Security Advisory Moderate: JBoss Enterprise Application Platform 4.3.0CP04 update

Advisory: RHSA-2009:0347-4
Type: Security Advisory
Severity: Moderate
Issued on: 2009-03-06
Last updated on: 2009-03-06
Affected Products: JBoss Enterprise Application Platform 4.3.0 EL4
OVAL: N/A
CVEs (cve.mitre.org): CVE-2009-0027

Details

Updated JBoss Enterprise Application Platform (JBoss EAP) 4.3 packages that
fix various issues are now available for Red Hat Enterprise Linux 4 as
JBEAP 4.3.0.CP04.

This update has been rated as having moderate security impact by the Red Hat
Security Response Team.

JBoss Enterprise Application Platform (JBoss EAP) is the market-leading
platform for innovative and scalable Java applications. JBoss EAP
integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam
into a complete, simple enterprise solution.

This release of JBoss EAP for Red Hat Enterprise Linux 4 serves as a
replacement for JBEAP 4.3.0.CP03.

These updated packages include bug fixes and enhancements which are
detailed in the release notes. The link to the release notes is available
in the References section of this errata.

The following security issue is also fixed with this release:

The request handler in JBossWS did not correctly verify the resource path
when serving WSDL files for custom web service endpoints. This allowed
remote attackers to read arbitrary XML files with the permissions of the
EAP process. (CVE-2009-0027)

Warning: before applying this update, please back up the JBoss EAP
"server/[configuration]/deploy/" directory, and any other customized
configuration files.

All users of JBoss EAP 4.3 on Red Hat Enterprise Linux 4 are advised to
upgrade to these updated packages, which resolve these issues.


