Security Advisory Important: JBoss Enterprise Application Platform 4.3.0.CP05 update

Advisory: RHSA-2009:1146-1
Type: Security Advisory
Severity: Important
Issued on: 2009-07-06
Last updated on: 2009-07-06
Affected Products: JBoss Enterprise Application Platform 4.3.0 EL4
OVAL: N/A
CVEs (cve.mitre.org): CVE-2008-5515
CVE-2009-0580
CVE-2009-0783

Details

Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix
various issues are now available for Red Hat Enterprise Linux 4 as JBEAP
4.3.0.CP05.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

JBoss Enterprise Application Platform is the market leading platform for
innovative and scalable Java applications; integrating the JBoss
Application Server, with JBoss Hibernate and JBoss Seam into a complete,
simple enterprise solution.

This release of JBEAP for Red Hat Enterprise Linux 4 serves as a
replacement to JBEAP 4.3.0.CP04.

These updated packages include bug fixes and enhancements which are
detailed in the release notes. The link to the release notes is available
below in the References section of this errata.

The following security issues are also fixed with this release:

It was discovered that request dispatchers did not properly normalize user
requests that have trailing query strings, allowing remote attackers to
send specially-crafted requests that would cause an information leak.
(CVE-2008-5515)

It was discovered that the error checking methods of certain authentication
classes did not have sufficient error checking, allowing remote attackers
to enumerate (via brute force methods) usernames registered with
applications deployed on JBossWeb when FORM-based authentication was used.
(CVE-2009-0580)

It was discovered that web applications containing their own XML parsers
could replace the XML parser JBossWeb uses to parse configuration files. A
malicious web application running on a JBossWeb instance could read or,
potentially, modify the configuration and XML-based data of other web
applications deployed on the same JBossWeb instance. (CVE-2009-0783)

Warning: before applying this update, please back up the JBEAP
"server/[configuration]/deploy/" directory, and any other customized
configuration files.

All users of JBEAP 4.3 on Red Hat Enterprise Linux 4 are advised to upgrade
to these updated packages.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

