noarch.rpm
File outdated by:  RHSA-2008:0158		     d084bb0e4cf54d4a2ac3c0a520310dbd
jboss-cache-1.4.1-1.SP3.1jpp.ep1.1.el5.noarch.rpm
File outdated by:  RHSA-2008:0158		     55e29258406c1decddc23793152dd497
jboss-remoting-2.2.2-1jpp.ep1.5.el5.noarch.rpm
File outdated by:  RHSA-2008:0158		     a836aa273e7af578292fc7327db7c005
jboss-seam-1.2.1-1.ep1.2.el5.noarch.rpm
File outdated by:  RHSA-2008:0158		     37aefe6fa970e840ed69ed5b0169cd92
jboss-seam-docs-1.2.1-1.ep1.2.el5.noarch.rpm
File outdated by:  RHSA-2008:0158		     56032018c262062aec27e7909b526e39
jboss-serialization-1.0.3-1jpp.ep1.4.el5.noarch.rpm     a1f90135b91310cbbc57dcb983684022
jbossas-4.2.0-2.CP01.ep1.3.el5.noarch.rpm
File outdated by:  RHSA-2008:0158		     2baed88bbd3d80ca3f9835f50d44dec2
jbossweb-2.0.0-2.CP01.0jpp.ep1.4.el5.noarch.rpm
File outdated by:  RHSA-2008:0158		     f0fb7530810ea9edff633c6080b09116
jbossxb-1.0.0-1.CP01.0jpp.ep1.2.el5.noarch.rpm
File outdated by:  RHSA-2008:0158		     8aa3b658479515e7caae1eb304c3f6a1
jcommon-0.9.7-1jpp.ep1.1.el5.noarch.rpm
File outdated by:  RHSA-2008:0158		     be2f08599120e22b74e37b360c984348
jfreechart-0.9.21-2jpp.ep1.1.el5.2.noarch.rpm
File outdated by:  RHSA-2008:0158		     33366ca9ba0a15acb3d77e884d58675e
rh-eap-docs-4.2.0-2.CP01.ep1.2.el5.noarch.rpm
File outdated by:  RHSA-2008:0158		     6ac949ba8f4dd30894a2260e038c30c8
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

247972 - CVE-2007-3382 tomcat handling of cookies
247976 - CVE-2007-3385 tomcat handling of cookie values


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385
http://www.redhat.com/docs/manuals/jboss/jboss-eap-4.2.0.cp01/readme.html
https://rhstack.108.redhat.com/docs/Red_Hat_Application_Stack_V.1.2_Release_Notes.html
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/