Important: JBoss Enterprise Application Platform 4.3.0.CP09 update
| Advisory: | RHSA-2010:0938-1 |
|---|---|
| Type: | Security Advisory |
| Severity: | Important |
| Issued on: | 2010-12-01 |
| Last updated on: | 2010-12-01 |
| Affected Products: | JBoss Enterprise Application Platform 4.3.0 EL5 |
| CVEs (cve.mitre.org): |
CVE-2010-3708 CVE-2010-3862 CVE-2010-3878 |
Details
Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix
three security issues and multiple bugs are now available for Red Hat
Enterprise Linux 5 as JBEAP 4.3.0.CP09.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
JBoss Enterprise Application Platform is the market leading platform for
innovative and scalable Java applications; integrating the JBoss
Application Server, with JBoss Hibernate and JBoss Seam into a complete,
simple enterprise solution.
This release of JBEAP for Red Hat Enterprise Linux 5 serves as a
replacement to JBEAP 4.3.0.CP08.
These updated packages include multiple bug fixes which are detailed in the
Release Notes. The Release Notes will be available shortly from the link in
the References section.
The following security issues are also fixed with this release:
An input sanitization flaw was found in the way JBoss Drools implemented
certain rule base serialization. If a remote attacker supplied
specially-crafted input to a JBoss Seam based application that accepts
serialized input, it could lead to arbitrary code execution with the
privileges of the JBoss server process. (CVE-2010-3708)
A Cross-Site Request Forgery (CSRF) flaw was found in the JMX Console. A
remote attacker could use this flaw to deploy a WAR file of their choosing
on the target server, if they are able to trick a user, who is logged into
the JMX Console as the admin user, into visiting a specially-crafted web
page. (CVE-2010-3878)
A flaw was found in the JBoss Remoting component. A remote attacker could
use specially-crafted input to cause the JBoss Remoting listeners to become
unresponsive, resulting in a denial of service condition for services
communicating via JBoss Remoting sockets. (CVE-2010-3862)
Red Hat would like to thank Ole Husgaard of eXerp.com for reporting the
CVE-2010-3862 issue.
Warning: Before applying this update, please backup the JBEAP
"server/[configuration]/deploy/" directory, and any other customized
configuration files.
All users of JBEAP 4.3 on Red Hat Enterprise Linux 5 are advised to upgrade
to these updated packages.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Updated packages
| JBoss Enterprise Application Platform 4.3.0 EL5 | |
| SRPMS: | |
| glassfish-jaxb-2.1.4-1.17.patch04.ep1.el5.src.rpm | MD5: d6b0794f2114b8ad7ef319e778ffacb0 SHA-256: 7e98536b604a3a3b8b3aafcb45dd9747d655da84ebb6c8b2dab7d0b7fcb9cb4e |
| glassfish-jaxws-2.1.1-1jpp.ep1.13.el5.src.rpm | MD5: e66371265aa7c6170d19e494d70c1995 SHA-256: ab1072ba942d994dbd1b8d1cfded1553e809a120dce637ff1184e258ec98aa2d |