Solution

Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

JBoss Enterprise Application Platform 4.3.0 EL4
SRPMS:
glassfish-jaxb-2.1.4-1.6.ep1.el4.src.rpm
File outdated by:  RHSA-2009:1146		     13e101cc3e94fa4f44ae489fd665b778
glassfish-jaxb-2.1.4-1.6.ep1.el4.src.rpm
File outdated by:  RHSA-2009:1146		     13e101cc3e94fa4f44ae489fd665b778
glassfish-jsf-1.2_10-0jpp.ep1.5.ep5.el4.src.rpm     9b78d3fb85635072a569a0b5c8374603
glassfish-jsf-1.2_10-0jpp.ep1.5.ep5.el4.src.rpm     9b78d3fb85635072a569a0b5c8374603
hibernate3-3.2.4-1.SP1_CP07.0jpp.ep1.14.el4.src.rpm
File outdated by:  RHSA-2009:1146		     da1aeee4bf320cbcbb1cdcd5d171db9d
hibernate3-3.2.4-1.SP1_CP07.0jpp.ep1.14.el4.src.rpm
File outdated by:  RHSA-2009:1146		     da1aeee4bf320cbcbb1cdcd5d171db9d
jacorb-2.3.0-1jpp.ep1.7.el4.src.rpm     8670fe5035ada902134b90e85fdfcc32
jacorb-2.3.0-1jpp.ep1.7.el4.src.rpm     8670fe5035ada902134b90e85fdfcc32
jakarta-commons-beanutils-1.8.0-3.ep5.el4.src.rpm     c60d00b1fa569956408b9678e733bcaf
jakarta-commons-beanutils-1.8.0-3.ep5.el4.src.rpm     c60d00b1fa569956408b9678e733bcaf
jakarta-commons-fileupload-1.1.1-3jpp.ep1.2.el4.src.rpm     624b030a570cfb97d275b6d1049623e5
jakarta-commons-fileupload-1.1.1-3jpp.ep1.2.el4.src.rpm     624b030a570cfb97d275b6d1049623e5
jakarta-commons-io-1.1-0.20051005.2jpp_1rh.src.rpm     8619d3fc5d3c9d36c80d71f56c148eff
jakarta-commons-io-1.1-0.20051005.2jpp_1rh.src.rpm     8619d3fc5d3c9d36c80d71f56c148eff
jakarta-commons-logging-jboss-1.1-4.ep1.el4.src.rpm     5c538218382b64349e9edb4a411af0ed
jakarta-commons-logging-jboss-1.1-4.ep1.el4.src.rpm     5c538218382b64349e9edb4a411af0ed
jboss-cache-1.4.1-6.SP11.1.ep1.el4.src.rpm
File outdated by:  RHSA-2009:1146		     d6dab77650bdbadc01960e9bc3a583b4
jboss-cache-1.4.1-6.SP11.1.ep1.el4.src.rpm
File outdated by:  RHSA-2009:1146		     d6dab77650bdbadc01960e9bc3a583b4
jboss-jaxr-1.2.0-SP2.0jpp.ep1.3.el4.src.rpm     18406ffea20d5942ec4fcf2fea94923a
jboss-jaxr-1.2.0-SP2.0jpp.ep1.3.el4.src.rpm     18406ffea20d5942ec4fcf2fea94923a
jboss-messaging-1.4.0-2.SP3_CP07.1.ep1.el4.src.rpm
File outdated by:  RHBA-2009:1182		     cd0dc61d7221f985cfcb0e58ef73b143
jboss-messaging-1.4.0-2.SP3_CP07.1.ep1.el4.src.rpm
File outdated by:  RHBA-2009:1182		     cd0dc61d7221f985cfcb0e58ef73b143
jboss-remoting-2.2.2-3.SP11.0jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:1146		     a7b52cddbb71b9acec949207dd9a11a5
jboss-remoting-2.2.2-3.SP11.0jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:1146		     a7b52cddbb71b9acec949207dd9a11a5
jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.14.el4.src.rpm
File outdated by:  RHSA-2009:1146		     cba7115463dff2699bd4f3d2a1d8cab8
jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.14.el4.src.rpm
