Security Advisory Moderate: JBoss Enterprise Application Platform 4.3.0.CP01 security update

Advisory: RHSA-2008:0826-7
Type: Security Advisory
Severity: Moderate
Issued on: 2008-08-05
Last updated on: 2008-08-05
Affected Products: JBoss Enterprise Application Platform 4.3.0 EL4
OVAL: N/A
CVEs (cve.mitre.org): CVE-2008-1285
CVE-2008-3273

Details

Updated JBoss Enterprise Application Platform (JBoss EAP) packages that fix
various security issues are now available for Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

JBoss EAP is a middleware platform for Java 2 Platform, Enterprise Edition
(J2EE) applications.

This release of JBoss EAP for Red Hat Enterprise Linux 4 contains the JBoss
Application Server and JBoss Seam. This release serves as a replacement for
JBoss EAP 4.3.0.GA, and fixes the following security issues:

The JavaServer Faces (JSF) component was vulnerable to multiple cross-site
scripting (XSS) vulnerabilities. An attacker could use these flaws to
inject arbitrary web script or HTML. (CVE-2008-1285)

Unauthenticated users were able to access the status servlet, which could
allow remote attackers to acquire details about deployed web contexts.
(CVE-2008-3273)

These updated packages include bug fixes and enhancements which are not
listed here. For a full list, refer to the JBoss EAP 4.3.0.CP01 release
notes, linked to in the "References" section of this advisory.

Warning: before applying this update, please back up the JBoss EAP
"server/[configuration]/deploy/" directory, and any customized
configuration files.

Please note: some of the packages contained in this errata were available
via the Red Hat Network prior to the release of this advisory.

All users of JBoss EAP on Red Hat Enterprise Linux 4 are advised to upgrade
to these updated packages, which resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