| hibernate3-3.2.4-1.SP1_CP11.0jpp.ep2.0.el5.src.rpm File outdated by: RHBA-2011:1298 |
MD5: 12c07a9c36f77a320ba0b74befcfeb1a SHA-256: c97dd2a13decfe86301cb66978076b0819a2dc696282b2a11701e22a3891714a |
| hibernate3-annotations-3.3.1-2.0.GA_CP04.ep1.el5.src.rpm File outdated by: RHBA-2011:1298 |
MD5: 83a39dfe15704aa630ae8cf7c0071e74 SHA-256: cca71308648f6be95e75e994f2734a5a8a77d04a1c4aa6cece6edcb389a10329 |
| javassist-3.9.0-2.ep1.1.el5.src.rpm | MD5: 975e4fee5041bd7d0568c7bb7632d76f SHA-256: 437ce732491c6184f31f38dcd0a371b1a2876a8c82504155d2d93a49816063d4 |
| jboss-common-1.2.2-1.ep1.1.el5.src.rpm | MD5: c75bce120fb0729677cbbfe670d3ec2f SHA-256: 9592aae7d8376e7d6a897fdd132be57d0e85e9770ef76237d9a22692fa2beaf5 |
| jboss-messaging-1.4.0-4.SP3_CP11.1.ep1.el5.src.rpm File outdated by: RHBA-2011:1298 |
MD5: d19dfd698a90aae2daa1e2daea0748c1 SHA-256: 5ab345fe56258d8794992b60924cd168a0d942f254966036a7cef77a875f7e82 |
| jboss-remoting-2.2.3-4.SP3.ep1.el5.src.rpm File outdated by: RHBA-2011:1298 |
MD5: 14e621398c6429ea2f489be99c30d9fe SHA-256: dfc6b9d26b53ed15a7b70fac736e25d875e6a6be97bad9ee3f9afba8ffc6be26 |
| jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.22.el5.1.src.rpm File outdated by: RHBA-2011:1298 |
MD5: 9a83265b1cff4deec064541e5b1e0f66 SHA-256: fceaa08d29fc0b4ece2ef80eafb7d87e74e060e42bb825dd661d9c592bd599db |
| jboss-seam2-2.0.2.FP-1.ep1.26.el5.src.rpm File outdated by: RHBA-2011:1298 |
MD5: 4721bb45e165818d21217990e3e690b5 SHA-256: 38e3076f6450bd719546ff82bb05a045955a0b5f180f98af9250768464496d51 |
| jbossas-4.3.0-8.GA_CP09.2.1.ep1.el5.src.rpm File outdated by: RHSA-2013:0249 |
MD5: 0272937a631bb434c8317d67ee601bd3 SHA-256: b55324bab254d0277884d3f84c4af46883676608562b63f12a64d9748830330a |
| jbossts-4.2.3-2.SP5_CP10.1jpp.ep1.1.el5.src.rpm | MD5: ca933bb4e8009153120eea6879a5b720 SHA-256: a3884709aa0a07ca085eccabecd3bb792e11b04666447f1136a861f05ab71b30 |
| jbossweb-2.0.0-7.CP15.0jpp.ep1.1.el5.src.rpm File outdated by: RHBA-2011:1298 |
MD5: f33876a79286c6d7aee28bc056703f19 SHA-256: 1c743fe23da72663145c75dd1d452359081eae418307397a8f569f7d3a720e6c |
| jbossws-2.0.1-6.SP2_CP09.2.ep1.el5.src.rpm File outdated by: RHBA-2011:1298 |
MD5: 304af6451c47c0147573e6c372842c0b SHA-256: 2ca0a1fd70c7483f2ea8f2d0e7a0dda009ba07e4d18fa08063db7c82b4250377 |
| jbossws-common-1.0.0-3.GA_CP06.1.ep1.el5.src.rpm File outdated by: RHSA-2011:1306 |
MD5: a14e434e505bc9d749137661571eaddb SHA-256: 99af24424073e997a47a873f01debc64612ad636681cb716dfaf070cfbdd4c57 |
| jgroups-2.4.9-1.ep1.el5.src.rpm File outdated by: RHBA-2011:1298 |
MD5: 2ba7d1e0f925d71e32f9eede9220de6c SHA-256: d3e4082d4e9d4b1ab61d5088eab59137b86bbc48c1f20533c8f2cb6d21168f20 |
| quartz-1.5.2-1jpp.patch01.ep1.4.2.el5.src.rpm | MD5: f04b459243acceae47a1a8c634465753 SHA-256: bbfde4e8889a0cb8d5e8a28651a23c9ba6f86a95e790d003474a85ac6cf6eeb9 |