File outdated by:  RHSA-2009:1146		     cba7115463dff2699bd4f3d2a1d8cab8
jboss-vfs-1.0.0-1.ep1.el4.src.rpm     a8df352b13bdc783c145bd1cea4b130d
jboss-vfs-1.0.0-1.ep1.el4.src.rpm     a8df352b13bdc783c145bd1cea4b130d
jbossas-4.3.0-3.GA_CP04.3.ep1.el4.src.rpm
File outdated by:  RHBA-2009:1182		     aee479bad2f7215a2ce07786a1a19911
jbossas-4.3.0-3.GA_CP04.3.ep1.el4.src.rpm
File outdated by:  RHBA-2009:1182		     aee479bad2f7215a2ce07786a1a19911
jbossts-4.2.3-1.SP5_CP04.1jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:1146		     32fddc998927170671cdba4859fc92da
jbossts-4.2.3-1.SP5_CP04.1jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:1146		     32fddc998927170671cdba4859fc92da
jbossweb-2.0.0-6.CP09.0jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:1146		     efd2673fcc1c642d88b53a1f6e21eca0
jbossweb-2.0.0-6.CP09.0jpp.ep1.1.el4.src.rpm
File outdated by:  RHSA-2009:1146		     efd2673fcc1c642d88b53a1f6e21eca0
jbossws-2.0.1-3.SP2_CP05.4.ep1.el4.src.rpm
File outdated by:  RHSA-2009:1146		     342ba4dd8e8e210cbb76269af5eb96d0
jbossws-2.0.1-3.SP2_CP05.4.ep1.el4.src.rpm
File outdated by:  RHSA-2009:1146		     342ba4dd8e8e210cbb76269af5eb96d0
jbossws-common-1.0.0-2.GA_CP03.1.ep1.el4.src.rpm
File outdated by:  RHSA-2009:1146		     6a829e9c328381b93ce627907aa4057a
jbossws-common-1.0.0-2.GA_CP03.1.ep1.el4.src.rpm
File outdated by:  RHSA-2009:1146		     6a829e9c328381b93ce627907aa4057a
jbossws-framework-2.0.1-1.GA_CP03.2.ep1.el4.src.rpm
File outdated by:  RHSA-2009:1146		     10dcaf6c46e3b32ef3924a4ac578bc85
jbossws-framework-2.0.1-1.GA_CP03.2.ep1.el4.src.rpm
File outdated by:  RHSA-2009:1146		     10dcaf6c46e3b32ef3924a4ac578bc85
jgroups-2.4.5-2.ep1.el4.src.rpm
File outdated by:  RHSA-2009:1146		     6483c1094ee934471a64f1eabb2c0bae
jgroups-2.4.5-2.ep1.el4.src.rpm
File outdated by:  RHSA-2009:1146		     6483c1094ee934471a64f1eabb2c0bae
rh-eap-docs-4.3.0-4.GA_CP04.ep1.3.el4.src.rpm
File outdated by:  RHBA-2009:1182		     f308b57700650126591d2e0e9d2839e5
rh-eap-docs-4.3.0-4.GA_CP04.ep1.3.el4.src.rpm
File outdated by:  RHBA-2009:1182		     f308b57700650126591d2e0e9d2839e5
tanukiwrapper-3.2.1-2jpp.ep1.2.el4.src.rpm     9eb660786f53eded1ff60ecbfbb9cfe7
tanukiwrapper-3.2.1-2jpp.ep1.2.el4.src.rpm     9eb660786f53eded1ff60ecbfbb9cfe7
ws-commons-policy-1.0-2jpp.ep1.7.el4.src.rpm     acf4513e611665c87ebe586023cd094d
ws-commons-policy-1.0-2jpp.ep1.7.el4.src.rpm     acf4513e611665c87ebe586023cd094d
ws-scout0-0.7-0.rc2.4.el4.src.rpm     aacdf21918e189fd41232f5be2b9ec3f
ws-scout0-0.7-0.rc2.4.el4.src.rpm     aacdf21918e189fd41232f5be2b9ec3f
xalan-j2-2.7.0-2jpp.ep1.5.el4.src.rpm     794376f10260ddaf854f1073c1de4e3d
xalan-j2-2.7.0-2jpp.ep1.5.el4.src.rpm     794376f10260ddaf854f1073c1de4e3d
 
