Important: JBoss Enterprise Application Platform 4.3.0.CP09 update
| Advisory: | RHSA-2010:0937-1 |
|---|---|
| Type: | Security Advisory |
| Severity: | Important |
| Issued on: | 2010-12-01 |
| Last updated on: | 2010-12-01 |
| Affected Products: | JBoss Enterprise Application Platform 4.3.0 EL4 |
| CVEs (cve.mitre.org): |
CVE-2010-3708 CVE-2010-3862 CVE-2010-3878 |
Details
Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix
three security issues and multiple bugs are now available for Red Hat
Enterprise Linux 4 as JBEAP 4.3.0.CP09.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
JBoss Enterprise Application Platform is the market leading platform for
innovative and scalable Java applications; integrating the JBoss
Application Server, with JBoss Hibernate and JBoss Seam into a complete,
simple enterprise solution.
This release of JBEAP for Red Hat Enterprise Linux 4 serves as a
replacement to JBEAP 4.3.0.CP08.
These updated packages include multiple bug fixes which are detailed in the
Release Notes. The Release Notes will be available shortly from the link in
the References section.
The following security issues are also fixed with this release:
An input sanitization flaw was found in the way JBoss Drools implemented
certain rule base serialization. If a remote attacker supplied
specially-crafted input to a JBoss Seam based application that accepts
serialized input, it could lead to arbitrary code execution with the
privileges of the JBoss server process. (CVE-2010-3708)
A Cross-Site Request Forgery (CSRF) flaw was found in the JMX Console. A
remote attacker could use this flaw to deploy a WAR file of their choosing
on the target server, if they are able to trick a user, who is logged into
the JMX Console as the admin user, into visiting a specially-crafted web
page. (CVE-2010-3878)
A flaw was found in the JBoss Remoting component. A remote attacker could
use specially-crafted input to cause the JBoss Remoting listeners to become
unresponsive, resulting in a denial of service condition for services
communicating via JBoss Remoting sockets. (CVE-2010-3862)
Red Hat would like to thank Ole Husgaard of eXerp.com for reporting the
CVE-2010-3862 issue.
Warning: Before applying this update, please backup the JBEAP
"server/[configuration]/deploy/" directory, and any other customized
configuration files.
All users of JBEAP 4.3 on Red Hat Enterprise Linux 4 are advised to upgrade
to these updated packages.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Updated packages
| JBoss Enterprise Application Platform 4.3.0 EL4 | |
| SRPMS: | |
| glassfish-jaxb-2.1.4-1.17.patch04.ep1.el4.src.rpm | MD5: ff7f42808412e11c684b05a25f16ff04 SHA-256: b348d442cbdbf6afd24901b72863d3fcd549b159f92c5c1dbde00a4037f26037 |
