Security Advisory Low: JBoss Enterprise Application Platform 4.3.0CP02 security update

Advisory: RHSA-2008:0831-5
Type: Security Advisory
Severity: Low
Issued on: 2008-09-22
Last updated on: 2008-09-22
Affected Products: JBoss Enterprise Application Platform 4.3.0 EL4
OVAL: N/A
CVEs (cve.mitre.org): CVE-2007-5342
CVE-2008-3519

Details

Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix
various security issues are now available for Red Hat Enterprise Linux 4 as
JBEAP 4.3.0.CP02.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

JBoss Enterprise Application Platform is the market leading platform for
innovative and scalable Java applications; integrating the JBoss
Application Server, with JBoss Hibernate and JBoss Seam into a complete,
simple enterprise solution.

This release of JBEAP for Red Hat Enterprise Linux 4 serves as a
replacement to JBEAP 4.3.0.CP01.

These updated packages include bug fixes and enhancements which are
detailed in the release notes. The link to the release notes is available
below in the References section.

The following security issues are also fixed with this release:

The default security policy in the JULI logging component did not restrict
access permissions to files. This could be misused by untrusted web
applications to access and write arbitrary files in the context of the
tomcat process. (CVE-2007-5342)

The property that controls the download of server classes was set to "true"
in the "production" configuration. When the class download service is bound
to an external interface, a remote attacker was able to download arbitrary
class files from the server class path. (CVE-2008-3519)

Warning: before applying this update, please backup the JBEAP
"server/[configuration]/deploy/" directory, and any other customized
configuration files.

All users of JBEAP 4.3 on Red Hat Enterprise Linux 4 are advised to upgrade
to these updated packages, which resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