JBoss Enterprise Application Platform 4.3.0 EL4
SRPMS:
glassfish-jaxb-2.1.4-1.11.ep1.el4.src.rpm     0298be116a2ba73d9259e47a069dc234
glassfish-jaxb-2.1.4-1.11.ep1.el4.src.rpm     0298be116a2ba73d9259e47a069dc234
hibernate3-3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src.rpm     407166e1971369839904897a08b84c71
hibernate3-3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src.rpm     407166e1971369839904897a08b84c71
hibernate3-annotations-3.3.1-1.10.GA_CP01.ep1.el4.src.rpm     36593ee5523f868795788c61cf4ce97b
hibernate3-annotations-3.3.1-1.10.GA_CP01.ep1.el4.src.rpm     36593ee5523f868795788c61cf4ce97b
hibernate3-commons-annotations-3.0.0-1jpp.ep1.5.el4.src.rpm     af1fcedcc1d61903a4c248f63a3ce88a
hibernate3-commons-annotations-3.0.0-1jpp.ep1.5.el4.src.rpm     af1fcedcc1d61903a4c248f63a3ce88a
hibernate3-entitymanager-3.3.2-2.4.ep1.el4.src.rpm     e1639e2f926a8c25575a74af0b60da4e
hibernate3-entitymanager-3.3.2-2.4.ep1.el4.src.rpm     e1639e2f926a8c25575a74af0b60da4e
hibernate3-validator-3.0.0-1jpp.ep1.8.el4.src.rpm     3d0ebadc82d6d82a5952d56e8208f2fc
hibernate3-validator-3.0.0-1jpp.ep1.8.el4.src.rpm     3d0ebadc82d6d82a5952d56e8208f2fc
hsqldb-1.8.0.8-2.patch02.1jpp.ep1.2.el4.src.rpm     93dd9aebcaa246cc20920f666ab6ad65
hsqldb-1.8.0.8-2.patch02.1jpp.ep1.2.el4.src.rpm     93dd9aebcaa246cc20920f666ab6ad65
jakarta-slide-webdavclient-2.1-9.2.el4.src.rpm     70f551b276a68f13a2ab2b1d6509f2a6
jakarta-slide-webdavclient-2.1-9.2.el4.src.rpm     70f551b276a68f13a2ab2b1d6509f2a6
jboss-cache-1.4.1-6.SP13.1.ep1.el4.src.rpm     40071a29190a20dd9fef68dd0283061e
jboss-cache-1.4.1-6.SP13.1.ep1.el4.src.rpm     40071a29190a20dd9fef68dd0283061e
jboss-messaging-1.4.0-2.SP3_CP08.1.ep1.el4.src.rpm
File outdated by:  RHBA-2009:1182		     82c6728af4b82ca68d2a58dd58316603
jboss-messaging-1.4.0-2.SP3_CP08.1.ep1.el4.src.rpm
File outdated by:  RHBA-2009:1182		     82c6728af4b82ca68d2a58dd58316603
jboss-remoting-2.2.3-2.ep1.el4.src.rpm     dfe8752d363c792065702e2527b2866b
jboss-remoting-2.2.3-2.ep1.el4.src.rpm     dfe8752d363c792065702e2527b2866b
jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src.rpm     d54ef3d05c0274b0d3fef842d7af4afe
jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src.rpm     d54ef3d05c0274b0d3fef842d7af4afe
jbossas-4.3.0-4.GA_CP05.6.ep1.el4.src.rpm
File outdated by:  RHBA-2009:1182		     c9054151eea806a77dffc32357ceb79b
jbossas-4.3.0-4.GA_CP05.6.ep1.el4.src.rpm
File outdated by:  RHBA-2009:1182		     c9054151eea806a77dffc32357ceb79b
jbossts-4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src.rpm     ef7c5f4c05f777f109947bb715f17ea0
jbossts-4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src.rpm     ef7c5f4c05f777f109947bb715f17ea0
jbossweb-2.0.0-6.CP11.0jpp.ep1.1.el4.src.rpm     48344b1d077c1e37f8119630ccf4dcbf
jbossweb-2.0.0-6.CP11.0jpp.ep1.1.el4.src.rpm     48344b1d077c1e37f8119630ccf4dcbf
jbossws-2.0.1-3.SP2_CP06.3.ep1.el4.src.rpm     73d73f7579566cd7ba6f81629410a0c5
jbossws-2.0.1-3.SP2_CP06.3.ep1.el4.src.rpm     73d73f7579566cd7ba6f81629410a0c5
jbossws-common-1.0.0-2.GA_CP04.1.ep1.el4.src.rpm     9c768e1a679f68ebc1df15126a383466
jbossws-common-1.0.0-2.GA_CP04.1.ep1.el4.src.rpm     9c768e1a679f68ebc1df15126a383466
jbossws-framework-2.0.1-1.GA_CP04.2.ep1.el4.src.rpm     2328f14be25ca1c3d6454e285ec2ec12
jbossws-framework-2.0.1-1.GA_CP04.2.ep1.el4.src.rpm     2328f14be25ca1c3d6454e285ec2ec12
jbossws-spi-1.0.0-1.GA_CP02.1.ep1.el4.src.rpm     98e833460dcc4a195e37bfd755ec0894
jbossws-spi-1.0.0-1.GA_CP02.1.ep1.el4.src.rpm     98e833460dcc4a195e37bfd755ec0894
jgroups-2.4.6-1.ep1.el4.src.rpm     636292b78f1a4c5cf5011fdf696f6753
jgroups-2.4.6-1.ep1.el4.src.rpm     636292b78f1a4c5cf5011fdf696f6753
rh-eap-docs-4.3.0-5.GA_CP05.ep1.2.el4.src.rpm
File outdated by:  RHBA-2009:1182		     ad058b6182cfc4e7066d1ddc4f653988
rh-eap-docs-4.3.0-5.GA_CP05.ep1.2.el4.src.rpm
File outdated by:  RHBA-2009:1182		     ad058b6182cfc4e7066d1ddc4f653988
xerces-j2-2.7.1-9jpp.ep1.2.el4.src.rpm     c79c73c0b7df26b0f72f0b0410fe999a
xerces-j2-2.7.1-9jpp.ep1.2.el4.src.rpm     c79c73c0b7df26b0f72f0b0410fe999a
 
