Security Advisory Moderate: JBoss Enterprise Application Platform 4.2.0CP06 update

Advisory: RHSA-2009:0346-5
Type: Security Advisory
Severity: Moderate
Issued on: 2009-03-06
Last updated on: 2009-03-06
Affected Products: JBoss Enterprise Application Platform 4.2.0 EL4
OVAL: N/A
CVEs (cve.mitre.org): CVE-2009-0027

Details

Updated JBoss Enterprise Application Platform (JBoss EAP) 4.2 packages that
fix various issues are now available for Red Hat Enterprise Linux 4 as
JBEAP 4.2.0.CP06.

This update has been rated as having moderate security impact by the Red Hat
Security Response Team.

JBoss Enterprise Application Platform (JBoss EAP) is the market-leading
platform for innovative and scalable Java applications. JBoss EAP
integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam
into a complete, simple enterprise solution.

This release of JBoss EAP for Red Hat Enterprise Linux 4 serves as a
replacement to JBEAP 4.2.0.CP05.

These updated packages include bug fixes and enhancements which are
detailed in the release notes. The link to the release notes is available
below in the References section.

The following security issue is also fixed with this release:

The request handler in JBossWS did not correctly verify the resource path
when serving WSDL files for custom web service endpoints. This allowed
remote attackers to read arbitrary XML files with the permissions of the
EAP processs. (CVE-2009-0027)

Warning: before applying this update, please backup the JBoss EAP
"server/[configuration]/deploy/" directory, and any other customized
configuration files.

All users of JBoss EAP 4.2 on Red Hat Enterprise Linux 4 are advised to
upgrade to these updated packages, which resolve these issues.