| rh-eap-docs-4.3.0-8.GA_CP09.ep1.3.el5.src.rpm File outdated by: RHBA-2011:1298 |
MD5: 2147c1dab43dc766cb3639a463035952 SHA-256: e281b5d48e26a6a2dde4be6caba94550d3e0c223fbae42b0469a3ec1ed836b9c |
| xalan-j2-2.7.1-4.ep1.1.el5.src.rpm | MD5: 69a945095188ad6790f262d01e49615e SHA-256: acd022240677d1ba39af23470a92237674ff64a4150fbdf611bf18d75b79a53c |
| IA-32: | |
| glassfish-jaxb-2.1.4-1.17.patch04.ep1.el5.noarch.rpm | MD5: ed9de15749613b027688256678b66d3c SHA-256: cef8d28c36a7734076a70d30cbc67226a769047117d26fc6cd6823183cb55d00 |
| glassfish-jaxws-2.1.1-1jpp.ep1.13.el5.noarch.rpm | MD5: 9c0e7f14ba9b6b47d82ca346248bed12 SHA-256: 3caff06f69bf6ddaa8b8f86893948bf219c9eec15828eb68e70bbc0009753946 |
| hibernate3-3.2.4-1.SP1_CP11.0jpp.ep2.0.el5.noarch.rpm File outdated by: RHBA-2011:1298 |
MD5: 282828de0685fea972e06091e890315c SHA-256: 6344a0fe7bcfa58bcd3fd6936f2447a1403f559b0118d1f5a21f22a67def83bd |
| hibernate3-annotations-3.3.1-2.0.GA_CP04.ep1.el5.noarch.rpm File outdated by: RHBA-2011:1298 |
MD5: 1d27bacde7df8944815f03c5b7ea524c SHA-256: a1df42abe02b31ddf2bdbd786bc048bfbde41e73c1d9b4a9d453ae67658d7588 |
| hibernate3-annotations-javadoc-3.3.1-2.0.GA_CP04.ep1.el5.noarch.rpm File outdated by: RHBA-2011:1298 |
MD5: 218231c973bbc4aee6f0e06dc307b5ed SHA-256: 743d7c08bf6f3ebfba852280ac613735c91b6d41ceb4209c4d8021656c1c6477 |
| hibernate3-javadoc-3.2.4-1.SP1_CP11.0jpp.ep2.0.el5.noarch.rpm File outdated by: RHBA-2011:1298 |
MD5: f14d8e4c9e1628014a81aeb5208f4b07 SHA-256: c25b2d6856c3c5a76d09504070b6103408ec5214086d5a016d5a70339b1fc7ad |
| javassist-3.9.0-2.ep1.1.el5.noarch.rpm | MD5: 7fe6e709b9118d4ea43ab90e2f352c76 SHA-256: 5faf80d7fe835cbd66a9eef467d84fa2c950d64098ad4a95b093b35e474046d4 |
| jboss-common-1.2.2-1.ep1.1.el5.noarch.rpm | MD5: 192fae1a7fb87a7a97cf7477a9d8bf82 SHA-256: c017db8773dc94efd7b4fa57b19864cfa186c9810b941b4ad8c845c56da7a0e2 |
| jboss-messaging-1.4.0-4.SP3_CP11.1.ep1.el5.noarch.rpm File outdated by: RHBA-2011:1298 |
MD5: ddcf155638a9b65cf8004c14d5233020 SHA-256: c314c6ba9519b0ca5d698ed9f18b21fb0b21402a350f82ccb02f527bc6fd7817 |
| jboss-remoting-2.2.3-4.SP3.ep1.el5.noarch.rpm File outdated by: RHBA-2011:1298 |
MD5: 03ac7bf2ec644ca728cc954251090a4a SHA-256: 8b0118d6d4896dd8186639221e9f86e2744cafa37c998843a52e9774d38b0ef2 |
| jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.22.el5.1.noarch.rpm File outdated by: RHBA-2011:1298 |
MD5: 82bc16ba82efe34934ae01e044599bb2 SHA-256: e890238c430052160f413cdaea0891415ae9a2565ecf22897b21746b855e1716 |
| jboss-seam-docs-1.2.1-3.JBPAPP_4_3_0_GA.ep1.22.el5.1.noarch.rpm File outdated by: RHBA-2011:1298 |
MD5: debe4e23eca67d9b8b6ddebf00a22ee0 SHA-256: cf8bbf7e598555ab791e3476f7e18905297c6bcdd3cef165ac074acba5c2e162 |
| jboss-seam2-2.0.2.FP-1.ep1.26.el5.noarch.rpm File outdated by: RHBA-2011:1298 |
MD5: 6fbf7448fb7e2954e61ea8fdd23a0f58 SHA-256: 47fcf1ba6f925f17929102ad154e503d24e608bc6e271f79460fd1b86398d4a9 |