JBoss Enterprise Application Platform 4.3.0 EL4
SRPMS:
glassfish-jaf-1.1.0-0jpp.ep1.12.el4.src.rpm     0fbfcee9978383ad1209ce721d9ace8a
glassfish-jaf-1.1.0-0jpp.ep1.12.el4.src.rpm     0fbfcee9978383ad1209ce721d9ace8a
glassfish-javamail-1.4.0-0jpp.ep1.10.el4.src.rpm     c4b957095607daef377fdfce542db853
glassfish-javamail-1.4.0-0jpp.ep1.10.el4.src.rpm     c4b957095607daef377fdfce542db853
glassfish-jaxb-2.1.4-1jpp.ep1.2.el4.src.rpm
File outdated by:  RHSA-2009:1146		     acf88525a21a5bfe53c8d2a3b265a66c
glassfish-jaxb-2.1.4-1jpp.ep1.2.el4.src.rpm
File outdated by:  RHSA-2009:1146		     acf88525a21a5bfe53c8d2a3b265a66c
glassfish-jaxws-2.1.1-1jpp.ep1.3.el4.src.rpm     c8403957695a8e3e2fcea2bf330f89a4
glassfish-jaxws-2.1.1-1jpp.ep1.3.el4.src.rpm     c8403957695a8e3e2fcea2bf330f89a4
glassfish-jstl-1.2.0-0jpp.ep1.10.el4.src.rpm     480faa39848fac4ceb75cad92769b786
glassfish-jstl-1.2.0-0jpp.ep1.10.el4.src.rpm     480faa39848fac4ceb75cad92769b786
hibernate3-3.2.4-1.SP1_CP04.0jpp.ep1.3.el4.src.rpm
File outdated by:  RHSA-2009:1146		     6791b9c1075a6cb6a68ea1697d908a2e
hibernate3-3.2.4-1.SP1_CP04.0jpp.ep1.3.el4.src.rpm
File outdated by:  RHSA-2009:1146		     6791b9c1075a6cb6a68ea1697d908a2e
hibernate3-annotations-3.2.1-4.GA_CP02.1jpp.ep1.7.el4.src.rpm
File outdated by:  RHSA-2009:1146		     5102b672627f1245e204833645036bf5
hibernate3-annotations-3.2.1-4.GA_CP02.1jpp.ep1.7.el4.src.rpm
File outdated by:  RHSA-2009:1146		     5102b672627f1245e204833645036bf5
hibernate3-commons-annotations-0.0.0-1.1jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:1146		     1378baeeaef247ca434c0af5f8623d67
hibernate3-commons-annotations-0.0.0-1.1jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:1146		     1378baeeaef247ca434c0af5f8623d67
hibernate3-entitymanager-3.2.1-2.GA_CP03.1jpp.ep1.9.el4.src.rpm
File outdated by:  RHSA-2009:1146		     e7a1fa5461132f6b1263ae7122f8fd72
hibernate3-entitymanager-3.2.1-2.GA_CP03.1jpp.ep1.9.el4.src.rpm
File outdated by:  RHSA-2009:1146		     e7a1fa5461132f6b1263ae7122f8fd72
hibernate3-validator-0.0.0-1.1jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:1146		     2ad5611ebf574bff399a40a7cf66f67c
hibernate3-validator-0.0.0-1.1jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:1146		     2ad5611ebf574bff399a40a7cf66f67c
jakarta-commons-beanutils-1.7.0-2jpp.ep1.5.el4.src.rpm
File outdated by:  RHSA-2009:0347		     b86487104bc2766dddf30deda0d78565
jakarta-commons-beanutils-1.7.0-2jpp.ep1.5.el4.src.rpm
File outdated by:  RHSA-2009:0347		     b86487104bc2766dddf30deda0d78565
javassist-3.8.0-1.ep1.el4.src.rpm     cdf5da9ce26ecde4f13363ddead4088b
javassist-3.8.0-1.ep1.el4.src.rpm     cdf5da9ce26ecde4f13363ddead4088b
jboss-aop-1.5.5-2.CP02.0jpp.ep1.2.el4.src.rpm
File outdated by:  RHBA-2008:0929		     b0e2adaab2e26851027892b36bc660fd
jboss-aop-1.5.5-2.CP02.0jpp.ep1.2.el4.src.rpm
File outdated by:  RHBA-2008:0929		     b0e2adaab2e26851027892b36bc660fd