Solution

Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

JBoss Enterprise Application Platform 4.2.0 EL4
SRPMS:
glassfish-jsf-1.2_10-0jpp.ep1.5.ep5.el4.src.rpm     9b78d3fb85635072a569a0b5c8374603
glassfish-jsf-1.2_10-0jpp.ep1.5.ep5.el4.src.rpm     9b78d3fb85635072a569a0b5c8374603
hibernate3-3.2.4-1.SP1_CP07.0jpp.ep1.14.el4.src.rpm
File outdated by:  RHSA-2009:1144		     da1aeee4bf320cbcbb1cdcd5d171db9d
hibernate3-3.2.4-1.SP1_CP07.0jpp.ep1.14.el4.src.rpm
File outdated by:  RHSA-2009:1144		     da1aeee4bf320cbcbb1cdcd5d171db9d
jacorb-2.3.0-1jpp.ep1.7.el4.src.rpm     8670fe5035ada902134b90e85fdfcc32
jacorb-2.3.0-1jpp.ep1.7.el4.src.rpm     8670fe5035ada902134b90e85fdfcc32
jakarta-commons-beanutils-1.8.0-3.ep5.el4.src.rpm     c60d00b1fa569956408b9678e733bcaf
jakarta-commons-beanutils-1.8.0-3.ep5.el4.src.rpm     c60d00b1fa569956408b9678e733bcaf
jakarta-commons-fileupload-1.1.1-3jpp.ep1.2.el4.src.rpm     624b030a570cfb97d275b6d1049623e5
jakarta-commons-fileupload-1.1.1-3jpp.ep1.2.el4.src.rpm     624b030a570cfb97d275b6d1049623e5
jakarta-commons-io-1.1-0.20051005.2jpp_1rh.src.rpm     8619d3fc5d3c9d36c80d71f56c148eff
jakarta-commons-io-1.1-0.20051005.2jpp_1rh.src.rpm     8619d3fc5d3c9d36c80d71f56c148eff
jakarta-commons-logging-jboss-1.1-4.ep1.el4.src.rpm     5c538218382b64349e9edb4a411af0ed
jakarta-commons-logging-jboss-1.1-4.ep1.el4.src.rpm     5c538218382b64349e9edb4a411af0ed
jboss-cache-1.4.1-6.SP11.1.ep1.el4.src.rpm
File outdated by:  RHSA-2009:1144		     d6dab77650bdbadc01960e9bc3a583b4
jboss-cache-1.4.1-6.SP11.1.ep1.el4.src.rpm
File outdated by:  RHSA-2009:1144		     d6dab77650bdbadc01960e9bc3a583b4
jboss-jaxr-1.2.0-SP2.0jpp.ep1.3.el4.src.rpm     18406ffea20d5942ec4fcf2fea94923a
jboss-jaxr-1.2.0-SP2.0jpp.ep1.3.el4.src.rpm     18406ffea20d5942ec4fcf2fea94923a
jboss-remoting-2.2.2-3.SP11.0jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:1144		     a7b52cddbb71b9acec949207dd9a11a5
jboss-remoting-2.2.2-3.SP11.0jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:1144		     a7b52cddbb71b9acec949207dd9a11a5
jboss-seam-1.2.1-1.ep1.18.el4.src.rpm
File outdated by:  RHSA-2009:1144		     fb26a64b88cb8f712f4c65bfdf085c7c
jboss-seam-1.2.1-1.ep1.18.el4.src.rpm
File outdated by:  RHSA-2009:1144		     fb26a64b88cb8f712f4c65bfdf085c7c
jboss-vfs-1.0.0-1.ep1.el4.src.rpm     a8df352b13bdc783c145bd1cea4b130d
jboss-vfs-1.0.0-1.ep1.el4.src.rpm     a8df352b13bdc783c145bd1cea4b130d
jbossas-4.2.0-4.GA_CP06.3.ep1.el4.src.rpm
File outdated by:  RHSA-2009:1144		     4e3b815e882d4dc017c5ddaaa8d79d69
jbossas-4.2.0-4.GA_CP06.3.ep1.el4.src.rpm
File outdated by:  RHSA-2009:1144		     4e3b815e882d4dc017c5ddaaa8d79d69
jbossts-4.2.3-1.SP5_CP04.1jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:1144		     32fddc998927170671cdba4859fc92da
jbossts-4.2.3-1.SP5_CP04.1jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:1144		     32fddc998927170671cdba4859fc92da
jbossweb-2.0.0-6.CP09.0jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:1144		     efd2673fcc1c642d88b53a1f6e21eca0
jbossweb-2.0.0-6.CP09.0jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:1144		     efd2673fcc1c642d88b53a1f6e21eca0
jgroups-2.4.5-2.ep1.el4.src.rpm
File outdated by:  RHSA-2009:1144		     6483c1094ee934471a64f1eabb2c0bae
jgroups-2.4.5-2.ep1.el4.src.rpm
File outdated by:  RHSA-2009:1144		     6483c1094ee934471a64f1eabb2c0bae
rh-eap-docs-4.2.0-5.GA_CP06.ep1.3.el4.src.rpm
File outdated by:  RHSA-2009:1144		     f4f4d836c7df6c4e7ed291125fb0de63
rh-eap-docs-4.2.0-5.GA_CP06.ep1.3.el4.src.rpm
File outdated by:  RHSA-2009:1144		     f4f4d836c7df6c4e7ed291125fb0de63
tanukiwrapper-3.2.1-2jpp.ep1.2.el4.src.rpm     9eb660786f53eded1ff60ecbfbb9cfe7
tanukiwrapper-3.2.1-2jpp.ep1.2.el4.src.rpm     9eb660786f53eded1ff60ecbfbb9cfe7
ws-commons-policy-1.0-2jpp.ep1.7.el4.src.rpm     acf4513e611665c87ebe586023cd094d
ws-commons-policy-1.0-2jpp.ep1.7.el4.src.rpm     acf4513e611665c87ebe586023cd094d
ws-scout0-0.7-0.rc2.4.el4.src.rpm     aacdf21918e189fd41232f5be2b9ec3f
ws-scout0-0.7-0.rc2.4.el4.src.rpm     aacdf21918e189fd41232f5be2b9ec3f
xalan-j2-2.7.0-2jpp.ep1.5.el4.src.rpm     794376f10260ddaf854f1073c1de4e3d
xalan-j2-2.7.0-2jpp.ep1.5.el4.src.rpm     794376f10260ddaf854f1073c1de4e3d
 