| jboss-seam2-docs-2.0.2.FP-1.ep1.26.el5.noarch.rpm File outdated by: RHBA-2011:1298 |
MD5: ff7bb00f2bde4e0b7c1f1f8b4573a130 SHA-256: a66301b7b9e3dc7a267803e71fb9a25598ac2cc3b45152cdf883bb619f2c7656 |
| jbossas-4.3.0-8.GA_CP09.2.1.ep1.el5.noarch.rpm File outdated by: RHSA-2013:0249 |
MD5: af19c298279820a1101f476c6a13826b SHA-256: dbd4da8b171a2066c00ba9aff31f3fce3e8b3c879d8c6a75eb91c85b03e26022 |
| jbossas-4.3.0.GA_CP09-bin-4.3.0-8.GA_CP09.2.1.ep1.el5.noarch.rpm | MD5: 8f33ddbef300facd8b8918dd1e16f4c4 SHA-256: a1b812e0a6adcac6b9d9b6202807721a355053995778ceaeac1f13928e9492b8 |
| jbossas-client-4.3.0-8.GA_CP09.2.1.ep1.el5.noarch.rpm File outdated by: RHSA-2013:0249 |
MD5: a687744d1a12d1f934acd7dff1179325 SHA-256: 2c4829cfd267e363e16d4568e79445b8bea97ceb70c3cf4c9b4d2d477be75c41 |
| jbossts-4.2.3-2.SP5_CP10.1jpp.ep1.1.el5.noarch.rpm | MD5: 54e031bf68ec8f1c8c69f0564484b183 SHA-256: 1abb111090572ac8c59eda4d47f1fe01be0415ca884b1f54989f06d1dd0bd00c |
| jbossweb-2.0.0-7.CP15.0jpp.ep1.1.el5.noarch.rpm File outdated by: RHBA-2011:1298 |
MD5: 1caf0aa9435aafeb474c23acebcb6e0b SHA-256: 70313e6929ae06d240fe62b1d8e3ba82b7235904e053ab4082ba86a0a3a3757c |
| jbossws-2.0.1-6.SP2_CP09.2.ep1.el5.noarch.rpm File outdated by: RHBA-2011:1298 |
MD5: b3c9d298c3ae9fb13102a45c1797c3bb SHA-256: 5ffbdc3f47cf4f6b20aff74bd94985f2518dc41d7020742c10ee232dc83bd5b6 |
| jbossws-common-1.0.0-3.GA_CP06.1.ep1.el5.noarch.rpm File outdated by: RHSA-2011:1306 |
MD5: 882bc3045c0431150863a327efb83293 SHA-256: a09a8c22b4d2cf7bd3d70f7fb0d02139a258a5c853191290ae3da229b3f743de |
| jgroups-2.4.9-1.ep1.el5.noarch.rpm File outdated by: RHBA-2011:1298 |
MD5: 0d1b74c5377a23b0b97e671f008782f9 SHA-256: 70b5880152ca48365d3ddef41dd53282a3a8e35c77691a173ff31c9c378e1d70 |
| quartz-1.5.2-1jpp.patch01.ep1.4.2.el5.noarch.rpm | MD5: 28afda32817950f875de900dcf9dd68b SHA-256: d6467406d017721e5213933ae251d9adbb072478e4785b96949415a1e7c9e457 |
| rh-eap-docs-4.3.0-8.GA_CP09.ep1.3.el5.noarch.rpm File outdated by: RHBA-2011:1298 |
MD5: 09b2b44bc9f9547ead47941ae4557d52 SHA-256: b25c769a6532abdfbb333a5c18585492b65028dcff4482852389ae5734c65035 |
| rh-eap-docs-examples-4.3.0-8.GA_CP09.ep1.3.el5.noarch.rpm File outdated by: RHBA-2011:1298 |
MD5: 5c39b81a6e5a3a4f051742c71984d1bf SHA-256: eeeaffeb96fa165db1813b6cbf39432d87b946b4ed523872cdffbbaee532c5a1 |
| xalan-j2-2.7.1-4.ep1.1.el5.noarch.rpm | MD5: 98b3428a785846469397e3b8e254da29 SHA-256: 85a36b5435428ac636e5e604a553dc5ae0a0fa9eaadd3bac8209d81eec4cb46b |
| x86_64: | |
| glassfish-jaxb-2.1.4-1.17.patch04.ep1.el5.noarch.rpm | MD5: ed9de15749613b027688256678b66d3c SHA-256: cef8d28c36a7734076a70d30cbc67226a769047117d26fc6cd6823183cb55d00 |
| glassfish-jaxws-2.1.1-1jpp.ep1.13.el5.noarch.rpm | MD5: 9c0e7f14ba9b6b47d82ca346248bed12 SHA-256: 3caff06f69bf6ddaa8b8f86893948bf219c9eec15828eb68e70bbc0009753946 |
