Skip to navigation

Security Advisory Important: JBoss Enterprise Application Platform 4.3.0.CP09 update

Advisory: RHSA-2010:0938-1
Type: Security Advisory
Severity: Important
Issued on: 2010-12-01
Last updated on: 2010-12-01
Affected Products: JBoss Enterprise Application Platform 4.3.0 EL5
CVEs (cve.mitre.org): CVE-2010-3708
CVE-2010-3862
CVE-2010-3878

Details

Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix
three security issues and multiple bugs are now available for Red Hat
Enterprise Linux 5 as JBEAP 4.3.0.CP09.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

JBoss Enterprise Application Platform is the market leading platform for
innovative and scalable Java applications; integrating the JBoss
Application Server, with JBoss Hibernate and JBoss Seam into a complete,
simple enterprise solution.

This release of JBEAP for Red Hat Enterprise Linux 5 serves as a
replacement to JBEAP 4.3.0.CP08.

These updated packages include multiple bug fixes which are detailed in the
Release Notes. The Release Notes will be available shortly from the link in
the References section.

The following security issues are also fixed with this release:

An input sanitization flaw was found in the way JBoss Drools implemented
certain rule base serialization. If a remote attacker supplied
specially-crafted input to a JBoss Seam based application that accepts
serialized input, it could lead to arbitrary code execution with the
privileges of the JBoss server process. (CVE-2010-3708)

A Cross-Site Request Forgery (CSRF) flaw was found in the JMX Console. A
remote attacker could use this flaw to deploy a WAR file of their choosing
on the target server, if they are able to trick a user, who is logged into
the JMX Console as the admin user, into visiting a specially-crafted web
page. (CVE-2010-3878)

A flaw was found in the JBoss Remoting component. A remote attacker could
use specially-crafted input to cause the JBoss Remoting listeners to become
unresponsive, resulting in a denial of service condition for services
communicating via JBoss Remoting sockets. (CVE-2010-3862)

Red Hat would like to thank Ole Husgaard of eXerp.com for reporting the
CVE-2010-3862 issue.

Warning: Before applying this update, please backup the JBEAP
"server/[configuration]/deploy/" directory, and any other customized
configuration files.

All users of JBEAP 4.3 on Red Hat Enterprise Linux 5 are advised to upgrade
to these updated packages.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