IA-32:
glassfish-jaxb-2.1.4-1.11.ep1.el4.noarch.rpm     d4e776c4fdb6a738f0da09b3e59305ab
glassfish-jaxb-2.1.4-1.11.ep1.el4.noarch.rpm     d4e776c4fdb6a738f0da09b3e59305ab
glassfish-jaxb-javadoc-2.1.4-1.11.ep1.el4.noarch.rpm     9a4f9b9778fffb379bb1517757d8258b
glassfish-jaxb-javadoc-2.1.4-1.11.ep1.el4.noarch.rpm     9a4f9b9778fffb379bb1517757d8258b
hibernate3-3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch.rpm     e690487ae276342783e311173aaded17
hibernate3-3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch.rpm     e690487ae276342783e311173aaded17
hibernate3-annotations-3.3.1-1.10.GA_CP01.ep1.el4.noarch.rpm     784b3727f0d8d0c136a42333b5208896
hibernate3-annotations-3.3.1-1.10.GA_CP01.ep1.el4.noarch.rpm     784b3727f0d8d0c136a42333b5208896
hibernate3-annotations-javadoc-3.3.1-1.10.GA_CP01.ep1.el4.noarch.rpm     000f5f544273831da27a0064246c66d1
hibernate3-annotations-javadoc-3.3.1-1.10.GA_CP01.ep1.el4.noarch.rpm     000f5f544273831da27a0064246c66d1
hibernate3-commons-annotations-3.0.0-1jpp.ep1.5.el4.noarch.rpm     bd5662c3ab1d8cce2679da6b6c5f5a96
hibernate3-commons-annotations-3.0.0-1jpp.ep1.5.el4.noarch.rpm     bd5662c3ab1d8cce2679da6b6c5f5a96
hibernate3-commons-annotations-javadoc-3.0.0-1jpp.ep1.5.el4.noarch.rpm     7931a2faf7ad794ce41b30beeb523fed
hibernate3-commons-annotations-javadoc-3.0.0-1jpp.ep1.5.el4.noarch.rpm     7931a2faf7ad794ce41b30beeb523fed
hibernate3-entitymanager-3.3.2-2.4.ep1.el4.noarch.rpm     2cc8200ffdc9ddfdfa9734809a8ea789
hibernate3-entitymanager-3.3.2-2.4.ep1.el4.noarch.rpm     2cc8200ffdc9ddfdfa9734809a8ea789
hibernate3-entitymanager-javadoc-3.3.2-2.4.ep1.el4.noarch.rpm     f2e72c16de23b03b248d0917244ea0b7
hibernate3-entitymanager-javadoc-3.3.2-2.4.ep1.el4.noarch.rpm     f2e72c16de23b03b248d0917244ea0b7
hibernate3-javadoc-3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch.rpm     c1cb60e35e7d4a182728287350b4589f
hibernate3-javadoc-3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch.rpm     c1cb60e35e7d4a182728287350b4589f
hibernate3-validator-3.0.0-1jpp.ep1.8.el4.noarch.rpm     ecf5273f61682444a046a7ae5047b59d
hibernate3-validator-3.0.0-1jpp.ep1.8.el4.noarch.rpm     ecf5273f61682444a046a7ae5047b59d
hibernate3-validator-javadoc-3.0.0-1jpp.ep1.8.el4.noarch.rpm     06f3764b5adc76bba264c904a9d0ab34
hibernate3-validator-javadoc-3.0.0-1jpp.ep1.8.el4.noarch.rpm     06f3764b5adc76bba264c904a9d0ab34
hsqldb-1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch.rpm     a0af8f3a1158c697bd58dcfec96fc0f8
hsqldb-1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch.rpm     a0af8f3a1158c697bd58dcfec96fc0f8
jakarta-slide-webdavclient-2.1-9.2.el4.noarch.rpm     86c93f08177307f2a94c8c68352571c6
jakarta-slide-webdavclient-2.1-9.2.el4.noarch.rpm     86c93f08177307f2a94c8c68352571c6
jboss-cache-1.4.1-6.SP13.1.ep1.el4.noarch.rpm     7a3793faddd264be967b7aa7b397ffcc
jboss-cache-1.4.1-6.SP13.1.ep1.el4.noarch.rpm     7a3793faddd264be967b7aa7b397ffcc
jboss-messaging-1.4.0-2.SP3_CP08.1.ep1.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     4856b286c4db792e0c4a1380ef29468d
jboss-messaging-1.4.0-2.SP3_CP08.1.ep1.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     4856b286c4db792e0c4a1380ef29468d
jboss-remoting-2.2.3-2.ep1.el4.noarch.rpm     f42776f79d31ac180fca21dfa36b733e