IA-32:
glassfish-jaxb-2.1.4-1.6.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     d0edf0c33738f822d8d048a68a9e974b
glassfish-jaxb-2.1.4-1.6.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     d0edf0c33738f822d8d048a68a9e974b
glassfish-jaxb-javadoc-2.1.4-1.6.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     974589e1e18b709f5bc67cb6b9084007
glassfish-jaxb-javadoc-2.1.4-1.6.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     974589e1e18b709f5bc67cb6b9084007
glassfish-jsf-1.2_10-0jpp.ep1.5.ep5.el4.noarch.rpm     62ed7e4e9301e7119a47d4c4ee50b7f4
glassfish-jsf-1.2_10-0jpp.ep1.5.ep5.el4.noarch.rpm     62ed7e4e9301e7119a47d4c4ee50b7f4
hibernate3-3.2.4-1.SP1_CP07.0jpp.ep1.14.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     cca11e569d843e7cdbb4c781ca716958
hibernate3-3.2.4-1.SP1_CP07.0jpp.ep1.14.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     cca11e569d843e7cdbb4c781ca716958
hibernate3-javadoc-3.2.4-1.SP1_CP07.0jpp.ep1.14.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     21cbf6e8bca5ba1fa24a872fcf528b4c
hibernate3-javadoc-3.2.4-1.SP1_CP07.0jpp.ep1.14.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     21cbf6e8bca5ba1fa24a872fcf528b4c
jacorb-2.3.0-1jpp.ep1.7.el4.noarch.rpm     34c2c78ef5e6588e423b3c9ae0754c25
jacorb-2.3.0-1jpp.ep1.7.el4.noarch.rpm     34c2c78ef5e6588e423b3c9ae0754c25
jakarta-commons-beanutils-1.8.0-3.ep5.el4.noarch.rpm     fc091b705a784a661051c8b83e3fec9a
jakarta-commons-beanutils-1.8.0-3.ep5.el4.noarch.rpm     fc091b705a784a661051c8b83e3fec9a
jakarta-commons-fileupload-1.1.1-3jpp.ep1.2.el4.noarch.rpm     bbc285a415be51a7b108da31a09fdb5d
jakarta-commons-fileupload-1.1.1-3jpp.ep1.2.el4.noarch.rpm     bbc285a415be51a7b108da31a09fdb5d
jakarta-commons-io-1.1-0.20051005.2jpp_1rh.noarch.rpm     5d7f358651ee31279e672a46139e1130
jakarta-commons-io-1.1-0.20051005.2jpp_1rh.noarch.rpm     5d7f358651ee31279e672a46139e1130
jakarta-commons-logging-jboss-1.1-4.ep1.el4.noarch.rpm     6bb6f7e0ac62cd6f3e5c3d4955f9b2c0
jakarta-commons-logging-jboss-1.1-4.ep1.el4.noarch.rpm     6bb6f7e0ac62cd6f3e5c3d4955f9b2c0
jboss-cache-1.4.1-6.SP11.1.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     9065bd55198fa70b12f67777eeb89d3c
jboss-cache-1.4.1-6.SP11.1.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     9065bd55198fa70b12f67777eeb89d3c
jboss-jaxr-1.2.0-SP2.0jpp.ep1.3.el4.noarch.rpm     e36b5843f3b2f4441e3dd4afc09881c5
jboss-jaxr-1.2.0-SP2.0jpp.ep1.3.el4.noarch.rpm     e36b5843f3b2f4441e3dd4afc09881c5
jboss-messaging-1.4.0-2.SP3_CP07.1.ep1.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     f47b7d6f5d48554cbe90915bdc2aad93
jboss-messaging-1.4.0-2.SP3_CP07.1.ep1.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     f47b7d6f5d48554cbe90915bdc2aad93
jboss-remoting-2.2.2-3.SP11.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     c140d7690c94e1dc6094422458effda9
jboss-remoting-2.2.2-3.SP11.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     c140d7690c94e1dc6094422458effda9
jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.14.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     add7198f8e53f3cf15c6a72263ca5e13
jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.14.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     add7198f8e53f3cf15c6a72263ca5e13
jboss-seam-docs-1.2.1-3.JBPAPP_4_3_0_GA.ep1.14.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     e625054d90f4b6b5a86cb2ff6b3c9ef1