IA-32:
glassfish-jsf-1.2_10-0jpp.ep1.5.ep5.el4.noarch.rpm     62ed7e4e9301e7119a47d4c4ee50b7f4
glassfish-jsf-1.2_10-0jpp.ep1.5.ep5.el4.noarch.rpm     62ed7e4e9301e7119a47d4c4ee50b7f4
hibernate3-3.2.4-1.SP1_CP07.0jpp.ep1.14.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     cca11e569d843e7cdbb4c781ca716958
hibernate3-3.2.4-1.SP1_CP07.0jpp.ep1.14.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     cca11e569d843e7cdbb4c781ca716958
hibernate3-javadoc-3.2.4-1.SP1_CP07.0jpp.ep1.14.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     21cbf6e8bca5ba1fa24a872fcf528b4c
hibernate3-javadoc-3.2.4-1.SP1_CP07.0jpp.ep1.14.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     21cbf6e8bca5ba1fa24a872fcf528b4c
jacorb-2.3.0-1jpp.ep1.7.el4.noarch.rpm     34c2c78ef5e6588e423b3c9ae0754c25
jacorb-2.3.0-1jpp.ep1.7.el4.noarch.rpm     34c2c78ef5e6588e423b3c9ae0754c25
jakarta-commons-beanutils-1.8.0-3.ep5.el4.noarch.rpm     fc091b705a784a661051c8b83e3fec9a
jakarta-commons-beanutils-1.8.0-3.ep5.el4.noarch.rpm     fc091b705a784a661051c8b83e3fec9a
jakarta-commons-fileupload-1.1.1-3jpp.ep1.2.el4.noarch.rpm     bbc285a415be51a7b108da31a09fdb5d
jakarta-commons-fileupload-1.1.1-3jpp.ep1.2.el4.noarch.rpm     bbc285a415be51a7b108da31a09fdb5d
jakarta-commons-io-1.1-0.20051005.2jpp_1rh.noarch.rpm     5d7f358651ee31279e672a46139e1130
jakarta-commons-io-1.1-0.20051005.2jpp_1rh.noarch.rpm     5d7f358651ee31279e672a46139e1130
jakarta-commons-logging-jboss-1.1-4.ep1.el4.noarch.rpm     6bb6f7e0ac62cd6f3e5c3d4955f9b2c0
jakarta-commons-logging-jboss-1.1-4.ep1.el4.noarch.rpm     6bb6f7e0ac62cd6f3e5c3d4955f9b2c0
jboss-cache-1.4.1-6.SP11.1.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     9065bd55198fa70b12f67777eeb89d3c
jboss-cache-1.4.1-6.SP11.1.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     9065bd55198fa70b12f67777eeb89d3c
jboss-jaxr-1.2.0-SP2.0jpp.ep1.3.el4.noarch.rpm     e36b5843f3b2f4441e3dd4afc09881c5
jboss-jaxr-1.2.0-SP2.0jpp.ep1.3.el4.noarch.rpm     e36b5843f3b2f4441e3dd4afc09881c5
jboss-remoting-2.2.2-3.SP11.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     c140d7690c94e1dc6094422458effda9
jboss-remoting-2.2.2-3.SP11.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     c140d7690c94e1dc6094422458effda9
jboss-seam-1.2.1-1.ep1.18.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     81006fb8b89577f4cd794e96311cf709
jboss-seam-1.2.1-1.ep1.18.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     81006fb8b89577f4cd794e96311cf709
jboss-seam-docs-1.2.1-1.ep1.18.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     d65f5a2020c3960aa602baf910fc077d
jboss-seam-docs-1.2.1-1.ep1.18.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     d65f5a2020c3960aa602baf910fc077d
jboss-vfs-1.0.0-1.ep1.el4.noarch.rpm     e6fbe4b1d856676edc2f1c7ee8bd76af
jboss-vfs-1.0.0-1.ep1.el4.noarch.rpm     e6fbe4b1d856676edc2f1c7ee8bd76af
jbossas-4.2.0-4.GA_CP06.3.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     48f25d808d5b10feab48266a1edd0b8f
jbossas-4.2.0-4.GA_CP06.3.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     48f25d808d5b10feab48266a1edd0b8f
jbossas-4.2.0.GA_CP06-bin-4.2.0-4.GA_CP06.3.ep1.el4.noarch.rpm     b2295b0f8de957728f86826ef7475596
jbossas-4.2.0.GA_CP06-bin-4.2.0-4.GA_CP06.3.ep1.el4.noarch.rpm     b2295b0f8de957728f86826ef7475596
jbossas-client-4.2.0-4.GA_CP06.3.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     bd4052444488a9e9f8717c4897effd34
jbossas-client-4.2.0-4.GA_CP06.3.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     bd4052444488a9e9f8717c4897effd34
jbossts-4.2.3-1.SP5_CP04.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     6225ecd6f73d1a5a25768358c06d4076
jbossts-4.2.3-1.SP5_CP04.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     6225ecd6f73d1a5a25768358c06d4076
jbossweb-2.0.0-6.CP09.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     8726f935dcab0a836e4fa4559c222e77
jbossweb-2.0.0-6.CP09.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     8726f935dcab0a836e4fa4559c222e77
jgroups-2.4.5-2.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     8c49064d4eb0bb5e5ca73d378a6a8a76
jgroups-2.4.5-2.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     8c49064d4eb0bb5e5ca73d378a6a8a76
rh-eap-docs-4.2.0-5.GA_CP06.ep1.3.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     2d7f43f31b103585b9fa531fa26d3693
rh-eap-docs-4.2.0-5.GA_CP06.ep1.3.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     2d7f43f31b103585b9fa531fa26d3693
rh-eap-docs-examples-4.2.0-5.GA_CP06.ep1.3.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     9ad8b0953440e43f91959f25da0dcb63
rh-eap-docs-examples-4.2.0-5.GA_CP06.ep1.3.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     9ad8b0953440e43f91959f25da0dcb63
tanukiwrapper-3.2.1-2jpp.ep1.2.el4.i386.rpm     1fa13cc42662327447cdb595ffbe11a4
tanukiwrapper-3.2.1-2jpp.ep1.2.el4.i386.rpm     1fa13cc42662327447cdb595ffbe11a4
ws-commons-policy-1.0-2jpp.ep1.7.el4.noarch.rpm     60ee9c992c9222e881e1a399e42b22cb
ws-commons-policy-1.0-2jpp.ep1.7.el4.noarch.rpm     60ee9c992c9222e881e1a399e42b22cb
ws-scout0-0.7-0.rc2.4.el4.noarch.rpm     a5fa504dba9bbf051000fb3a9267d9a6
ws-scout0-0.7-0.rc2.4.el4.noarch.rpm     a5fa504dba9bbf051000fb3a9267d9a6
xalan-j2-2.7.0-2jpp.ep1.5.el4.noarch.rpm     d3ab56060c5c5f4222be37635fb8fb2f
xalan-j2-2.7.0-2jpp.ep1.5.el4.noarch.rpm     d3ab56060c5c5f4222be37635fb8fb2f
 