jboss-remoting-2.2.3-2.ep1.el4.noarch.rpm     f42776f79d31ac180fca21dfa36b733e
jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch.rpm     0cbc34bc0d3d7436798d839fdd0e7da1
jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch.rpm     0cbc34bc0d3d7436798d839fdd0e7da1
jboss-seam-docs-1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch.rpm     a961205dc5cc3966d1b1586d8f2a09a4
jboss-seam-docs-1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch.rpm     a961205dc5cc3966d1b1586d8f2a09a4
jbossas-4.3.0-4.GA_CP05.6.ep1.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     9ffbe258283801f9631035e62a700273
jbossas-4.3.0-4.GA_CP05.6.ep1.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     9ffbe258283801f9631035e62a700273
jbossas-4.3.0.GA_CP05-bin-4.3.0-4.GA_CP05.6.ep1.el4.noarch.rpm     a0d66aad0463d56314edad4e25676fbe
jbossas-4.3.0.GA_CP05-bin-4.3.0-4.GA_CP05.6.ep1.el4.noarch.rpm     a0d66aad0463d56314edad4e25676fbe
jbossas-client-4.3.0-4.GA_CP05.6.ep1.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     5a2f3163d2cd2021c4d94b9afaa563a2
jbossas-client-4.3.0-4.GA_CP05.6.ep1.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     5a2f3163d2cd2021c4d94b9afaa563a2
jbossts-4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch.rpm     5475f1f525301b806dfc186939333881
jbossts-4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch.rpm     5475f1f525301b806dfc186939333881
jbossweb-2.0.0-6.CP11.0jpp.ep1.1.el4.noarch.rpm     636762f0a1f7e6490daa6d630cea0d96
jbossweb-2.0.0-6.CP11.0jpp.ep1.1.el4.noarch.rpm     636762f0a1f7e6490daa6d630cea0d96
jbossws-2.0.1-3.SP2_CP06.3.ep1.el4.noarch.rpm     6cc7f0931ca9c3567dad203c10f9da0b
jbossws-2.0.1-3.SP2_CP06.3.ep1.el4.noarch.rpm     6cc7f0931ca9c3567dad203c10f9da0b
jbossws-common-1.0.0-2.GA_CP04.1.ep1.el4.noarch.rpm     6b68594de94079a5bf6f08548509ae66
jbossws-common-1.0.0-2.GA_CP04.1.ep1.el4.noarch.rpm     6b68594de94079a5bf6f08548509ae66
jbossws-framework-2.0.1-1.GA_CP04.2.ep1.el4.noarch.rpm     1381495bce3755177aadbe4afed28a99
jbossws-framework-2.0.1-1.GA_CP04.2.ep1.el4.noarch.rpm     1381495bce3755177aadbe4afed28a99
jbossws-native42-2.0.1-3.SP2_CP06.3.ep1.el4.noarch.rpm     9839de781d590f7db0a485135f7a7a82
jbossws-native42-2.0.1-3.SP2_CP06.3.ep1.el4.noarch.rpm     9839de781d590f7db0a485135f7a7a82
jbossws-spi-1.0.0-1.GA_CP02.1.ep1.el4.noarch.rpm     5cf9b0032c6b2bcbdf95fca656c44e4d
jbossws-spi-1.0.0-1.GA_CP02.1.ep1.el4.noarch.rpm     5cf9b0032c6b2bcbdf95fca656c44e4d
jgroups-2.4.6-1.ep1.el4.noarch.rpm     2c25cca43668c923d1502d5e2496e55e
jgroups-2.4.6-1.ep1.el4.noarch.rpm     2c25cca43668c923d1502d5e2496e55e
rh-eap-docs-4.3.0-5.GA_CP05.ep1.2.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     2617daace6a41890e500ae8788c1162e
rh-eap-docs-4.3.0-5.GA_CP05.ep1.2.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     2617daace6a41890e500ae8788c1162e
rh-eap-docs-examples-4.3.0-5.GA_CP05.ep1.2.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     15a0e470862a171d553569c7ab13a72a
rh-eap-docs-examples-4.3.0-5.GA_CP05.ep1.2.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     15a0e470862a171d553569c7ab13a72a
xerces-j2-2.7.1-9jpp.ep1.2.el4.noarch.rpm     621a4429cacc4ec1ebb7157e843cadb8
xerces-j2-2.7.1-9jpp.ep1.2.el4.noarch.rpm     621a4429cacc4ec1ebb7157e843cadb8
 