JBoss Enterprise Application Platform 4.3.0 EL5

SRPMS:
glassfish-jaxb-2.1.4-1.17.patch04.ep1.el5.src.rpm     MD5: d6b0794f2114b8ad7ef319e778ffacb0
SHA-256: 7e98536b604a3a3b8b3aafcb45dd9747d655da84ebb6c8b2dab7d0b7fcb9cb4e
glassfish-jaxws-2.1.1-1jpp.ep1.13.el5.src.rpm     MD5: e66371265aa7c6170d19e494d70c1995
SHA-256: ab1072ba942d994dbd1b8d1cfded1553e809a120dce637ff1184e258ec98aa2d
hibernate3-3.2.4-1.SP1_CP11.0jpp.ep2.0.el5.src.rpm
File outdated by:  RHBA-2011:1298
    MD5: 12c07a9c36f77a320ba0b74befcfeb1a
SHA-256: c97dd2a13decfe86301cb66978076b0819a2dc696282b2a11701e22a3891714a
hibernate3-annotations-3.3.1-2.0.GA_CP04.ep1.el5.src.rpm
File outdated by:  RHBA-2011:1298
    MD5: 83a39dfe15704aa630ae8cf7c0071e74
SHA-256: cca71308648f6be95e75e994f2734a5a8a77d04a1c4aa6cece6edcb389a10329
javassist-3.9.0-2.ep1.1.el5.src.rpm     MD5: 975e4fee5041bd7d0568c7bb7632d76f
SHA-256: 437ce732491c6184f31f38dcd0a371b1a2876a8c82504155d2d93a49816063d4
jboss-common-1.2.2-1.ep1.1.el5.src.rpm     MD5: c75bce120fb0729677cbbfe670d3ec2f
SHA-256: 9592aae7d8376e7d6a897fdd132be57d0e85e9770ef76237d9a22692fa2beaf5
jboss-messaging-1.4.0-4.SP3_CP11.1.ep1.el5.src.rpm
File outdated by:  RHBA-2011:1298
    MD5: d19dfd698a90aae2daa1e2daea0748c1
SHA-256: 5ab345fe56258d8794992b60924cd168a0d942f254966036a7cef77a875f7e82
jboss-remoting-2.2.3-4.SP3.ep1.el5.src.rpm
File outdated by:  RHBA-2011:1298
    MD5: 14e621398c6429ea2f489be99c30d9fe
SHA-256: dfc6b9d26b53ed15a7b70fac736e25d875e6a6be97bad9ee3f9afba8ffc6be26
jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.22.el5.1.src.rpm
File outdated by:  RHBA-2011:1298
    MD5: 9a83265b1cff4deec064541e5b1e0f66
SHA-256: fceaa08d29fc0b4ece2ef80eafb7d87e74e060e42bb825dd661d9c592bd599db
jboss-seam2-2.0.2.FP-1.ep1.26.el5.src.rpm
File outdated by:  RHBA-2013:1099
    MD5: 4721bb45e165818d21217990e3e690b5
SHA-256: 38e3076f6450bd719546ff82bb05a045955a0b5f180f98af9250768464496d51
jbossas-4.3.0-8.GA_CP09.2.1.ep1.el5.src.rpm
File outdated by:  RHSA-2013:0249
    MD5: 0272937a631bb434c8317d67ee601bd3
SHA-256: b55324bab254d0277884d3f84c4af46883676608562b63f12a64d9748830330a
jbossts-4.2.3-2.SP5_CP10.1jpp.ep1.1.el5.src.rpm     MD5: ca933bb4e8009153120eea6879a5b720
SHA-256: a3884709aa0a07ca085eccabecd3bb792e11b04666447f1136a861f05ab71b30
jbossweb-2.0.0-7.CP15.0jpp.ep1.1.el5.src.rpm
File outdated by:  RHBA-2011:1298
    MD5: f33876a79286c6d7aee28bc056703f19
SHA-256: 1c743fe23da72663145c75dd1d452359081eae418307397a8f569f7d3a720e6c
jbossws-2.0.1-6.SP2_CP09.2.ep1.el5.src.rpm
File outdated by:  RHBA-2011:1298
    MD5: 304af6451c47c0147573e6c372842c0b
SHA-256: 2ca0a1fd70c7483f2ea8f2d0e7a0dda009ba07e4d18fa08063db7c82b4250377
jbossws-common-1.0.0-3.GA_CP06.1.ep1.el5.src.rpm
File outdated by:  RHSA-2011:1306
    MD5: a14e434e505bc9d749137661571eaddb
SHA-256: 99af24424073e997a47a873f01debc64612ad636681cb716dfaf070cfbdd4c57
jgroups-2.4.9-1.ep1.el5.src.rpm
File outdated by:  RHBA-2011:1298
    MD5: 2ba7d1e0f925d71e32f9eede9220de6c
SHA-256: d3e4082d4e9d4b1ab61d5088eab59137b86bbc48c1f20533c8f2cb6d21168f20
quartz-1.5.2-1jpp.patch01.ep1.4.2.el5.src.rpm     MD5: f04b459243acceae47a1a8c634465753
SHA-256: bbfde4e8889a0cb8d5e8a28651a23c9ba6f86a95e790d003474a85ac6cf6eeb9
rh-eap-docs-4.3.0-8.GA_CP09.ep1.3.el5.src.rpm
File outdated by:  RHBA-2011:1298
    MD5: 2147c1dab43dc766cb3639a463035952
SHA-256: e281b5d48e26a6a2dde4be6caba94550d3e0c223fbae42b0469a3ec1ed836b9c
xalan-j2-2.7.1-4.ep1.1.el5.src.rpm     MD5: 69a945095188ad6790f262d01e49615e
SHA-256: acd022240677d1ba39af23470a92237674ff64a4150fbdf611bf18d75b79a53c
 