| glassfish-jaxws-2.1.1-1jpp.ep1.13.el4.src.rpm | MD5: 5aa2d996e7a2101c1005696602943329 SHA-256: d30d65bc1f72c34d32112bd8ffbb5c27a4e72793a999d114976bbbeddb37441c |
| hibernate3-3.2.4-1.SP1_CP11.0jpp.ep2.0.el4.src.rpm File outdated by: RHBA-2011:1297 |
MD5: 4f812bf2a6e61ba6eaf8e75fbe6697db SHA-256: 32d52aa084a3861a426ace3d93885def25b87eda880c453b0638501414fe2c5d |
| hibernate3-annotations-3.3.1-2.0.GA_CP04.ep1.el4.src.rpm File outdated by: RHBA-2011:1297 |
MD5: e8627b55e6ff4b24cca64b78bdd69c23 SHA-256: 133ed0fdf0eb802e56eca314899609a11bb45f25e9804c0987557d16baf8cff0 |
| javassist-3.9.0-2.ep1.1.el4.src.rpm | MD5: 192b6cb7fdda72bf9d9bcee42c6196b0 SHA-256: 1ef91b768c121f8186e8994bc0dfe024513b23179e8b510c2fbb841ef2ff4f7e |
| jboss-common-1.2.2-1.ep1.1.el4.src.rpm | MD5: dd089d156d39519a739c9e24cf39f318 SHA-256: 37eda6746b7cf930deeba15e81e3a1225b09c1f7a3b638ad4941a6a10db471ca |
| jboss-messaging-1.4.0-4.SP3_CP11.1.ep1.el4.src.rpm File outdated by: RHBA-2011:1297 |
MD5: dc330d00b346af8fe45320cae29ac8c2 SHA-256: 36f1a3c8fc81b2cb881ef89eefd722cc7f3de8b763563a7c6a0059428a3a73bb |
| jboss-remoting-2.2.3-4.SP3.ep1.el4.src.rpm File outdated by: RHBA-2011:1297 |
MD5: ad5e5245ddeddb17982acbc97361856a SHA-256: 1ceb0942cab2d764cffe4159fe24d33897e349814ee391eadd56b79ae166dc8d |
| jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.22.el4.src.rpm File outdated by: RHBA-2011:1297 |
MD5: 468a857d671fc617317d93443fb7d914 SHA-256: f0d441ef1ccc08611ee55af3c9a1eeac76f2dac920a29071ad691fa4e9fa3f94 |
| jboss-seam2-2.0.2.FP-1.ep1.26.el4.src.rpm File outdated by: RHBA-2011:1297 |
MD5: 34323f9294cc5fb8a11d36faa639585c SHA-256: daa96b06cb2e8b2ce84d258e97bfcc7a79dafeb53cd05698053481da01a771b8 |
| jbossas-4.3.0-8.GA_CP09.2.ep1.el4.src.rpm File outdated by: RHSA-2013:0249 |
MD5: 11ff3b30878a2120fcf0ae27b68959a6 SHA-256: b0ac9aa8b0aa4ab544673e52978546a45d7e1b70827ccfd315133cf380948f64 |
| jbossts-4.2.3-2.SP5_CP10.1jpp.ep1.1.el4.src.rpm | MD5: 5b0b33bf9c02a776eb52c9a542e8a62a SHA-256: 3741baf239f5298938da5ef01252ad1481911b0cd21dd4a603679885e94a407f |
| jbossweb-2.0.0-7.CP15.0jpp.ep1.1.el4.src.rpm File outdated by: RHBA-2011:1297 |
MD5: 62022b7953474d0c1356fbc8e7ad2146 SHA-256: e818910a2205d1ede69d2686a78fcf03d7f2e984de5ffd7e6f9fb835b215dbb1 |
| jbossws-2.0.1-6.SP2_CP09.2.ep1.el4.src.rpm File outdated by: RHBA-2011:1297 |
MD5: ccd0ca0449a6a0435afbe1e84b25ced0 SHA-256: 15cdf7481f8cc25128e1d2fc246a0cdd50ecfda1600328f5ad6d761f561ad341 |
| jbossws-common-1.0.0-3.GA_CP06.1.ep1.el4.src.rpm File outdated by: RHSA-2011:1306 |
MD5: bfffe47f13552818acc57fb4f110e51c SHA-256: 0259bc862955f93e4b5133aa7ce2a9c65a0c3e479581d7f277aea48b4b565be5 |
| jgroups-2.4.9-1.ep1.el4.src.rpm File outdated by: RHBA-2011:1297 |
MD5: 889291ed507130f0b34ccc8e3a380f3a SHA-256: 6f86d0b4224ffc6dbf9203993c402a56742e52d9d079c7a05dc5ff2bbc95ea15 |