x86_64:
glassfish-jaxb-2.1.4-1.11.ep1.el4.noarch.rpm     d4e776c4fdb6a738f0da09b3e59305ab
glassfish-jaxb-2.1.4-1.11.ep1.el4.noarch.rpm     d4e776c4fdb6a738f0da09b3e59305ab
glassfish-jaxb-javadoc-2.1.4-1.11.ep1.el4.noarch.rpm     9a4f9b9778fffb379bb1517757d8258b
glassfish-jaxb-javadoc-2.1.4-1.11.ep1.el4.noarch.rpm     9a4f9b9778fffb379bb1517757d8258b
hibernate3-3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch.rpm     e690487ae276342783e311173aaded17
hibernate3-3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch.rpm     e690487ae276342783e311173aaded17
hibernate3-annotations-3.3.1-1.10.GA_CP01.ep1.el4.noarch.rpm     784b3727f0d8d0c136a42333b5208896
hibernate3-annotations-3.3.1-1.10.GA_CP01.ep1.el4.noarch.rpm     784b3727f0d8d0c136a42333b5208896
hibernate3-annotations-javadoc-3.3.1-1.10.GA_CP01.ep1.el4.noarch.rpm     000f5f544273831da27a0064246c66d1
hibernate3-annotations-javadoc-3.3.1-1.10.GA_CP01.ep1.el4.noarch.rpm     000f5f544273831da27a0064246c66d1
hibernate3-commons-annotations-3.0.0-1jpp.ep1.5.el4.noarch.rpm     bd5662c3ab1d8cce2679da6b6c5f5a96
hibernate3-commons-annotations-3.0.0-1jpp.ep1.5.el4.noarch.rpm     bd5662c3ab1d8cce2679da6b6c5f5a96
hibernate3-commons-annotations-javadoc-3.0.0-1jpp.ep1.5.el4.noarch.r     7931a2faf7ad794ce41b30beeb523fed
hibernate3-commons-annotations-javadoc-3.0.0-1jpp.ep1.5.el4.noarch.r     7931a2faf7ad794ce41b30beeb523fed
hibernate3-entitymanager-3.3.2-2.4.ep1.el4.noarch.rpm     2cc8200ffdc9ddfdfa9734809a8ea789
hibernate3-entitymanager-3.3.2-2.4.ep1.el4.noarch.rpm     2cc8200ffdc9ddfdfa9734809a8ea789
hibernate3-entitymanager-javadoc-3.3.2-2.4.ep1.el4.noarch.rpm     f2e72c16de23b03b248d0917244ea0b7
hibernate3-entitymanager-javadoc-3.3.2-2.4.ep1.el4.noarch.rpm     f2e72c16de23b03b248d0917244ea0b7
hibernate3-javadoc-3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch.rpm     c1cb60e35e7d4a182728287350b4589f
hibernate3-javadoc-3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch.rpm     c1cb60e35e7d4a182728287350b4589f
hibernate3-validator-3.0.0-1jpp.ep1.8.el4.noarch.rpm     ecf5273f61682444a046a7ae5047b59d
hibernate3-validator-3.0.0-1jpp.ep1.8.el4.noarch.rpm     ecf5273f61682444a046a7ae5047b59d
hibernate3-validator-javadoc-3.0.0-1jpp.ep1.8.el4.noarch.rpm     06f3764b5adc76bba264c904a9d0ab34
hibernate3-validator-javadoc-3.0.0-1jpp.ep1.8.el4.noarch.rpm     06f3764b5adc76bba264c904a9d0ab34
hsqldb-1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch.rpm     a0af8f3a1158c697bd58dcfec96fc0f8
hsqldb-1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch.rpm     a0af8f3a1158c697bd58dcfec96fc0f8
jakarta-slide-webdavclient-2.1-9.2.el4.noarch.rpm     86c93f08177307f2a94c8c68352571c6
jakarta-slide-webdavclient-2.1-9.2.el4.noarch.rpm     86c93f08177307f2a94c8c68352571c6
jboss-cache-1.4.1-6.SP13.1.ep1.el4.noarch.rpm     7a3793faddd264be967b7aa7b397ffcc
jboss-cache-1.4.1-6.SP13.1.ep1.el4.noarch.rpm     7a3793faddd264be967b7aa7b397ffcc
jboss-messaging-1.4.0-2.SP3_CP08.1.ep1.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     4856b286c4db792e0c4a1380ef29468d
jboss-messaging-1.4.0-2.SP3_CP08.1.ep1.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     4856b286c4db792e0c4a1380ef29468d
jboss-remoting-2.2.3-2.ep1.el4.noarch.rpm     f42776f79d31ac180fca21dfa36b733e
jboss-remoting-2.2.3-2.ep1.el4.noarch.rpm     f42776f79d31ac180fca21dfa36b733e
jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch.rpm     0cbc34bc0d3d7436798d839fdd0e7da1
jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch.rpm     0cbc34bc0d3d7436798d839fdd0e7da1