IA-32:
glassfish-jaxb-2.1.4-1.17.patch04.ep1.el5.noarch.rpm     MD5: ed9de15749613b027688256678b66d3c
SHA-256: cef8d28c36a7734076a70d30cbc67226a769047117d26fc6cd6823183cb55d00
glassfish-jaxws-2.1.1-1jpp.ep1.13.el5.noarch.rpm     MD5: 9c0e7f14ba9b6b47d82ca346248bed12
SHA-256: 3caff06f69bf6ddaa8b8f86893948bf219c9eec15828eb68e70bbc0009753946
hibernate3-3.2.4-1.SP1_CP11.0jpp.ep2.0.el5.noarch.rpm
File outdated by:  RHBA-2011:1298
    MD5: 282828de0685fea972e06091e890315c
SHA-256: 6344a0fe7bcfa58bcd3fd6936f2447a1403f559b0118d1f5a21f22a67def83bd
hibernate3-annotations-3.3.1-2.0.GA_CP04.ep1.el5.noarch.rpm
File outdated by:  RHBA-2011:1298
    MD5: 1d27bacde7df8944815f03c5b7ea524c
SHA-256: a1df42abe02b31ddf2bdbd786bc048bfbde41e73c1d9b4a9d453ae67658d7588
hibernate3-annotations-javadoc-3.3.1-2.0.GA_CP04.ep1.el5.noarch.rpm
File outdated by:  RHBA-2011:1298
    MD5: 218231c973bbc4aee6f0e06dc307b5ed
SHA-256: 743d7c08bf6f3ebfba852280ac613735c91b6d41ceb4209c4d8021656c1c6477
hibernate3-javadoc-3.2.4-1.SP1_CP11.0jpp.ep2.0.el5.noarch.rpm
File outdated by:  RHBA-2011:1298
    MD5: f14d8e4c9e1628014a81aeb5208f4b07
SHA-256: c25b2d6856c3c5a76d09504070b6103408ec5214086d5a016d5a70339b1fc7ad
javassist-3.9.0-2.ep1.1.el5.noarch.rpm     MD5: 7fe6e709b9118d4ea43ab90e2f352c76
SHA-256: 5faf80d7fe835cbd66a9eef467d84fa2c950d64098ad4a95b093b35e474046d4
jboss-common-1.2.2-1.ep1.1.el5.noarch.rpm     MD5: 192fae1a7fb87a7a97cf7477a9d8bf82
SHA-256: c017db8773dc94efd7b4fa57b19864cfa186c9810b941b4ad8c845c56da7a0e2
jboss-messaging-1.4.0-4.SP3_CP11.1.ep1.el5.noarch.rpm
File outdated by:  RHBA-2011:1298
    MD5: ddcf155638a9b65cf8004c14d5233020
SHA-256: c314c6ba9519b0ca5d698ed9f18b21fb0b21402a350f82ccb02f527bc6fd7817
jboss-remoting-2.2.3-4.SP3.ep1.el5.noarch.rpm
File outdated by:  RHBA-2011:1298
    MD5: 03ac7bf2ec644ca728cc954251090a4a
SHA-256: 8b0118d6d4896dd8186639221e9f86e2744cafa37c998843a52e9774d38b0ef2
jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.22.el5.1.noarch.rpm
File outdated by:  RHBA-2011:1298
    MD5: 82bc16ba82efe34934ae01e044599bb2
SHA-256: e890238c430052160f413cdaea0891415ae9a2565ecf22897b21746b855e1716
jboss-seam-docs-1.2.1-3.JBPAPP_4_3_0_GA.ep1.22.el5.1.noarch.rpm
File outdated by:  RHBA-2011:1298
    MD5: debe4e23eca67d9b8b6ddebf00a22ee0
SHA-256: cf8bbf7e598555ab791e3476f7e18905297c6bcdd3cef165ac074acba5c2e162
jboss-seam2-2.0.2.FP-1.ep1.26.el5.noarch.rpm
File outdated by:  RHBA-2013:1099
    MD5: 6fbf7448fb7e2954e61ea8fdd23a0f58