jboss-seam-docs-1.2.1-3.JBPAPP_4_3_0_GA.ep1.14.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     e625054d90f4b6b5a86cb2ff6b3c9ef1
jboss-vfs-1.0.0-1.ep1.el4.noarch.rpm     e6fbe4b1d856676edc2f1c7ee8bd76af
jboss-vfs-1.0.0-1.ep1.el4.noarch.rpm     e6fbe4b1d856676edc2f1c7ee8bd76af
jbossas-4.3.0-3.GA_CP04.3.ep1.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     aef59acc62e9782eb07ac9ca9c008e8e
jbossas-4.3.0-3.GA_CP04.3.ep1.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     aef59acc62e9782eb07ac9ca9c008e8e
jbossas-4.3.0.GA_CP04-bin-4.3.0-3.GA_CP04.3.ep1.el4.noarch.rpm     c2728af0adb88d84d41ee114905bf4d3
jbossas-4.3.0.GA_CP04-bin-4.3.0-3.GA_CP04.3.ep1.el4.noarch.rpm     c2728af0adb88d84d41ee114905bf4d3
jbossas-client-4.3.0-3.GA_CP04.3.ep1.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     2663d52b6f9e0dc86b76a35c83e773b7
jbossas-client-4.3.0-3.GA_CP04.3.ep1.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     2663d52b6f9e0dc86b76a35c83e773b7
jbossts-4.2.3-1.SP5_CP04.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     6225ecd6f73d1a5a25768358c06d4076
jbossts-4.2.3-1.SP5_CP04.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     6225ecd6f73d1a5a25768358c06d4076
jbossweb-2.0.0-6.CP09.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     8726f935dcab0a836e4fa4559c222e77
jbossweb-2.0.0-6.CP09.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     8726f935dcab0a836e4fa4559c222e77
jbossws-2.0.1-3.SP2_CP05.4.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     cf98ee28943f07738867bbe7661fcb6c
jbossws-2.0.1-3.SP2_CP05.4.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     cf98ee28943f07738867bbe7661fcb6c
jbossws-common-1.0.0-2.GA_CP03.1.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     aab73d8f11180f7635238e818163a4e4
jbossws-common-1.0.0-2.GA_CP03.1.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     aab73d8f11180f7635238e818163a4e4
jbossws-framework-2.0.1-1.GA_CP03.2.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     857065e8f621823690286ddc3492dbe9
jbossws-framework-2.0.1-1.GA_CP03.2.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     857065e8f621823690286ddc3492dbe9
jgroups-2.4.5-2.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     8c49064d4eb0bb5e5ca73d378a6a8a76
jgroups-2.4.5-2.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     8c49064d4eb0bb5e5ca73d378a6a8a76
rh-eap-docs-4.3.0-4.GA_CP04.ep1.3.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     810b8d5306734eeb03aff6404db58ac4
rh-eap-docs-4.3.0-4.GA_CP04.ep1.3.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     810b8d5306734eeb03aff6404db58ac4
rh-eap-docs-examples-4.3.0-4.GA_CP04.ep1.3.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     783a23e53ef95384e2a187535f15379b
rh-eap-docs-examples-4.3.0-4.GA_CP04.ep1.3.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     783a23e53ef95384e2a187535f15379b
tanukiwrapper-3.2.1-2jpp.ep1.2.el4.i386.rpm     1fa13cc42662327447cdb595ffbe11a4
tanukiwrapper-3.2.1-2jpp.ep1.2.el4.i386.rpm     1fa13cc42662327447cdb595ffbe11a4
ws-commons-policy-1.0-2jpp.ep1.7.el4.noarch.rpm     60ee9c992c9222e881e1a399e42b22cb
ws-commons-policy-1.0-2jpp.ep1.7.el4.noarch.rpm     60ee9c992c9222e881e1a399e42b22cb
ws-scout0-0.7-0.rc2.4.el4.noarch.rpm     a5fa504dba9bbf051000fb3a9267d9a6
ws-scout0-0.7-0.rc2.4.el4.noarch.rpm     a5fa504dba9bbf051000fb3a9267d9a6
xalan-j2-2.7.0-2jpp.ep1.5.el4.noarch.rpm     d3ab56060c5c5f4222be37635fb8fb2f
xalan-j2-2.7.0-2jpp.ep1.5.el4.noarch.rpm     d3ab56060c5c5f4222be37635fb8fb2f
 