| rh-eap-docs-4.3.0-8.GA_CP09.ep1.3.el4.src.rpm File outdated by: RHBA-2011:1297 |
MD5: 9a7f5f3ba9402a9ee477a9b174ca8bfd SHA-256: 1cd65420dd5f95871c0aa6bd9d7f048b5c6e0f0ea34ee83199135a53151c0ec3 |
| xalan-j2-2.7.1-4.ep1.1.el4.src.rpm | MD5: 42446a93c5db7cd38cfa9f0cf08853bb SHA-256: 86892f5eb24b87a3fd179ec8db52f5bd2e77b4da1c5b85ca293c99c755a535b5 |
| IA-32: | |
| glassfish-jaxb-2.1.4-1.17.patch04.ep1.el4.noarch.rpm | MD5: 7e64daf90ef21d28f91a1d36a40ce1c6 SHA-256: ab3dff169f99eba29da151e63b32319d27ac66461a15a1d96c042321621c9c25 |
| glassfish-jaxws-2.1.1-1jpp.ep1.13.el4.noarch.rpm | MD5: f69fb400664e15006c35826fcec9d3d8 SHA-256: dee1c2aaff5759a2fea5678e468ac127de1751c1afbb15d4dfeb5cee212ec605 |
| hibernate3-3.2.4-1.SP1_CP11.0jpp.ep2.0.el4.noarch.rpm File outdated by: RHBA-2011:1297 |
MD5: 6bf78631e5a52f1a7a595d1a611eaa2d SHA-256: 2c7ed28f220ebffcb513a2a62ee005063792d6ffdc3abc4370a06de86a9780be |
| hibernate3-annotations-3.3.1-2.0.GA_CP04.ep1.el4.noarch.rpm File outdated by: RHBA-2011:1297 |
MD5: c2ebfdbea5c292a91c35f4482a99d6e5 SHA-256: 189eb833eed666277b037d2c44671b72f22c8cba07960022f15464ddd2cbf3e4 |
| hibernate3-annotations-javadoc-3.3.1-2.0.GA_CP04.ep1.el4.noarch.rpm File outdated by: RHBA-2011:1297 |
MD5: 353d25c865ced4a9a033ff7e6b7939e3 SHA-256: 51717e59ccd8dea018eef026382de31dc813a7acef08b4a95f3c5489b7b99925 |
| hibernate3-javadoc-3.2.4-1.SP1_CP11.0jpp.ep2.0.el4.noarch.rpm File outdated by: RHBA-2011:1297 |
MD5: 1b98e163039305517a3915a3ce4136fa SHA-256: 8a42ccddc50c0bb5ac850a1da21189df25819241aac6caae07adb18994dc4871 |
| javassist-3.9.0-2.ep1.1.el4.noarch.rpm | MD5: 2ca74f935dab7e9fcc3f911378cb2712 SHA-256: a85ae7c05b658d1c7e04cd0d39937b61a7fc80cf5fb44b058df08d802aba27a3 |
| jboss-common-1.2.2-1.ep1.1.el4.noarch.rpm | MD5: d463fdc704e00477d199d6a14b53d510 SHA-256: 5733406c8eb561c912f83f37735af9648fbf2a8bc3c873bed52e2f43a764ba65 |
| jboss-messaging-1.4.0-4.SP3_CP11.1.ep1.el4.noarch.rpm File outdated by: RHBA-2011:1297 |
MD5: fc93d7e1e47350b422fde2c1c08a9d47 SHA-256: 837ab0beb834b85ab2433955e3d326f81bf4ecb8a44e2e9efcafb65d688e8d49 |
| jboss-remoting-2.2.3-4.SP3.ep1.el4.noarch.rpm File outdated by: RHBA-2011:1297 |
MD5: ea88931ed4e3ae76f6ed8f59e082e347 SHA-256: c17335ac50536ad650a351c41b8a02692b5a9c06bd33871114c30c13b07dc50d |
| jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.22.el4.noarch.rpm File outdated by: RHBA-2011:1297 |
MD5: 482694bd546d8cfcb581c7edff978e3d SHA-256: d2df6d3a26d0e5843bf8d0dbe7467531e8c434169804f9fa4c22d409ce81dd8d |
| jboss-seam-docs-1.2.1-3.JBPAPP_4_3_0_GA.ep1.22.el4.noarch.rpm File outdated by: RHBA-2011:1297 |
MD5: 066e0795bd354fe7e72ece7768cc3b87 SHA-256: 7191a4780bf5f707722813af9272dcfa08f592e78ea88a6eb75194fc5e75be37 |
| jboss-seam2-2.0.2.FP-1.ep1.26.el4.noarch.rpm File outdated by: RHBA-2011:1297 |