x86_64:
glassfish-jsf-1.2_10-0jpp.ep1.5.ep5.el4.noarch.rpm     62ed7e4e9301e7119a47d4c4ee50b7f4
glassfish-jsf-1.2_10-0jpp.ep1.5.ep5.el4.noarch.rpm     62ed7e4e9301e7119a47d4c4ee50b7f4
hibernate3-3.2.4-1.SP1_CP07.0jpp.ep1.14.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     cca11e569d843e7cdbb4c781ca716958
hibernate3-3.2.4-1.SP1_CP07.0jpp.ep1.14.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     cca11e569d843e7cdbb4c781ca716958
hibernate3-javadoc-3.2.4-1.SP1_CP07.0jpp.ep1.14.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     21cbf6e8bca5ba1fa24a872fcf528b4c
hibernate3-javadoc-3.2.4-1.SP1_CP07.0jpp.ep1.14.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     21cbf6e8bca5ba1fa24a872fcf528b4c
jacorb-2.3.0-1jpp.ep1.7.el4.noarch.rpm     34c2c78ef5e6588e423b3c9ae0754c25
jacorb-2.3.0-1jpp.ep1.7.el4.noarch.rpm     34c2c78ef5e6588e423b3c9ae0754c25
jakarta-commons-beanutils-1.8.0-3.ep5.el4.noarch.rpm     fc091b705a784a661051c8b83e3fec9a
jakarta-commons-beanutils-1.8.0-3.ep5.el4.noarch.rpm     fc091b705a784a661051c8b83e3fec9a
jakarta-commons-fileupload-1.1.1-3jpp.ep1.2.el4.noarch.rpm     bbc285a415be51a7b108da31a09fdb5d
jakarta-commons-fileupload-1.1.1-3jpp.ep1.2.el4.noarch.rpm     bbc285a415be51a7b108da31a09fdb5d
jakarta-commons-io-1.1-0.20051005.2jpp_1rh.noarch.rpm     5d7f358651ee31279e672a46139e1130
jakarta-commons-io-1.1-0.20051005.2jpp_1rh.noarch.rpm     5d7f358651ee31279e672a46139e1130
jakarta-commons-logging-jboss-1.1-4.ep1.el4.noarch.rpm     6bb6f7e0ac62cd6f3e5c3d4955f9b2c0
jakarta-commons-logging-jboss-1.1-4.ep1.el4.noarch.rpm     6bb6f7e0ac62cd6f3e5c3d4955f9b2c0
jboss-cache-1.4.1-6.SP11.1.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     9065bd55198fa70b12f67777eeb89d3c
jboss-cache-1.4.1-6.SP11.1.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     9065bd55198fa70b12f67777eeb89d3c
jboss-jaxr-1.2.0-SP2.0jpp.ep1.3.el4.noarch.rpm     e36b5843f3b2f4441e3dd4afc09881c5
jboss-jaxr-1.2.0-SP2.0jpp.ep1.3.el4.noarch.rpm     e36b5843f3b2f4441e3dd4afc09881c5
jboss-remoting-2.2.2-3.SP11.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     c140d7690c94e1dc6094422458effda9
jboss-remoting-2.2.2-3.SP11.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     c140d7690c94e1dc6094422458effda9
jboss-seam-1.2.1-1.ep1.18.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     81006fb8b89577f4cd794e96311cf709
jboss-seam-1.2.1-1.ep1.18.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     81006fb8b89577f4cd794e96311cf709
jboss-seam-docs-1.2.1-1.ep1.18.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     d65f5a2020c3960aa602baf910fc077d
jboss-seam-docs-1.2.1-1.ep1.18.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     d65f5a2020c3960aa602baf910fc077d
jboss-vfs-1.0.0-1.ep1.el4.noarch.rpm     e6fbe4b1d856676edc2f1c7ee8bd76af
jboss-vfs-1.0.0-1.ep1.el4.noarch.rpm     e6fbe4b1d856676edc2f1c7ee8bd76af