jboss-jaxr-1.2.0-SP1.0jpp.ep1.4.el4.src.rpm
File outdated by:  RHSA-2009:0347		     edbcfb9e14e077551977b2b84aade728
jboss-jaxr-1.2.0-SP1.0jpp.ep1.4.el4.src.rpm
File outdated by:  RHSA-2009:0347		     edbcfb9e14e077551977b2b84aade728
jboss-messaging-1.4.0-1.SP3_CP03.0jpp.ep1.3.el4.src.rpm
File outdated by:  RHBA-2009:1182		     a7ac673c672d065157e0b893427ed56a
jboss-messaging-1.4.0-1.SP3_CP03.0jpp.ep1.3.el4.src.rpm
File outdated by:  RHBA-2009:1182		     a7ac673c672d065157e0b893427ed56a
jboss-remoting-2.2.2-3.SP9.0jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:1146		     a8cb65f6337b63786f15b1c58aaaaa4d
jboss-remoting-2.2.2-3.SP9.0jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:1146		     a8cb65f6337b63786f15b1c58aaaaa4d
jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.10.el4.src.rpm
File outdated by:  RHSA-2009:1146		     bb613027ac3d0752d320868d1fc4a09a
jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.10.el4.src.rpm
File outdated by:  RHSA-2009:1146		     bb613027ac3d0752d320868d1fc4a09a
jbossas-4.3.0-2.GA_CP02.ep1.10.el4.src.rpm
File outdated by:  RHBA-2009:1182		     188b34e61fdbfd54de067b44f9c0947b
jbossas-4.3.0-2.GA_CP02.ep1.10.el4.src.rpm
File outdated by:  RHBA-2009:1182		     188b34e61fdbfd54de067b44f9c0947b
jbossts-4.2.3-1.SP5_CP02.1jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:1146		     8cbf7252b6f70c12240cb556d4aed8d9
jbossts-4.2.3-1.SP5_CP02.1jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:1146		     8cbf7252b6f70c12240cb556d4aed8d9
jbossweb-2.0.0-4.CP06.0jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:1146		     4a1d87007153dc3e5f8c583676242840
jbossweb-2.0.0-4.CP06.0jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:1146		     4a1d87007153dc3e5f8c583676242840
jbossws-2.0.1-2.SP2_CP03.0jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:1146		     4475da15b225e90b3fc5fd62722e8ff3
jbossws-2.0.1-2.SP2_CP03.0jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:1146		     4475da15b225e90b3fc5fd62722e8ff3
jbossws-common-1.0.0-1.GA_CP01.0jpp.ep1.3.el4.src.rpm
File outdated by:  RHSA-2009:1146		     cf4d21421bd4e926f320c3bfd3e6d6e6
jbossws-common-1.0.0-1.GA_CP01.0jpp.ep1.3.el4.src.rpm
File outdated by:  RHSA-2009:1146		     cf4d21421bd4e926f320c3bfd3e6d6e6
jbossws-framework-2.0.1-0jpp.ep1.11.el4.src.rpm
File outdated by:  RHSA-2009:1146		     58a728a8982971efac01d73a2ef6cb2e
jbossws-framework-2.0.1-0jpp.ep1.11.el4.src.rpm
File outdated by:  RHSA-2009:1146		     58a728a8982971efac01d73a2ef6cb2e
jbossxb-1.0.0-2.SP3.0jpp.ep1.3.el4.src.rpm     347743be4c1abdaac25898a765705307
jbossxb-1.0.0-2.SP3.0jpp.ep1.3.el4.src.rpm     347743be4c1abdaac25898a765705307
rh-eap-docs-4.3.0-3.GA_CP02.ep1.9.el4.src.rpm
File outdated by:  RHBA-2009:1182		     0a1bc064dc72dfc16f98adb48587817b
rh-eap-docs-4.3.0-3.GA_CP02.ep1.9.el4.src.rpm
File outdated by:  RHBA-2009:1182		     0a1bc064dc72dfc16f98adb48587817b
 