MD5: ce888c77647a23c90d8c5596b0025e2c SHA-256: 99942747a5856e1da28b2dc73e5a29ba6e51d377f9c844b72cc8bd1ff200b38f |
| jboss-seam2-docs-2.0.2.FP-1.ep1.26.el4.noarch.rpm File outdated by: RHBA-2011:1297 |
MD5: 0f76b2e1b533df71825bd5aa4b46cdb2 SHA-256: 446fbed3698c1aea81b4bf26eea7b416bada04b1c3f281395faf1e5383a9edf7 |
| jbossas-4.3.0-8.GA_CP09.2.ep1.el4.noarch.rpm File outdated by: RHSA-2013:0249 |
MD5: 7a46d918b8f786c35ca9ce1e3498d4bd SHA-256: a66022b2f38ac37893514940d74ade743acb79ab7cbb089cb9921dcf5063dad2 |
| jbossas-4.3.0.GA_CP09-bin-4.3.0-8.GA_CP09.2.ep1.el4.noarch.rpm | MD5: dbd509cfdaa6228ebaefa4b13dbae7d1 SHA-256: f71ef72e715e052fca1092242dc4c6c1458f86b9a8c6e65b87cb3ad8c69c4206 |
| jbossas-client-4.3.0-8.GA_CP09.2.ep1.el4.noarch.rpm File outdated by: RHSA-2013:0249 |
MD5: ced1c8a1abca71c005108dc8a859db07 SHA-256: 87012e5bc99e8d0352f4ad8d0dba83295e855d07d4a76fb6af2af8bad71a43ce |
| jbossts-4.2.3-2.SP5_CP10.1jpp.ep1.1.el4.noarch.rpm | MD5: 712a35f3ef70f929f5eaa3c86e0a84a4 SHA-256: 79a58a025aaa9e805ce800fc7fe0b3ec9611e8a8dcbdd935d368b61cf5c8af70 |
| jbossweb-2.0.0-7.CP15.0jpp.ep1.1.el4.noarch.rpm File outdated by: RHBA-2011:1297 |
MD5: 16bef652ef90d920b213455ec3e04b3d SHA-256: f78be9f9a9c69185342fef58a933d3ac17b392eaa50f5d821cee8c34d53265ea |
| jbossws-2.0.1-6.SP2_CP09.2.ep1.el4.noarch.rpm File outdated by: RHBA-2011:1297 |
MD5: c82adba91bd20d32e470065b6f1013ac SHA-256: e48aa575b219147ae7ddc9e524ba55f855de5a3d6299bfc990dbf07f8ca8a8aa |
| jbossws-common-1.0.0-3.GA_CP06.1.ep1.el4.noarch.rpm File outdated by: RHSA-2011:1306 |
MD5: f0ad625c8c5a233bc853726082ca4e63 SHA-256: 31d8f92977a8bf4804fc5a6e32aa70ba58271b2606acbd1eefbeb05bb3d71cc3 |
| jgroups-2.4.9-1.ep1.el4.noarch.rpm File outdated by: RHBA-2011:1297 |
MD5: 54a03bcc0d0011821122cb8a65349991 SHA-256: 26302bd67f01e583f4a042d923e3b4914f68d913c63c2785876ec7d65502ef4c |
| rh-eap-docs-4.3.0-8.GA_CP09.ep1.3.el4.noarch.rpm File outdated by: RHBA-2011:1297 |
MD5: ef308a3f10d852c7ad58083b14f50ddf SHA-256: 4df5752127ee982e915529f8e740c00b7d7d294aaf5b28ed70f6c56ab2818e0e |
| rh-eap-docs-examples-4.3.0-8.GA_CP09.ep1.3.el4.noarch.rpm File outdated by: RHBA-2011:1297 |
MD5: 180c2826953942a1e89c1a79ac2aa741 SHA-256: b6230aaaf5d1365aacc55abb288545609f509c6184e6ec8592411d8cb8a1c21c |
| xalan-j2-2.7.1-4.ep1.1.el4.noarch.rpm | MD5: a2702f1fc692cc1274979a605c59f419 SHA-256: 0a745e8c83b662b03fa228dbde1ff302942318f53342c98974b827813962fa5e |
| x86_64: | |
| glassfish-jaxb-2.1.4-1.17.patch04.ep1.el4.noarch.rpm | MD5: 7e64daf90ef21d28f91a1d36a40ce1c6 SHA-256: ab3dff169f99eba29da151e63b32319d27ac66461a15a1d96c042321621c9c25 |
| glassfish-jaxws-2.1.1-1jpp.ep1.13.el4.noarch.rpm | MD5: f69fb400664e15006c35826fcec9d3d8 SHA-256: dee1c2aaff5759a2fea5678e468ac127de1751c1afbb15d4dfeb5cee212ec605 |