jbossas-4.2.0-4.GA_CP06.3.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     48f25d808d5b10feab48266a1edd0b8f
jbossas-4.2.0-4.GA_CP06.3.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     48f25d808d5b10feab48266a1edd0b8f
jbossas-4.2.0.GA_CP06-bin-4.2.0-4.GA_CP06.3.ep1.el4.noarch.rpm     b2295b0f8de957728f86826ef7475596
jbossas-4.2.0.GA_CP06-bin-4.2.0-4.GA_CP06.3.ep1.el4.noarch.rpm     b2295b0f8de957728f86826ef7475596
jbossas-client-4.2.0-4.GA_CP06.3.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     bd4052444488a9e9f8717c4897effd34
jbossas-client-4.2.0-4.GA_CP06.3.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     bd4052444488a9e9f8717c4897effd34
jbossts-4.2.3-1.SP5_CP04.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     6225ecd6f73d1a5a25768358c06d4076
jbossts-4.2.3-1.SP5_CP04.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     6225ecd6f73d1a5a25768358c06d4076
jbossweb-2.0.0-6.CP09.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     8726f935dcab0a836e4fa4559c222e77
jbossweb-2.0.0-6.CP09.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     8726f935dcab0a836e4fa4559c222e77
jgroups-2.4.5-2.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     8c49064d4eb0bb5e5ca73d378a6a8a76
jgroups-2.4.5-2.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     8c49064d4eb0bb5e5ca73d378a6a8a76
rh-eap-docs-4.2.0-5.GA_CP06.ep1.3.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     2d7f43f31b103585b9fa531fa26d3693
rh-eap-docs-4.2.0-5.GA_CP06.ep1.3.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     2d7f43f31b103585b9fa531fa26d3693
rh-eap-docs-examples-4.2.0-5.GA_CP06.ep1.3.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     9ad8b0953440e43f91959f25da0dcb63
rh-eap-docs-examples-4.2.0-5.GA_CP06.ep1.3.el4.noarch.rpm
File outdated by:  RHSA-2009:1144		     9ad8b0953440e43f91959f25da0dcb63
tanukiwrapper-3.2.1-2jpp.ep1.2.el4.x86_64.rpm     c9bd00292c7d386f2942c591524fcf0d
tanukiwrapper-3.2.1-2jpp.ep1.2.el4.x86_64.rpm     c9bd00292c7d386f2942c591524fcf0d
ws-commons-policy-1.0-2jpp.ep1.7.el4.noarch.rpm     60ee9c992c9222e881e1a399e42b22cb
ws-commons-policy-1.0-2jpp.ep1.7.el4.noarch.rpm     60ee9c992c9222e881e1a399e42b22cb
ws-scout0-0.7-0.rc2.4.el4.noarch.rpm     a5fa504dba9bbf051000fb3a9267d9a6
ws-scout0-0.7-0.rc2.4.el4.noarch.rpm     a5fa504dba9bbf051000fb3a9267d9a6
xalan-j2-2.7.0-2jpp.ep1.5.el4.noarch.rpm     d3ab56060c5c5f4222be37635fb8fb2f
xalan-j2-2.7.0-2jpp.ep1.5.el4.noarch.rpm     d3ab56060c5c5f4222be37635fb8fb2f
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

474619 - Tracker bug for the EAP 4.2.0.cp06 release.
479668 - CVE-2009-0027 JBoss EAP unprivileged local xml file access


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0027
http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp06/html-single/readme/index.html

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/