IA-32:
glassfish-jaf-1.1.0-0jpp.ep1.12.el4.noarch.rpm     0e46fb04f4984f5c4d5e242a59ddaccb
glassfish-jaf-1.1.0-0jpp.ep1.12.el4.noarch.rpm     0e46fb04f4984f5c4d5e242a59ddaccb
glassfish-javamail-1.4.0-0jpp.ep1.10.el4.noarch.rpm     0bcb939f19eb55f3dfbe3247221fc27a
glassfish-javamail-1.4.0-0jpp.ep1.10.el4.noarch.rpm     0bcb939f19eb55f3dfbe3247221fc27a
glassfish-jaxb-2.1.4-1jpp.ep1.2.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     7868613fced321fc5845e4db8c13b6de
glassfish-jaxb-2.1.4-1jpp.ep1.2.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     7868613fced321fc5845e4db8c13b6de
glassfish-jaxb-javadoc-2.1.4-1jpp.ep1.2.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     f69fbb8f52c4d2069aef3da83b5908d9
glassfish-jaxb-javadoc-2.1.4-1jpp.ep1.2.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     f69fbb8f52c4d2069aef3da83b5908d9
glassfish-jaxws-2.1.1-1jpp.ep1.3.el4.noarch.rpm     fdd8ea0b63abc0af6ec5082d18d5f86e
glassfish-jaxws-2.1.1-1jpp.ep1.3.el4.noarch.rpm     fdd8ea0b63abc0af6ec5082d18d5f86e
glassfish-jaxws-javadoc-2.1.1-1jpp.ep1.3.el4.noarch.rpm     1b30039fe98dd344d5a11ba19ba02041
glassfish-jaxws-javadoc-2.1.1-1jpp.ep1.3.el4.noarch.rpm     1b30039fe98dd344d5a11ba19ba02041
glassfish-jstl-1.2.0-0jpp.ep1.10.el4.noarch.rpm     ac92e4ce4f5166e54dada16ff9e2dbf6
glassfish-jstl-1.2.0-0jpp.ep1.10.el4.noarch.rpm     ac92e4ce4f5166e54dada16ff9e2dbf6
hibernate3-3.2.4-1.SP1_CP04.0jpp.ep1.3.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     a64c8c850739ca5a6dbf190d466d92d3
hibernate3-3.2.4-1.SP1_CP04.0jpp.ep1.3.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     a64c8c850739ca5a6dbf190d466d92d3
hibernate3-annotations-3.2.1-4.GA_CP02.1jpp.ep1.7.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     feeff3ff6d20ab461122f7bec1e42d45
hibernate3-annotations-3.2.1-4.GA_CP02.1jpp.ep1.7.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     feeff3ff6d20ab461122f7bec1e42d45
hibernate3-annotations-javadoc-3.2.1-4.GA_CP02.1jpp.ep1.7.el4.noarch.r
File outdated by:  RHSA-2009:1146		     32917210ac4cdead6f177af8ea91cd2e
hibernate3-annotations-javadoc-3.2.1-4.GA_CP02.1jpp.ep1.7.el4.noarch.r
File outdated by:  RHSA-2009:1146		     32917210ac4cdead6f177af8ea91cd2e
hibernate3-commons-annotations-0.0.0-1.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     dfc3fe73c86b44cd35d3ccfd4e37744a
hibernate3-commons-annotations-0.0.0-1.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     dfc3fe73c86b44cd35d3ccfd4e37744a
hibernate3-entitymanager-3.2.1-2.GA_CP03.1jpp.ep1.9.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     1e9d869bdd6713418121e316459538be
hibernate3-entitymanager-3.2.1-2.GA_CP03.1jpp.ep1.9.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     1e9d869bdd6713418121e316459538be
hibernate3-entitymanager-javadoc-3.2.1-2.GA_CP03.1jpp.ep1.9.el4.noarch
File outdated by:  RHSA-2009:1146		     87dea3ea5c0739e8199337813694988f
hibernate3-entitymanager-javadoc-3.2.1-2.GA_CP03.1jpp.ep1.9.el4.noarch
File outdated by:  RHSA-2009:1146		     87dea3ea5c0739e8199337813694988f
hibernate3-javadoc-3.2.4-1.SP1_CP04.0jpp.ep1.3.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     e5d39f1cd9f2951ebffb9e06696948d8
hibernate3-javadoc-3.2.4-1.SP1_CP04.0jpp.ep1.3.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     e5d39f1cd9f2951ebffb9e06696948d8
hibernate3-validator-0.0.0-1.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     b4638476d37a06f00fffefb9f53fda8f
hibernate3-validator-0.0.0-1.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     b4638476d37a06f00fffefb9f53fda8f
jakarta-commons-beanutils-1.7.0-2jpp.ep1.5.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     32bee82634f7e7fcf6bb0ba74cd3d89c