JBoss Enterprise Application Platform 4.3.0 EL4
SRPMS:
asm-1.5.3-1jpp.ep1.2.el4.src.rpm     28f104a01c11545338b7fe3cb4684957
asm-1.5.3-1jpp.ep1.2.el4.src.rpm     28f104a01c11545338b7fe3cb4684957
cglib-2.1.3-2jpp.ep1.6.el4.src.rpm     c8adf33ec0a5074042f4bf178c9efc70
cglib-2.1.3-2jpp.ep1.6.el4.src.rpm     c8adf33ec0a5074042f4bf178c9efc70
concurrent-1.3.4-7jpp.ep1.6.el4.src.rpm     04b34722d6bbc4ceaae81d754760358c
concurrent-1.3.4-7jpp.ep1.6.el4.src.rpm     04b34722d6bbc4ceaae81d754760358c
glassfish-jaf-1.1.0-0jpp.ep1.11.el4.src.rpm
File outdated by:  RHSA-2008:0831		     ed7eb8449ea007b1f89117cf9fdcfb0d
glassfish-jaf-1.1.0-0jpp.ep1.11.el4.src.rpm
File outdated by:  RHSA-2008:0831		     ed7eb8449ea007b1f89117cf9fdcfb0d
glassfish-javamail-1.4.0-0jpp.ep1.9.el4.src.rpm
File outdated by:  RHSA-2008:0831		     a1a7be4df87bb2913867703cb6dc64d7
glassfish-javamail-1.4.0-0jpp.ep1.9.el4.src.rpm
File outdated by:  RHSA-2008:0831		     a1a7be4df87bb2913867703cb6dc64d7
glassfish-jsf-1.2_08-0jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:0347		     1f05354ea4119a3bba5bf69a43233973
glassfish-jsf-1.2_08-0jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:0347		     1f05354ea4119a3bba5bf69a43233973
hibernate3-3.2.4-1.SP1_CP03.0jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:0347		     19a03e696b8f29503b7da8fa66435215
hibernate3-3.2.4-1.SP1_CP03.0jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:0347		     19a03e696b8f29503b7da8fa66435215
hibernate3-annotations-3.2.1-1.patch02.1jpp.ep1.3.el4.src.rpm
File outdated by:  RHBA-2008:0929		     5a3e76f2ab56f9782fb4ea9aa0434218
hibernate3-annotations-3.2.1-1.patch02.1jpp.ep1.3.el4.src.rpm
File outdated by:  RHBA-2008:0929		     5a3e76f2ab56f9782fb4ea9aa0434218
hibernate3-entitymanager-3.2.1-1jpp.ep1.7.el4.src.rpm
File outdated by:  RHBA-2008:0929		     165cdef245c6f2ef403edbfcedeb2dc7
hibernate3-entitymanager-3.2.1-1jpp.ep1.7.el4.src.rpm
File outdated by:  RHBA-2008:0929		     165cdef245c6f2ef403edbfcedeb2dc7
jboss-aop-1.5.5-1.CP01.0jpp.ep1.1.el4.src.rpm
File outdated by:  RHBA-2008:0929		     369c3420a9e3954be92c132373d89de3
jboss-aop-1.5.5-1.CP01.0jpp.ep1.1.el4.src.rpm
File outdated by:  RHBA-2008:0929		     369c3420a9e3954be92c132373d89de3
jboss-cache-1.4.1-4.SP9.1jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:0347		     2e53701f5fd865f11474ac079bc5f0d8
jboss-cache-1.4.1-4.SP9.1jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:0347		     2e53701f5fd865f11474ac079bc5f0d8
jboss-messaging-1.4.0-1.SP3_CP02.0jpp.ep1.6.el4.src.rpm
File outdated by:  RHSA-2009:0347		     e1a9edb26a00838d85fc85ae185aaa1e
jboss-messaging-1.4.0-1.SP3_CP02.0jpp.ep1.6.el4.src.rpm
File outdated by:  RHSA-2009:0347		     e1a9edb26a00838d85fc85ae185aaa1e
jboss-remoting-2.2.2-3.SP7.0jpp.ep1.3.el4.src.rpm
File outdated by:  RHSA-2009:0347		     36c95e89a73236abe09e1446ed604689
jboss-remoting-2.2.2-3.SP7.0jpp.ep1.3.el4.src.rpm
File outdated by:  RHSA-2009:0347		     36c95e89a73236abe09e1446ed604689
jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.7.el4.src.rpm
File outdated by:  RHSA-2009:0347		     1eaca875e9ab86cd1d1abc88da490fa2
jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.7.el4.src.rpm
File outdated by:  RHSA-2009:0347		     1eaca875e9ab86cd1d1abc88da490fa2
jbossas-4.3.0-2.GA_CP01.ep1.7.el4.src.rpm
File outdated by:  RHSA-2009:0347		     e4bb02c9ee546217edb3e3c324a8cc18
jbossas-4.3.0-2.GA_CP01.ep1.7.el4.src.rpm
File outdated by:  RHSA-2009:0347		     e4bb02c9ee546217edb3e3c324a8cc18
jbossts-4.2.3-1.SP5_CP01.1jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:0347		     b59572f7bb6736d2d0a70ddeabd0cfb4
jbossts-4.2.3-1.SP5_CP01.1jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:0347		     b59572f7bb6736d2d0a70ddeabd0cfb4
jbossws-2.0.1-2.SP2_CP01.0jpp.ep1.2.el4.src.rpm
File outdated by:  RHSA-2009:0347		     f9fbc940170a30246c189f29cc56e43d
jbossws-2.0.1-2.SP2_CP01.0jpp.ep1.2.el4.src.rpm
File outdated by:  RHSA-2009:0347		     f9fbc940170a30246c189f29cc56e43d
jbossxb-1.0.0-2.SP1.0jpp.ep1.2.el4.src.rpm     17c7751a09ff90df01d94f2ac93e2626
jbossxb-1.0.0-2.SP1.0jpp.ep1.2.el4.src.rpm     17c7751a09ff90df01d94f2ac93e2626
jcommon-1.0.12-1jpp.ep1.3.el4.src.rpm     7fa7dcae168dae61acf792730edef0fb
jcommon-1.0.12-1jpp.ep1.3.el4.src.rpm     7fa7dcae168dae61acf792730edef0fb
jfreechart-1.0.9-1jpp.ep1.3.el4.src.rpm     6c2ea26a3e7075772f36e9c532b7a5f5
jfreechart-1.0.9-1jpp.ep1.3.el4.src.rpm     6c2ea26a3e7075772f36e9c532b7a5f5
jgroups-2.4.2-1.GA_CP01.0jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:0347		     3ccad2cb300b45866faf3275d14b0858
jgroups-2.4.2-1.GA_CP01.0jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:0347		     3ccad2cb300b45866faf3275d14b0858
rh-eap-docs-4.3.0-2.GA_CP01.ep1.4.el4.src.rpm
File outdated by:  RHSA-2009:0347		     01e600085b66f630207197d7d2b4b970
rh-eap-docs-4.3.0-2.GA_CP01.ep1.4.el4.src.rpm
File outdated by:  RHSA-2009:0347		     01e600085b66f630207197d7d2b4b970
 