| hibernate3-3.2.4-1.SP1_CP11.0jpp.ep2.0.el5.noarch.rpm File outdated by: RHBA-2011:1298 |
MD5: 282828de0685fea972e06091e890315c SHA-256: 6344a0fe7bcfa58bcd3fd6936f2447a1403f559b0118d1f5a21f22a67def83bd |
| hibernate3-annotations-3.3.1-2.0.GA_CP04.ep1.el5.noarch.rpm File outdated by: RHBA-2011:1298 |
MD5: 1d27bacde7df8944815f03c5b7ea524c SHA-256: a1df42abe02b31ddf2bdbd786bc048bfbde41e73c1d9b4a9d453ae67658d7588 |
| hibernate3-annotations-javadoc-3.3.1-2.0.GA_CP04.ep1.el5.noarch.rpm File outdated by: RHBA-2011:1298 |
MD5: 218231c973bbc4aee6f0e06dc307b5ed SHA-256: 743d7c08bf6f3ebfba852280ac613735c91b6d41ceb4209c4d8021656c1c6477 |
| hibernate3-javadoc-3.2.4-1.SP1_CP11.0jpp.ep2.0.el5.noarch.rpm File outdated by: RHBA-2011:1298 |
MD5: f14d8e4c9e1628014a81aeb5208f4b07 SHA-256: c25b2d6856c3c5a76d09504070b6103408ec5214086d5a016d5a70339b1fc7ad |
| javassist-3.9.0-2.ep1.1.el5.noarch.rpm | MD5: 7fe6e709b9118d4ea43ab90e2f352c76 SHA-256: 5faf80d7fe835cbd66a9eef467d84fa2c950d64098ad4a95b093b35e474046d4 |
| jboss-common-1.2.2-1.ep1.1.el5.noarch.rpm | MD5: 192fae1a7fb87a7a97cf7477a9d8bf82 SHA-256: c017db8773dc94efd7b4fa57b19864cfa186c9810b941b4ad8c845c56da7a0e2 |
| jboss-messaging-1.4.0-4.SP3_CP11.1.ep1.el5.noarch.rpm File outdated by: RHBA-2011:1298 |
MD5: ddcf155638a9b65cf8004c14d5233020 SHA-256: c314c6ba9519b0ca5d698ed9f18b21fb0b21402a350f82ccb02f527bc6fd7817 |
| jboss-remoting-2.2.3-4.SP3.ep1.el5.noarch.rpm File outdated by: RHBA-2011:1298 |
MD5: 03ac7bf2ec644ca728cc954251090a4a SHA-256: 8b0118d6d4896dd8186639221e9f86e2744cafa37c998843a52e9774d38b0ef2 |
| jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.22.el5.1.noarch.rpm File outdated by: RHBA-2011:1298 |
MD5: 82bc16ba82efe34934ae01e044599bb2 SHA-256: e890238c430052160f413cdaea0891415ae9a2565ecf22897b21746b855e1716 |
| jboss-seam-docs-1.2.1-3.JBPAPP_4_3_0_GA.ep1.22.el5.1.noarch.rpm File outdated by: RHBA-2011:1298 |
MD5: debe4e23eca67d9b8b6ddebf00a22ee0 SHA-256: cf8bbf7e598555ab791e3476f7e18905297c6bcdd3cef165ac074acba5c2e162 |
| jboss-seam2-2.0.2.FP-1.ep1.26.el5.noarch.rpm File outdated by: RHBA-2011:1298 |
MD5: 6fbf7448fb7e2954e61ea8fdd23a0f58 SHA-256: 47fcf1ba6f925f17929102ad154e503d24e608bc6e271f79460fd1b86398d4a9 |
| jboss-seam2-docs-2.0.2.FP-1.ep1.26.el5.noarch.rpm File outdated by: RHBA-2011:1298 |
MD5: ff7bb00f2bde4e0b7c1f1f8b4573a130 SHA-256: a66301b7b9e3dc7a267803e71fb9a25598ac2cc3b45152cdf883bb619f2c7656 |
| jbossas-4.3.0-8.GA_CP09.2.1.ep1.el5.noarch.rpm File outdated by: RHSA-2013:0249 |
MD5: af19c298279820a1101f476c6a13826b SHA-256: dbd4da8b171a2066c00ba9aff31f3fce3e8b3c879d8c6a75eb91c85b03e26022 |
| jbossas-4.3.0.GA_CP09-bin-4.3.0-8.GA_CP09.2.1.ep1.el5.noarch.rpm | MD5: 8f33ddbef300facd8b8918dd1e16f4c4 SHA-256: a1b812e0a6adcac6b9d9b6202807721a355053995778ceaeac1f13928e9492b8 |
| jbossas-client-4.3.0-8.GA_CP09.2.1.ep1.el5.noarch.rpm File outdated by: RHSA-2013:0249 |