| hibernate3-3.2.4-1.SP1_CP11.0jpp.ep2.0.el4.noarch.rpm File outdated by: RHBA-2011:1297 |
MD5: 6bf78631e5a52f1a7a595d1a611eaa2d SHA-256: 2c7ed28f220ebffcb513a2a62ee005063792d6ffdc3abc4370a06de86a9780be |
| hibernate3-annotations-3.3.1-2.0.GA_CP04.ep1.el4.noarch.rpm File outdated by: RHBA-2011:1297 |
MD5: c2ebfdbea5c292a91c35f4482a99d6e5 SHA-256: 189eb833eed666277b037d2c44671b72f22c8cba07960022f15464ddd2cbf3e4 |
| hibernate3-annotations-javadoc-3.3.1-2.0.GA_CP04.ep1.el4.noarch.rpm File outdated by: RHBA-2011:1297 |
MD5: 353d25c865ced4a9a033ff7e6b7939e3 SHA-256: 51717e59ccd8dea018eef026382de31dc813a7acef08b4a95f3c5489b7b99925 |
| hibernate3-javadoc-3.2.4-1.SP1_CP11.0jpp.ep2.0.el4.noarch.rpm File outdated by: RHBA-2011:1297 |
MD5: 1b98e163039305517a3915a3ce4136fa SHA-256: 8a42ccddc50c0bb5ac850a1da21189df25819241aac6caae07adb18994dc4871 |
| javassist-3.9.0-2.ep1.1.el4.noarch.rpm | MD5: 2ca74f935dab7e9fcc3f911378cb2712 SHA-256: a85ae7c05b658d1c7e04cd0d39937b61a7fc80cf5fb44b058df08d802aba27a3 |
| jboss-common-1.2.2-1.ep1.1.el4.noarch.rpm | MD5: d463fdc704e00477d199d6a14b53d510 SHA-256: 5733406c8eb561c912f83f37735af9648fbf2a8bc3c873bed52e2f43a764ba65 |
| jboss-messaging-1.4.0-4.SP3_CP11.1.ep1.el4.noarch.rpm File outdated by: RHBA-2011:1297 |
MD5: fc93d7e1e47350b422fde2c1c08a9d47 SHA-256: 837ab0beb834b85ab2433955e3d326f81bf4ecb8a44e2e9efcafb65d688e8d49 |
| jboss-remoting-2.2.3-4.SP3.ep1.el4.noarch.rpm File outdated by: RHBA-2011:1297 |
MD5: ea88931ed4e3ae76f6ed8f59e082e347 SHA-256: c17335ac50536ad650a351c41b8a02692b5a9c06bd33871114c30c13b07dc50d |
| jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.22.el4.noarch.rpm File outdated by: RHBA-2011:1297 |
MD5: 482694bd546d8cfcb581c7edff978e3d SHA-256: d2df6d3a26d0e5843bf8d0dbe7467531e8c434169804f9fa4c22d409ce81dd8d |
| jboss-seam-docs-1.2.1-3.JBPAPP_4_3_0_GA.ep1.22.el4.noarch.rpm File outdated by: RHBA-2011:1297 |
MD5: 066e0795bd354fe7e72ece7768cc3b87 SHA-256: 7191a4780bf5f707722813af9272dcfa08f592e78ea88a6eb75194fc5e75be37 |
| jboss-seam2-2.0.2.FP-1.ep1.26.el4.noarch.rpm File outdated by: RHBA-2011:1297 |
MD5: ce888c77647a23c90d8c5596b0025e2c SHA-256: 99942747a5856e1da28b2dc73e5a29ba6e51d377f9c844b72cc8bd1ff200b38f |
| jboss-seam2-docs-2.0.2.FP-1.ep1.26.el4.noarch.rpm File outdated by: RHBA-2011:1297 |
MD5: 0f76b2e1b533df71825bd5aa4b46cdb2 SHA-256: 446fbed3698c1aea81b4bf26eea7b416bada04b1c3f281395faf1e5383a9edf7 |
| jbossas-4.3.0-8.GA_CP09.2.ep1.el4.noarch.rpm File outdated by: RHSA-2013:0249 |
MD5: 7a46d918b8f786c35ca9ce1e3498d4bd SHA-256: a66022b2f38ac37893514940d74ade743acb79ab7cbb089cb9921dcf5063dad2 |
| jbossas-4.3.0.GA_CP09-bin-4.3.0-8.GA_CP09.2.ep1.el4.noarch.rpm | MD5: dbd509cfdaa6228ebaefa4b13dbae7d1 SHA-256: f71ef72e715e052fca1092242dc4c6c1458f86b9a8c6e65b87cb3ad8c69c4206 |