IA-32:
asm-1.5.3-1jpp.ep1.2.el4.noarch.rpm     6e5b7208667ca1b0cdc6bdb2f5ec600e
asm-1.5.3-1jpp.ep1.2.el4.noarch.rpm     6e5b7208667ca1b0cdc6bdb2f5ec600e
cglib-2.1.3-2jpp.ep1.6.el4.noarch.rpm     0a4bde4583bf3da3a5f1af1c63bb003c
cglib-2.1.3-2jpp.ep1.6.el4.noarch.rpm     0a4bde4583bf3da3a5f1af1c63bb003c
concurrent-1.3.4-7jpp.ep1.6.el4.noarch.rpm     635d11a6d386397c21a1474b943e663c
concurrent-1.3.4-7jpp.ep1.6.el4.noarch.rpm     635d11a6d386397c21a1474b943e663c
glassfish-jaf-1.1.0-0jpp.ep1.11.el4.noarch.rpm
File outdated by:  RHSA-2008:0831		     1b7280c9860cac0e3999aa333e383881
glassfish-jaf-1.1.0-0jpp.ep1.11.el4.noarch.rpm
File outdated by:  RHSA-2008:0831		     1b7280c9860cac0e3999aa333e383881
glassfish-javamail-1.4.0-0jpp.ep1.9.el4.noarch.rpm
File outdated by:  RHSA-2008:0831		     5b0d3b3a1b12da9118ff4849071f8ed1
glassfish-javamail-1.4.0-0jpp.ep1.9.el4.noarch.rpm
File outdated by:  RHSA-2008:0831		     5b0d3b3a1b12da9118ff4849071f8ed1
glassfish-jsf-1.2_08-0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     516fcadb954985ba221262fbab9ef82b
glassfish-jsf-1.2_08-0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     516fcadb954985ba221262fbab9ef82b
hibernate3-annotations-3.2.1-1.patch02.1jpp.ep1.3.el4.noarch.rpm
File outdated by:  RHBA-2008:0929		     22857438e7a5399d9ed498838e8f6b6d
hibernate3-annotations-3.2.1-1.patch02.1jpp.ep1.3.el4.noarch.rpm
File outdated by:  RHBA-2008:0929		     22857438e7a5399d9ed498838e8f6b6d
hibernate3-annotations-javadoc-3.2.1-1.patch02.1jpp.ep1.3.el4.noarch
File outdated by:  RHBA-2008:0929		     2be33f384fd8705c40ea0e0b2749c072
hibernate3-annotations-javadoc-3.2.1-1.patch02.1jpp.ep1.3.el4.noarch
File outdated by:  RHBA-2008:0929		     2be33f384fd8705c40ea0e0b2749c072
hibernate3-entitymanager-3.2.1-1jpp.ep1.7.el4.noarch.rpm
File outdated by:  RHBA-2008:0929		     6aebb6c0a0c0678aec271fdbdda52b9e
hibernate3-entitymanager-3.2.1-1jpp.ep1.7.el4.noarch.rpm
File outdated by:  RHBA-2008:0929		     6aebb6c0a0c0678aec271fdbdda52b9e
hibernate3-entitymanager-javadoc-3.2.1-1jpp.ep1.7.el4.noarch.rpm
File outdated by:  RHBA-2008:0929		     a403e447c043c1886b880e69aa874a45
hibernate3-entitymanager-javadoc-3.2.1-1jpp.ep1.7.el4.noarch.rpm
File outdated by:  RHBA-2008:0929		     a403e447c043c1886b880e69aa874a45
hibernate3-javadoc-3.2.4-1.SP1_CP03.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     b67dba0c61288717b3b857945248a798
hibernate3-javadoc-3.2.4-1.SP1_CP03.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     b67dba0c61288717b3b857945248a798
jboss-aop-1.5.5-1.CP01.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHBA-2008:0929		     72944b7bb519111780acf3bf19c612ff
jboss-aop-1.5.5-1.CP01.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHBA-2008:0929		     72944b7bb519111780acf3bf19c612ff
jboss-cache-1.4.1-4.SP9.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     4689f9c0d1786653ae171d98dad98d4f
jboss-cache-1.4.1-4.SP9.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     4689f9c0d1786653ae171d98dad98d4f