jakarta-commons-beanutils-1.7.0-2jpp.ep1.5.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     32bee82634f7e7fcf6bb0ba74cd3d89c
javassist-3.8.0-1.ep1.el4.noarch.rpm     fac631e977b5ed9bff759aabad31fb14
javassist-3.8.0-1.ep1.el4.noarch.rpm     fac631e977b5ed9bff759aabad31fb14
jboss-aop-1.5.5-2.CP02.0jpp.ep1.2.el4.noarch.rpm
File outdated by:  RHBA-2008:0929		     71673ff6b42ae9563a33a7baa63e3ce6
jboss-aop-1.5.5-2.CP02.0jpp.ep1.2.el4.noarch.rpm
File outdated by:  RHBA-2008:0929		     71673ff6b42ae9563a33a7baa63e3ce6
jboss-jaxr-1.2.0-SP1.0jpp.ep1.4.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     fef2ea817f1a1973c3d10b996f51c7f3
jboss-jaxr-1.2.0-SP1.0jpp.ep1.4.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     fef2ea817f1a1973c3d10b996f51c7f3
jboss-messaging-1.4.0-1.SP3_CP03.0jpp.ep1.3.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     4021feb51e0f97e2f9a51440b51e26ce
jboss-messaging-1.4.0-1.SP3_CP03.0jpp.ep1.3.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     4021feb51e0f97e2f9a51440b51e26ce
jboss-remoting-2.2.2-3.SP9.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     e870ce550c0d5ec155b29de88d59306d
jboss-remoting-2.2.2-3.SP9.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     e870ce550c0d5ec155b29de88d59306d
jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.10.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     9f4b4bd743e68efe752f04724d40da15
jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.10.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     9f4b4bd743e68efe752f04724d40da15
jboss-seam-docs-1.2.1-3.JBPAPP_4_3_0_GA.ep1.10.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     b325c07a50f82b91bc31e3991d63e160
jboss-seam-docs-1.2.1-3.JBPAPP_4_3_0_GA.ep1.10.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     b325c07a50f82b91bc31e3991d63e160
jbossas-4.3.0-2.GA_CP02.ep1.10.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     3e277d3f34669df6f163bd40ee09d70d
jbossas-4.3.0-2.GA_CP02.ep1.10.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     3e277d3f34669df6f163bd40ee09d70d
jbossts-4.2.3-1.SP5_CP02.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     41acecf0fc66fc5092565e6924edd682
jbossts-4.2.3-1.SP5_CP02.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     41acecf0fc66fc5092565e6924edd682
jbossweb-2.0.0-4.CP06.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     2b29b3df7761a8d31a09879d06a1bd67
jbossweb-2.0.0-4.CP06.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     2b29b3df7761a8d31a09879d06a1bd67
jbossws-2.0.1-2.SP2_CP03.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     d94fa63af51e524761f71d040643ea7a
jbossws-2.0.1-2.SP2_CP03.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     d94fa63af51e524761f71d040643ea7a
jbossws-common-1.0.0-1.GA_CP01.0jpp.ep1.3.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     b650e9d78e40e3d0d2723c6e77f7aadf
jbossws-common-1.0.0-1.GA_CP01.0jpp.ep1.3.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     b650e9d78e40e3d0d2723c6e77f7aadf
jbossws-framework-2.0.1-0jpp.ep1.11.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     1cb2430ba3fc9285a613fca3b848a6c5
jbossws-framework-2.0.1-0jpp.ep1.11.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     1cb2430ba3fc9285a613fca3b848a6c5
jbossxb-1.0.0-2.SP3.0jpp.ep1.3.el4.noarch.rpm     8ef5c1bbf7ed280eb9c61e3c46875f4f
jbossxb-1.0.0-2.SP3.0jpp.ep1.3.el4.noarch.rpm     8ef5c1bbf7ed280eb9c61e3c46875f4f
rh-eap-docs-4.3.0-3.GA_CP02.ep1.9.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     ef1c8aac7be2345a7854c37cb5e30803
rh-eap-docs-4.3.0-3.GA_CP02.ep1.9.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     ef1c8aac7be2345a7854c37cb5e30803
 