x86_64:
glassfish-jaxb-2.1.4-1.6.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     d0edf0c33738f822d8d048a68a9e974b
glassfish-jaxb-2.1.4-1.6.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     d0edf0c33738f822d8d048a68a9e974b
glassfish-jaxb-javadoc-2.1.4-1.6.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     974589e1e18b709f5bc67cb6b9084007
glassfish-jaxb-javadoc-2.1.4-1.6.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     974589e1e18b709f5bc67cb6b9084007
glassfish-jsf-1.2_10-0jpp.ep1.5.ep5.el4.noarch.rpm     62ed7e4e9301e7119a47d4c4ee50b7f4
glassfish-jsf-1.2_10-0jpp.ep1.5.ep5.el4.noarch.rpm     62ed7e4e9301e7119a47d4c4ee50b7f4
hibernate3-3.2.4-1.SP1_CP07.0jpp.ep1.14.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     cca11e569d843e7cdbb4c781ca716958
hibernate3-3.2.4-1.SP1_CP07.0jpp.ep1.14.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     cca11e569d843e7cdbb4c781ca716958
hibernate3-javadoc-3.2.4-1.SP1_CP07.0jpp.ep1.14.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     21cbf6e8bca5ba1fa24a872fcf528b4c
hibernate3-javadoc-3.2.4-1.SP1_CP07.0jpp.ep1.14.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     21cbf6e8bca5ba1fa24a872fcf528b4c
jacorb-2.3.0-1jpp.ep1.7.el4.noarch.rpm     34c2c78ef5e6588e423b3c9ae0754c25
jacorb-2.3.0-1jpp.ep1.7.el4.noarch.rpm     34c2c78ef5e6588e423b3c9ae0754c25
jakarta-commons-beanutils-1.8.0-3.ep5.el4.noarch.rpm     fc091b705a784a661051c8b83e3fec9a
jakarta-commons-beanutils-1.8.0-3.ep5.el4.noarch.rpm     fc091b705a784a661051c8b83e3fec9a
jakarta-commons-fileupload-1.1.1-3jpp.ep1.2.el4.noarch.rpm     bbc285a415be51a7b108da31a09fdb5d
jakarta-commons-fileupload-1.1.1-3jpp.ep1.2.el4.noarch.rpm     bbc285a415be51a7b108da31a09fdb5d
jakarta-commons-io-1.1-0.20051005.2jpp_1rh.noarch.rpm     5d7f358651ee31279e672a46139e1130
jakarta-commons-io-1.1-0.20051005.2jpp_1rh.noarch.rpm     5d7f358651ee31279e672a46139e1130
jakarta-commons-logging-jboss-1.1-4.ep1.el4.noarch.rpm     6bb6f7e0ac62cd6f3e5c3d4955f9b2c0
jakarta-commons-logging-jboss-1.1-4.ep1.el4.noarch.rpm     6bb6f7e0ac62cd6f3e5c3d4955f9b2c0
jboss-cache-1.4.1-6.SP11.1.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     9065bd55198fa70b12f67777eeb89d3c
jboss-cache-1.4.1-6.SP11.1.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     9065bd55198fa70b12f67777eeb89d3c
jboss-jaxr-1.2.0-SP2.0jpp.ep1.3.el4.noarch.rpm     e36b5843f3b2f4441e3dd4afc09881c5
jboss-jaxr-1.2.0-SP2.0jpp.ep1.3.el4.noarch.rpm     e36b5843f3b2f4441e3dd4afc09881c5
jboss-messaging-1.4.0-2.SP3_CP07.1.ep1.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     f47b7d6f5d48554cbe90915bdc2aad93
jboss-messaging-1.4.0-2.SP3_CP07.1.ep1.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     f47b7d6f5d48554cbe90915bdc2aad93
jboss-remoting-2.2.2-3.SP11.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     c140d7690c94e1dc6094422458effda9
jboss-remoting-2.2.2-3.SP11.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     c140d7690c94e1dc6094422458effda9
jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.14.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     add7198f8e53f3cf15c6a72263ca5e13
jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.14.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     add7198f8e53f3cf15c6a72263ca5e13
jboss-seam-docs-1.2.1-3.JBPAPP_4_3_0_GA.ep1.14.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     e625054d90f4b6b5a86cb2ff6b3c9ef1
jboss-seam-docs-1.2.1-3.JBPAPP_4_3_0_GA.ep1.14.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     e625054d90f4b6b5a86cb2ff6b3c9ef1
jboss-vfs-1.0.0-1.ep1.el4.noarch.rpm     e6fbe4b1d856676edc2f1c7ee8bd76af
jboss-vfs-1.0.0-1.ep1.el4.noarch.rpm     e6fbe4b1d856676edc2f1c7ee8bd76af