jboss-messaging-1.4.0-1.SP3_CP02.0jpp.ep1.6.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     13b8db1bbe07216ddd5e3f9508d65b85
jboss-messaging-1.4.0-1.SP3_CP02.0jpp.ep1.6.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     13b8db1bbe07216ddd5e3f9508d65b85
jboss-remoting-2.2.2-3.SP7.0jpp.ep1.3.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     53d8911db611cefb5fe1503a488676ed
jboss-remoting-2.2.2-3.SP7.0jpp.ep1.3.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     53d8911db611cefb5fe1503a488676ed
jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.7.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     a716c98a5396195517d6dbb82d097a9f
jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.7.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     a716c98a5396195517d6dbb82d097a9f
jboss-seam-docs-1.2.1-3.JBPAPP_4_3_0_GA.ep1.7.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     ea386f116feab2fab6fb53b88ecad00c
jboss-seam-docs-1.2.1-3.JBPAPP_4_3_0_GA.ep1.7.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     ea386f116feab2fab6fb53b88ecad00c
jbossas-4.3.0-2.GA_CP01.ep1.7.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     5eef9e6a40ca09640b409cd8a3b22169
jbossas-4.3.0-2.GA_CP01.ep1.7.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     5eef9e6a40ca09640b409cd8a3b22169
jbossts-4.2.3-1.SP5_CP01.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     50e29240c8fc310b99e64b4603814da8
jbossts-4.2.3-1.SP5_CP01.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     50e29240c8fc310b99e64b4603814da8
jbossws-2.0.1-2.SP2_CP01.0jpp.ep1.2.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     3dcef0c36daa3265017045b469867757
jbossws-2.0.1-2.SP2_CP01.0jpp.ep1.2.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     3dcef0c36daa3265017045b469867757
jbossws-native42-2.0.1-2.SP2_CP01.0jpp.ep1.2.el4.noarch.rpm     a4dc66889ced5eaec3972633f3dc92ed
jbossws-native42-2.0.1-2.SP2_CP01.0jpp.ep1.2.el4.noarch.rpm     a4dc66889ced5eaec3972633f3dc92ed
jbossxb-1.0.0-2.SP1.0jpp.ep1.2.el4.noarch.rpm
File outdated by:  RHSA-2008:0831		     e63bc3e28ebbfbda1add7da00233b75e
jbossxb-1.0.0-2.SP1.0jpp.ep1.2.el4.noarch.rpm
File outdated by:  RHSA-2008:0831		     e63bc3e28ebbfbda1add7da00233b75e
jcommon-1.0.12-1jpp.ep1.3.el4.noarch.rpm     e35848462ab76efd91a5a7bdfa404a93
jcommon-1.0.12-1jpp.ep1.3.el4.noarch.rpm     e35848462ab76efd91a5a7bdfa404a93
jfreechart-1.0.9-1jpp.ep1.3.el4.noarch.rpm     065225c5025f3241f867ad9d19da9390
jfreechart-1.0.9-1jpp.ep1.3.el4.noarch.rpm     065225c5025f3241f867ad9d19da9390
jgroups-2.4.2-1.GA_CP01.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     10b02d5b80e760ceca4812ccb64b832c
jgroups-2.4.2-1.GA_CP01.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     10b02d5b80e760ceca4812ccb64b832c
rh-eap-docs-4.3.0-2.GA_CP01.ep1.4.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     90cb2d31f098c9f98e6d7a00592f8128
rh-eap-docs-4.3.0-2.GA_CP01.ep1.4.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     90cb2d31f098c9f98e6d7a00592f8128
 