x86_64:
glassfish-jaf-1.1.0-0jpp.ep1.12.el4.noarch.rpm     0e46fb04f4984f5c4d5e242a59ddaccb
glassfish-jaf-1.1.0-0jpp.ep1.12.el4.noarch.rpm     0e46fb04f4984f5c4d5e242a59ddaccb
glassfish-javamail-1.4.0-0jpp.ep1.10.el4.noarch.rpm     0bcb939f19eb55f3dfbe3247221fc27a
glassfish-javamail-1.4.0-0jpp.ep1.10.el4.noarch.rpm     0bcb939f19eb55f3dfbe3247221fc27a
glassfish-jaxb-2.1.4-1jpp.ep1.2.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     7868613fced321fc5845e4db8c13b6de
glassfish-jaxb-2.1.4-1jpp.ep1.2.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     7868613fced321fc5845e4db8c13b6de
glassfish-jaxb-javadoc-2.1.4-1jpp.ep1.2.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     f69fbb8f52c4d2069aef3da83b5908d9
glassfish-jaxb-javadoc-2.1.4-1jpp.ep1.2.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     f69fbb8f52c4d2069aef3da83b5908d9
glassfish-jaxws-2.1.1-1jpp.ep1.3.el4.noarch.rpm     fdd8ea0b63abc0af6ec5082d18d5f86e
glassfish-jaxws-2.1.1-1jpp.ep1.3.el4.noarch.rpm     fdd8ea0b63abc0af6ec5082d18d5f86e
glassfish-jaxws-javadoc-2.1.1-1jpp.ep1.3.el4.noarch.rpm     1b30039fe98dd344d5a11ba19ba02041
glassfish-jaxws-javadoc-2.1.1-1jpp.ep1.3.el4.noarch.rpm     1b30039fe98dd344d5a11ba19ba02041
glassfish-jstl-1.2.0-0jpp.ep1.10.el4.noarch.rpm     ac92e4ce4f5166e54dada16ff9e2dbf6
glassfish-jstl-1.2.0-0jpp.ep1.10.el4.noarch.rpm     ac92e4ce4f5166e54dada16ff9e2dbf6
hibernate3-3.2.4-1.SP1_CP04.0jpp.ep1.3.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     a64c8c850739ca5a6dbf190d466d92d3
hibernate3-3.2.4-1.SP1_CP04.0jpp.ep1.3.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     a64c8c850739ca5a6dbf190d466d92d3
hibernate3-annotations-3.2.1-4.GA_CP02.1jpp.ep1.7.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     feeff3ff6d20ab461122f7bec1e42d45
hibernate3-annotations-3.2.1-4.GA_CP02.1jpp.ep1.7.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     feeff3ff6d20ab461122f7bec1e42d45
hibernate3-annotations-javadoc-3.2.1-4.GA_CP02.1jpp.ep1.7.el4.noarch
File outdated by:  RHSA-2009:1146		     32917210ac4cdead6f177af8ea91cd2e
hibernate3-annotations-javadoc-3.2.1-4.GA_CP02.1jpp.ep1.7.el4.noarch
File outdated by:  RHSA-2009:1146		     32917210ac4cdead6f177af8ea91cd2e
hibernate3-commons-annotations-0.0.0-1.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     dfc3fe73c86b44cd35d3ccfd4e37744a
hibernate3-commons-annotations-0.0.0-1.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     dfc3fe73c86b44cd35d3ccfd4e37744a
hibernate3-entitymanager-3.2.1-2.GA_CP03.1jpp.ep1.9.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     1e9d869bdd6713418121e316459538be
hibernate3-entitymanager-3.2.1-2.GA_CP03.1jpp.ep1.9.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     1e9d869bdd6713418121e316459538be
hibernate3-entitymanager-javadoc-3.2.1-2.GA_CP03.1jpp.ep1.9.el4.noar
File outdated by:  RHSA-2009:1146		     87dea3ea5c0739e8199337813694988f
hibernate3-entitymanager-javadoc-3.2.1-2.GA_CP03.1jpp.ep1.9.el4.noar
File outdated by:  RHSA-2009:1146		     87dea3ea5c0739e8199337813694988f
hibernate3-javadoc-3.2.4-1.SP1_CP04.0jpp.ep1.3.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     e5d39f1cd9f2951ebffb9e06696948d8
hibernate3-javadoc-3.2.4-1.SP1_CP04.0jpp.ep1.3.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     e5d39f1cd9f2951ebffb9e06696948d8
hibernate3-validator-0.0.0-1.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     b4638476d37a06f00fffefb9f53fda8f
hibernate3-validator-0.0.0-1.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     b4638476d37a06f00fffefb9f53fda8f
jakarta-commons-beanutils-1.7.0-2jpp.ep1.5.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     32bee82634f7e7fcf6bb0ba74cd3d89c
jakarta-commons-beanutils-1.7.0-2jpp.ep1.5.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     32bee82634f7e7fcf6bb0ba74cd3d89c
javassist-3.8.0-1.ep1.el4.noarch.rpm     fac631e977b5ed9bff759aabad31fb14
javassist-3.8.0-1.ep1.el4.noarch.rpm     fac631e977b5ed9bff759aabad31fb14