jbossas-4.3.0-3.GA_CP04.3.ep1.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     aef59acc62e9782eb07ac9ca9c008e8e
jbossas-4.3.0-3.GA_CP04.3.ep1.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     aef59acc62e9782eb07ac9ca9c008e8e
jbossas-4.3.0.GA_CP04-bin-4.3.0-3.GA_CP04.3.ep1.el4.noarch.rpm     c2728af0adb88d84d41ee114905bf4d3
jbossas-4.3.0.GA_CP04-bin-4.3.0-3.GA_CP04.3.ep1.el4.noarch.rpm     c2728af0adb88d84d41ee114905bf4d3
jbossas-client-4.3.0-3.GA_CP04.3.ep1.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     2663d52b6f9e0dc86b76a35c83e773b7
jbossas-client-4.3.0-3.GA_CP04.3.ep1.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     2663d52b6f9e0dc86b76a35c83e773b7
jbossts-4.2.3-1.SP5_CP04.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     6225ecd6f73d1a5a25768358c06d4076
jbossts-4.2.3-1.SP5_CP04.1jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     6225ecd6f73d1a5a25768358c06d4076
jbossweb-2.0.0-6.CP09.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     8726f935dcab0a836e4fa4559c222e77
jbossweb-2.0.0-6.CP09.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     8726f935dcab0a836e4fa4559c222e77
jbossws-2.0.1-3.SP2_CP05.4.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     cf98ee28943f07738867bbe7661fcb6c
jbossws-2.0.1-3.SP2_CP05.4.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     cf98ee28943f07738867bbe7661fcb6c
jbossws-common-1.0.0-2.GA_CP03.1.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     aab73d8f11180f7635238e818163a4e4
jbossws-common-1.0.0-2.GA_CP03.1.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     aab73d8f11180f7635238e818163a4e4
jbossws-framework-2.0.1-1.GA_CP03.2.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     857065e8f621823690286ddc3492dbe9
jbossws-framework-2.0.1-1.GA_CP03.2.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     857065e8f621823690286ddc3492dbe9
jgroups-2.4.5-2.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     8c49064d4eb0bb5e5ca73d378a6a8a76
jgroups-2.4.5-2.ep1.el4.noarch.rpm
File outdated by:  RHSA-2009:1146		     8c49064d4eb0bb5e5ca73d378a6a8a76
rh-eap-docs-4.3.0-4.GA_CP04.ep1.3.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     810b8d5306734eeb03aff6404db58ac4
rh-eap-docs-4.3.0-4.GA_CP04.ep1.3.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     810b8d5306734eeb03aff6404db58ac4
rh-eap-docs-examples-4.3.0-4.GA_CP04.ep1.3.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     783a23e53ef95384e2a187535f15379b
rh-eap-docs-examples-4.3.0-4.GA_CP04.ep1.3.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     783a23e53ef95384e2a187535f15379b
tanukiwrapper-3.2.1-2jpp.ep1.2.el4.x86_64.rpm     c9bd00292c7d386f2942c591524fcf0d
tanukiwrapper-3.2.1-2jpp.ep1.2.el4.x86_64.rpm     c9bd00292c7d386f2942c591524fcf0d
ws-commons-policy-1.0-2jpp.ep1.7.el4.noarch.rpm     60ee9c992c9222e881e1a399e42b22cb
ws-commons-policy-1.0-2jpp.ep1.7.el4.noarch.rpm     60ee9c992c9222e881e1a399e42b22cb
ws-scout0-0.7-0.rc2.4.el4.noarch.rpm     a5fa504dba9bbf051000fb3a9267d9a6
ws-scout0-0.7-0.rc2.4.el4.noarch.rpm     a5fa504dba9bbf051000fb3a9267d9a6
xalan-j2-2.7.0-2jpp.ep1.5.el4.noarch.rpm     d3ab56060c5c5f4222be37635fb8fb2f
xalan-j2-2.7.0-2jpp.ep1.5.el4.noarch.rpm     d3ab56060c5c5f4222be37635fb8fb2f
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

474622 - Tracker bug for the EAP 4.3.0.cp04 release.
479668 - CVE-2009-0027 JBoss EAP unprivileged local xml file access


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0027
http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp04/html-single/readme/index.html

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/