x86_64:
asm-1.5.3-1jpp.ep1.2.el4.noarch.rpm     6e5b7208667ca1b0cdc6bdb2f5ec600e
asm-1.5.3-1jpp.ep1.2.el4.noarch.rpm     6e5b7208667ca1b0cdc6bdb2f5ec600e
cglib-2.1.3-2jpp.ep1.6.el4.noarch.rpm     0a4bde4583bf3da3a5f1af1c63bb003c
cglib-2.1.3-2jpp.ep1.6.el4.noarch.rpm     0a4bde4583bf3da3a5f1af1c63bb003c
concurrent-1.3.4-7jpp.ep1.6.el4.noarch.rpm     635d11a6d386397c21a1474b943e663c
concurrent-1.3.4-7jpp.ep1.6.el4.noarch.rpm     635d11a6d386397c21a1474b943e663c
glassfish-jaf-1.1.0-0jpp.ep1.11.el4.noarch.rpm
File outdated by:  RHSA-2008:0831		     1b7280c9860cac0e3999aa333e383881
glassfish-jaf-1.1.0-0jpp.ep1.11.el4.noarch.rpm
File outdated by:  RHSA-2008:0831		     1b7280c9860cac0e3999aa333e383881
glassfish-javamail-1.4.0-0jpp.ep1.9.el4.noarch.rpm
File outdated by:  RHSA-2008:0831		     5b0d3b3a1b12da9118ff4849071f8ed1
glassfish-javamail-1.4.0-0jpp.ep1.9.el4.noarch.rpm
File outdated by:  RHSA-2008:0831		     5b0d3b3a1b12da9118ff4849071f8ed1
glassfish-jsf-1.2_08-0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     516fcadb954985ba221262fbab9ef82b
glassfish-jsf-1.2_08-0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     516fcadb954985ba221262fbab9ef82b
hibernate3-annotations-3.2.1-1.patch02.1jpp.ep1.3.el4.noarch.rpm
File outdated by:  RHBA-2008:0929		     22857438e7a5399d9ed498838e8f6b6d
hibernate3-annotations-3.2.1-1.patch02.1jpp.ep1.3.el4.noarch.rpm
File outdated by:  RHBA-2008:0929		     22857438e7a5399d9ed498838e8f6b6d
hibernate3-annotations-javadoc-3.2.1-1.patch02.1jpp.ep1.3.el4.noarch
File outdated by:  RHBA-2008:0929		     2be33f384fd8705c40ea0e0b2749c072
hibernate3-annotations-javadoc-3.2.1-1.patch02.1jpp.ep1.3.el4.noarch
File outdated by:  RHBA-2008:0929		     2be33f384fd8705c40ea0e0b2749c072
hibernate3-entitymanager-3.2.1-1jpp.ep1.7.el4.noarch.rpm
File outdated by:  RHBA-2008:0929		     6aebb6c0a0c0678aec271fdbdda52b9e
hibernate3-entitymanager-3.2.1-1jpp.ep1.7.el4.noarch.rpm
File outdated by:  RHBA-2008:0929		     6aebb6c0a0c0678aec271fdbdda52b9e
hibernate3-entitymanager-javadoc-3.2.1-1jpp.ep1.7.el4.noarch.rpm
File outdated by:  RHBA-2008:0929		     a403e447c043c1886b880e69aa874a45
hibernate3-entitymanager-javadoc-3.2.1-1jpp.ep1.7.el4.noarch.rpm
File outdated by:  RHBA-2008:0929		     a403e447c043c1886b880e69aa874a45
hibernate3-javadoc-3.2.4-1.SP1_CP03.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     b67dba0c61288717b3b857945248a798
hibernate3-javadoc-3.2.4-1.SP1_CP03.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     b67dba0c61288717b3b857945248a798
jboss-aop-1.5.5-1.CP01.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHBA-2008:0929		     72944b7bb519111780acf3bf19c612ff
jboss-aop-1.5.5-1.CP01.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHBA-2008:0929		     72944b7bb519111780acf3bf19c612ff
jboss-cache-1.4.1-4.SP9.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     4689f9c0d1786653ae171d98dad98d4f
jboss-cache-1.4.1-4.SP9.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     4689f9c0d1786653ae171d98dad98d4f
jboss-messaging-1.4.0-1.SP3_CP02.0jpp.ep1.6.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     13b8db1bbe07216ddd5e3f9508d65b85
jboss-messaging-1.4.0-1.SP3_CP02.0jpp.ep1.6.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     13b8db1bbe07216ddd5e3f9508d65b85