| jbossas-client-4.3.0-8.GA_CP09.2.ep1.el4.noarch.rpm File outdated by: RHSA-2013:0249 |
MD5: ced1c8a1abca71c005108dc8a859db07 SHA-256: 87012e5bc99e8d0352f4ad8d0dba83295e855d07d4a76fb6af2af8bad71a43ce |
| jbossts-4.2.3-2.SP5_CP10.1jpp.ep1.1.el4.noarch.rpm | MD5: 712a35f3ef70f929f5eaa3c86e0a84a4 SHA-256: 79a58a025aaa9e805ce800fc7fe0b3ec9611e8a8dcbdd935d368b61cf5c8af70 |
| jbossweb-2.0.0-7.CP15.0jpp.ep1.1.el4.noarch.rpm File outdated by: RHBA-2011:1297 |
MD5: 16bef652ef90d920b213455ec3e04b3d SHA-256: f78be9f9a9c69185342fef58a933d3ac17b392eaa50f5d821cee8c34d53265ea |
| jbossws-2.0.1-6.SP2_CP09.2.ep1.el4.noarch.rpm File outdated by: RHBA-2011:1297 |
MD5: c82adba91bd20d32e470065b6f1013ac SHA-256: e48aa575b219147ae7ddc9e524ba55f855de5a3d6299bfc990dbf07f8ca8a8aa |
| jbossws-common-1.0.0-3.GA_CP06.1.ep1.el4.noarch.rpm File outdated by: RHSA-2011:1306 |
MD5: f0ad625c8c5a233bc853726082ca4e63 SHA-256: 31d8f92977a8bf4804fc5a6e32aa70ba58271b2606acbd1eefbeb05bb3d71cc3 |
| jgroups-2.4.9-1.ep1.el4.noarch.rpm File outdated by: RHBA-2011:1297 |
MD5: 54a03bcc0d0011821122cb8a65349991 SHA-256: 26302bd67f01e583f4a042d923e3b4914f68d913c63c2785876ec7d65502ef4c |
| rh-eap-docs-4.3.0-8.GA_CP09.ep1.3.el4.noarch.rpm File outdated by: RHBA-2011:1297 |
MD5: ef308a3f10d852c7ad58083b14f50ddf SHA-256: 4df5752127ee982e915529f8e740c00b7d7d294aaf5b28ed70f6c56ab2818e0e |
| rh-eap-docs-examples-4.3.0-8.GA_CP09.ep1.3.el4.noarch.rpm File outdated by: RHBA-2011:1297 |
MD5: 180c2826953942a1e89c1a79ac2aa741 SHA-256: b6230aaaf5d1365aacc55abb288545609f509c6184e6ec8592411d8cb8a1c21c |
| xalan-j2-2.7.1-4.ep1.1.el4.noarch.rpm | MD5: a2702f1fc692cc1274979a605c59f419 SHA-256: 0a745e8c83b662b03fa228dbde1ff302942318f53342c98974b827813962fa5e |
| (The unlinked packages above are only available from the Red Hat Network) | |
Bugs fixed (see bugzilla for more information)
604617 - CVE-2010-3878 JBoss EAP jmx console FileDeployment CSRF
633859 - CVE-2010-3708 JBoss drools deserialization remote code execution
638224 - Tracker bug for the EAP 4.3.0.cp09 release.
641389 - CVE-2010-3862 JBoss Remoting Denial-Of-Service
References
https://www.redhat.com/security/data/cve/CVE-2010-3708.html
https://www.redhat.com/security/data/cve/CVE-2010-3862.html
https://www.redhat.com/security/data/cve/CVE-2010-3878.html
http://www.redhat.com/security/updates/classification/#important
http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3/html-single/Release_Notes_CP09/index.html
https://www.redhat.com/security/data/cve/CVE-2010-3862.html
https://www.redhat.com/security/data/cve/CVE-2010-3878.html
http://www.redhat.com/security/updates/classification/#important
http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3/html-single/Release_Notes_CP09/index.html
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