jboss-aop-1.5.5-2.CP02.0jpp.ep1.2.el4.noarch.rpm
File outdated by:  RHBA-2008:0929		     71673ff6b42ae9563a33a7baa63e3ce6
jboss-aop-1.5.5-2.CP02.0jpp.ep1.2.el4.noarch.rpm
File outdated by:  RHBA-2008:0929		     71673ff6b42ae9563a33a7baa63e3ce6
jboss-jaxr-1.2.0-SP1.0jpp.ep1.4.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     fef2ea817f1a1973c3d10b996f51c7f3
jboss-jaxr-1.2.0-SP1.0jpp.ep1.4.el4.noarch.rpm
File outdated by:  RHSA-2009:0347		     fef2ea817f1a1973c3d10b996f51c7f3
jboss-messaging-1.4.0-1.SP3_CP03.0jpp.ep1.3.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     4021feb51e0f97e2f9a51440b51e26ce
jboss-messaging-1.4.0-1.SP3_CP03.0jpp.ep1.3.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     4021feb51e0f97e2f9a51440b51e26ce
jboss-remoting-2.2.2-3.SP9.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     e870ce550c0d5ec155b29de88d59306d
jboss-remoting-2.2.2-3.SP9.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     e870ce550c0d5ec155b29de88d59306d
jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.10.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     9f4b4bd743e68efe752f04724d40da15
jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.10.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     9f4b4bd743e68efe752f04724d40da15
jboss-seam-docs-1.2.1-3.JBPAPP_4_3_0_GA.ep1.10.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     b325c07a50f82b91bc31e3991d63e160
jboss-seam-docs-1.2.1-3.JBPAPP_4_3_0_GA.ep1.10.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     b325c07a50f82b91bc31e3991d63e160
jbossas-4.3.0-2.GA_CP02.ep1.10.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     3e277d3f34669df6f163bd40ee09d70d
jbossas-4.3.0-2.GA_CP02.ep1.10.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     3e277d3f34669df6f163bd40ee09d70d
jbossts-4.2.3-1.SP5_CP02.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     41acecf0fc66fc5092565e6924edd682
jbossts-4.2.3-1.SP5_CP02.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     41acecf0fc66fc5092565e6924edd682
jbossweb-2.0.0-4.CP06.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     2b29b3df7761a8d31a09879d06a1bd67
jbossweb-2.0.0-4.CP06.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     2b29b3df7761a8d31a09879d06a1bd67
jbossws-2.0.1-2.SP2_CP03.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     d94fa63af51e524761f71d040643ea7a
jbossws-2.0.1-2.SP2_CP03.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     d94fa63af51e524761f71d040643ea7a
jbossws-common-1.0.0-1.GA_CP01.0jpp.ep1.3.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     b650e9d78e40e3d0d2723c6e77f7aadf
jbossws-common-1.0.0-1.GA_CP01.0jpp.ep1.3.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     b650e9d78e40e3d0d2723c6e77f7aadf
jbossws-framework-2.0.1-0jpp.ep1.11.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     1cb2430ba3fc9285a613fca3b848a6c5
jbossws-framework-2.0.1-0jpp.ep1.11.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     1cb2430ba3fc9285a613fca3b848a6c5
jbossxb-1.0.0-2.SP3.0jpp.ep1.3.el4.noarch.rpm     8ef5c1bbf7ed280eb9c61e3c46875f4f
jbossxb-1.0.0-2.SP3.0jpp.ep1.3.el4.noarch.rpm     8ef5c1bbf7ed280eb9c61e3c46875f4f
rh-eap-docs-4.3.0-3.GA_CP02.ep1.9.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     ef1c8aac7be2345a7854c37cb5e30803
rh-eap-docs-4.3.0-3.GA_CP02.ep1.9.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     ef1c8aac7be2345a7854c37cb5e30803
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

427216 - CVE-2007-5342 Apache Tomcat's default security policy is too open
456975 - Tracker bug for the EAP 4.3.0.cp02 release
458823 - CVE-2008-3519 JBossEAP allows download of non-EJB class files


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3519
http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp02/html-single/readme/index.html
http://www.redhat.com/security/updates/classification/#low

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/