jboss-remoting-2.2.2-3.SP7.0jpp.ep1.3.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     53d8911db611cefb5fe1503a488676ed
jboss-remoting-2.2.2-3.SP7.0jpp.ep1.3.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     53d8911db611cefb5fe1503a488676ed
jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.7.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     a716c98a5396195517d6dbb82d097a9f
jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.7.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     a716c98a5396195517d6dbb82d097a9f
jboss-seam-docs-1.2.1-3.JBPAPP_4_3_0_GA.ep1.7.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     ea386f116feab2fab6fb53b88ecad00c
jboss-seam-docs-1.2.1-3.JBPAPP_4_3_0_GA.ep1.7.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     ea386f116feab2fab6fb53b88ecad00c
jbossas-4.3.0-2.GA_CP01.ep1.7.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     5eef9e6a40ca09640b409cd8a3b22169
jbossas-4.3.0-2.GA_CP01.ep1.7.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     5eef9e6a40ca09640b409cd8a3b22169
jbossts-4.2.3-1.SP5_CP01.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     50e29240c8fc310b99e64b4603814da8
jbossts-4.2.3-1.SP5_CP01.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     50e29240c8fc310b99e64b4603814da8
jbossws-2.0.1-2.SP2_CP01.0jpp.ep1.2.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     3dcef0c36daa3265017045b469867757
jbossws-2.0.1-2.SP2_CP01.0jpp.ep1.2.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     3dcef0c36daa3265017045b469867757
jbossws-native42-2.0.1-2.SP2_CP01.0jpp.ep1.2.el4.noarch.rpm     a4dc66889ced5eaec3972633f3dc92ed
jbossws-native42-2.0.1-2.SP2_CP01.0jpp.ep1.2.el4.noarch.rpm     a4dc66889ced5eaec3972633f3dc92ed
jbossxb-1.0.0-2.SP1.0jpp.ep1.2.el4.noarch.rpm
File outdated by:  RHSA-2008:0831		     e63bc3e28ebbfbda1add7da00233b75e
jbossxb-1.0.0-2.SP1.0jpp.ep1.2.el4.noarch.rpm
File outdated by:  RHSA-2008:0831		     e63bc3e28ebbfbda1add7da00233b75e
jcommon-1.0.12-1jpp.ep1.3.el4.noarch.rpm     e35848462ab76efd91a5a7bdfa404a93
jcommon-1.0.12-1jpp.ep1.3.el4.noarch.rpm     e35848462ab76efd91a5a7bdfa404a93
jfreechart-1.0.9-1jpp.ep1.3.el4.noarch.rpm     065225c5025f3241f867ad9d19da9390
jfreechart-1.0.9-1jpp.ep1.3.el4.noarch.rpm     065225c5025f3241f867ad9d19da9390
jgroups-2.4.2-1.GA_CP01.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     10b02d5b80e760ceca4812ccb64b832c
jgroups-2.4.2-1.GA_CP01.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     10b02d5b80e760ceca4812ccb64b832c
rh-eap-docs-4.3.0-2.GA_CP01.ep1.4.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     90cb2d31f098c9f98e6d7a00592f8128
rh-eap-docs-4.3.0-2.GA_CP01.ep1.4.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     90cb2d31f098c9f98e6d7a00592f8128
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

437082 - CVE-2008-1285 Cross-site scripting (XSS) vulnerability in Sun Java Server Faces
457757 - CVE-2008-3273 JBossEAP status servlet info leak


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3273
http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp01/html-single/readme/index.html
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/