MD5: a687744d1a12d1f934acd7dff1179325 SHA-256: 2c4829cfd267e363e16d4568e79445b8bea97ceb70c3cf4c9b4d2d477be75c41 |
| jbossts-4.2.3-2.SP5_CP10.1jpp.ep1.1.el5.noarch.rpm | MD5: 54e031bf68ec8f1c8c69f0564484b183 SHA-256: 1abb111090572ac8c59eda4d47f1fe01be0415ca884b1f54989f06d1dd0bd00c |
| jbossweb-2.0.0-7.CP15.0jpp.ep1.1.el5.noarch.rpm File outdated by: RHBA-2011:1298 |
MD5: 1caf0aa9435aafeb474c23acebcb6e0b SHA-256: 70313e6929ae06d240fe62b1d8e3ba82b7235904e053ab4082ba86a0a3a3757c |
| jbossws-2.0.1-6.SP2_CP09.2.ep1.el5.noarch.rpm File outdated by: RHBA-2011:1298 |
MD5: b3c9d298c3ae9fb13102a45c1797c3bb SHA-256: 5ffbdc3f47cf4f6b20aff74bd94985f2518dc41d7020742c10ee232dc83bd5b6 |
| jbossws-common-1.0.0-3.GA_CP06.1.ep1.el5.noarch.rpm File outdated by: RHSA-2011:1306 |
MD5: 882bc3045c0431150863a327efb83293 SHA-256: a09a8c22b4d2cf7bd3d70f7fb0d02139a258a5c853191290ae3da229b3f743de |
| jgroups-2.4.9-1.ep1.el5.noarch.rpm File outdated by: RHBA-2011:1298 |
MD5: 0d1b74c5377a23b0b97e671f008782f9 SHA-256: 70b5880152ca48365d3ddef41dd53282a3a8e35c77691a173ff31c9c378e1d70 |
| quartz-1.5.2-1jpp.patch01.ep1.4.2.el5.noarch.rpm | MD5: 28afda32817950f875de900dcf9dd68b SHA-256: d6467406d017721e5213933ae251d9adbb072478e4785b96949415a1e7c9e457 |
| rh-eap-docs-4.3.0-8.GA_CP09.ep1.3.el5.noarch.rpm File outdated by: RHBA-2011:1298 |
MD5: 09b2b44bc9f9547ead47941ae4557d52 SHA-256: b25c769a6532abdfbb333a5c18585492b65028dcff4482852389ae5734c65035 |
| rh-eap-docs-examples-4.3.0-8.GA_CP09.ep1.3.el5.noarch.rpm File outdated by: RHBA-2011:1298 |
MD5: 5c39b81a6e5a3a4f051742c71984d1bf SHA-256: eeeaffeb96fa165db1813b6cbf39432d87b946b4ed523872cdffbbaee532c5a1 |
| xalan-j2-2.7.1-4.ep1.1.el5.noarch.rpm | MD5: 98b3428a785846469397e3b8e254da29 SHA-256: 85a36b5435428ac636e5e604a553dc5ae0a0fa9eaadd3bac8209d81eec4cb46b |
| (The unlinked packages above are only available from the Red Hat Network) | |
Bugs fixed (see bugzilla for more information)
604617 - CVE-2010-3878 JBoss EAP jmx console FileDeployment CSRF
633859 - CVE-2010-3708 JBoss drools deserialization remote code execution
638236 - Tracker bug for the EAP 4.3.0.cp09 release.
641389 - CVE-2010-3862 JBoss Remoting Denial-Of-Service
References
https://www.redhat.com/security/data/cve/CVE-2010-3708.html
https://www.redhat.com/security/data/cve/CVE-2010-3862.html
https://www.redhat.com/security/data/cve/CVE-2010-3878.html
http://www.redhat.com/security/updates/classification/#important
http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3/html-single/Release_Notes_CP09/index.html
https://www.redhat.com/security/data/cve/CVE-2010-3862.html
https://www.redhat.com/security/data/cve/CVE-2010-3878.html
http://www.redhat.com/security/updates/classification/#important
http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3/html-single/Release_Notes_CP09/index.html
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