jboss-seam-docs-1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch.rpm     a961205dc5cc3966d1b1586d8f2a09a4
jboss-seam-docs-1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch.rpm     a961205dc5cc3966d1b1586d8f2a09a4
jbossas-4.3.0-4.GA_CP05.6.ep1.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     9ffbe258283801f9631035e62a700273
jbossas-4.3.0-4.GA_CP05.6.ep1.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     9ffbe258283801f9631035e62a700273
jbossas-4.3.0.GA_CP05-bin-4.3.0-4.GA_CP05.6.ep1.el4.noarch.rpm     a0d66aad0463d56314edad4e25676fbe
jbossas-4.3.0.GA_CP05-bin-4.3.0-4.GA_CP05.6.ep1.el4.noarch.rpm     a0d66aad0463d56314edad4e25676fbe
jbossas-client-4.3.0-4.GA_CP05.6.ep1.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     5a2f3163d2cd2021c4d94b9afaa563a2
jbossas-client-4.3.0-4.GA_CP05.6.ep1.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     5a2f3163d2cd2021c4d94b9afaa563a2
jbossts-4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch.rpm     5475f1f525301b806dfc186939333881
jbossts-4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch.rpm     5475f1f525301b806dfc186939333881
jbossweb-2.0.0-6.CP11.0jpp.ep1.1.el4.noarch.rpm     636762f0a1f7e6490daa6d630cea0d96
jbossweb-2.0.0-6.CP11.0jpp.ep1.1.el4.noarch.rpm     636762f0a1f7e6490daa6d630cea0d96
jbossws-2.0.1-3.SP2_CP06.3.ep1.el4.noarch.rpm     6cc7f0931ca9c3567dad203c10f9da0b
jbossws-2.0.1-3.SP2_CP06.3.ep1.el4.noarch.rpm     6cc7f0931ca9c3567dad203c10f9da0b
jbossws-common-1.0.0-2.GA_CP04.1.ep1.el4.noarch.rpm     6b68594de94079a5bf6f08548509ae66
jbossws-common-1.0.0-2.GA_CP04.1.ep1.el4.noarch.rpm     6b68594de94079a5bf6f08548509ae66
jbossws-framework-2.0.1-1.GA_CP04.2.ep1.el4.noarch.rpm     1381495bce3755177aadbe4afed28a99
jbossws-framework-2.0.1-1.GA_CP04.2.ep1.el4.noarch.rpm     1381495bce3755177aadbe4afed28a99
jbossws-native42-2.0.1-3.SP2_CP06.3.ep1.el4.noarch.rpm     9839de781d590f7db0a485135f7a7a82
jbossws-native42-2.0.1-3.SP2_CP06.3.ep1.el4.noarch.rpm     9839de781d590f7db0a485135f7a7a82
jbossws-spi-1.0.0-1.GA_CP02.1.ep1.el4.noarch.rpm     5cf9b0032c6b2bcbdf95fca656c44e4d
jbossws-spi-1.0.0-1.GA_CP02.1.ep1.el4.noarch.rpm     5cf9b0032c6b2bcbdf95fca656c44e4d
jgroups-2.4.6-1.ep1.el4.noarch.rpm     2c25cca43668c923d1502d5e2496e55e
jgroups-2.4.6-1.ep1.el4.noarch.rpm     2c25cca43668c923d1502d5e2496e55e
rh-eap-docs-4.3.0-5.GA_CP05.ep1.2.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     2617daace6a41890e500ae8788c1162e
rh-eap-docs-4.3.0-5.GA_CP05.ep1.2.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     2617daace6a41890e500ae8788c1162e
rh-eap-docs-examples-4.3.0-5.GA_CP05.ep1.2.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     15a0e470862a171d553569c7ab13a72a
rh-eap-docs-examples-4.3.0-5.GA_CP05.ep1.2.el4.noarch.rpm
File outdated by:  RHBA-2009:1182		     15a0e470862a171d553569c7ab13a72a
xerces-j2-2.7.1-9jpp.ep1.2.el4.noarch.rpm     621a4429cacc4ec1ebb7157e843cadb8
xerces-j2-2.7.1-9jpp.ep1.2.el4.noarch.rpm     621a4429cacc4ec1ebb7157e843cadb8
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

499608 - Tracker bug for the EAP 4.3.0.cp05 release.
503978 - CVE-2009-0580 tomcat6 Information disclosure in authentication classes
504153 - CVE-2009-0783 tomcat XML parser information disclosure
504753 - CVE-2008-5515 tomcat request dispatcher information disclosure vulnerability


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783
http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp05/html-single/Release_Notes/index.html
http://www.redhat.com/security/updates/classification/#important

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/