SHA-256: 47fcf1ba6f925f17929102ad154e503d24e608bc6e271f79460fd1b86398d4a9
jboss-seam2-docs-2.0.2.FP-1.ep1.26.el5.noarch.rpm
File outdated by:  RHBA-2013:1099
    MD5: ff7bb00f2bde4e0b7c1f1f8b4573a130
SHA-256: a66301b7b9e3dc7a267803e71fb9a25598ac2cc3b45152cdf883bb619f2c7656
jbossas-4.3.0-8.GA_CP09.2.1.ep1.el5.noarch.rpm
File outdated by:  RHSA-2013:0249
    MD5: af19c298279820a1101f476c6a13826b
SHA-256: dbd4da8b171a2066c00ba9aff31f3fce3e8b3c879d8c6a75eb91c85b03e26022
jbossas-4.3.0.GA_CP09-bin-4.3.0-8.GA_CP09.2.1.ep1.el5.noarch.rpm     MD5: 8f33ddbef300facd8b8918dd1e16f4c4
SHA-256: a1b812e0a6adcac6b9d9b6202807721a355053995778ceaeac1f13928e9492b8
jbossas-client-4.3.0-8.GA_CP09.2.1.ep1.el5.noarch.rpm
File outdated by:  RHSA-2013:0249
    MD5: a687744d1a12d1f934acd7dff1179325
SHA-256: 2c4829cfd267e363e16d4568e79445b8bea97ceb70c3cf4c9b4d2d477be75c41
jbossts-4.2.3-2.SP5_CP10.1jpp.ep1.1.el5.noarch.rpm     MD5: 54e031bf68ec8f1c8c69f0564484b183
SHA-256: 1abb111090572ac8c59eda4d47f1fe01be0415ca884b1f54989f06d1dd0bd00c
jbossweb-2.0.0-7.CP15.0jpp.ep1.1.el5.noarch.rpm
File outdated by:  RHBA-2011:1298
    MD5: 1caf0aa9435aafeb474c23acebcb6e0b
SHA-256: 70313e6929ae06d240fe62b1d8e3ba82b7235904e053ab4082ba86a0a3a3757c
jbossws-2.0.1-6.SP2_CP09.2.ep1.el5.noarch.rpm
File outdated by:  RHBA-2011:1298
    MD5: b3c9d298c3ae9fb13102a45c1797c3bb
SHA-256: 5ffbdc3f47cf4f6b20aff74bd94985f2518dc41d7020742c10ee232dc83bd5b6
jbossws-common-1.0.0-3.GA_CP06.1.ep1.el5.noarch.rpm
File outdated by:  RHSA-2011:1306
    MD5: 882bc3045c0431150863a327efb83293
SHA-256: a09a8c22b4d2cf7bd3d70f7fb0d02139a258a5c853191290ae3da229b3f743de
jgroups-2.4.9-1.ep1.el5.noarch.rpm
File outdated by:  RHBA-2011:1298
    MD5: 0d1b74c5377a23b0b97e671f008782f9
SHA-256: 70b5880152ca48365d3ddef41dd53282a3a8e35c77691a173ff31c9c378e1d70
quartz-1.5.2-1jpp.patch01.ep1.4.2.el5.noarch.rpm     MD5: 28afda32817950f875de900dcf9dd68b
SHA-256: d6467406d017721e5213933ae251d9adbb072478e4785b96949415a1e7c9e457
rh-eap-docs-4.3.0-8.GA_CP09.ep1.3.el5.noarch.rpm
File outdated by:  RHBA-2011:1298
    MD5: 09b2b44bc9f9547ead47941ae4557d52
SHA-256: b25c769a6532abdfbb333a5c18585492b65028dcff4482852389ae5734c65035
rh-eap-docs-examples-4.3.0-8.GA_CP09.ep1.3.el5.noarch.rpm
File outdated by:  RHBA-2011:1298
    MD5: 5c39b81a6e5a3a4f051742c71984d1bf
SHA-256: eeeaffeb96fa165db1813b6cbf39432d87b946b4ed523872cdffbbaee532c5a1
xalan-j2-2.7.1-4.ep1.1.el5.noarch.rpm     MD5: 98b3428a785846469397e3b8e254da29
SHA-256: 85a36b5435428ac636e5e604a553dc5ae0a0fa9eaadd3bac8209d81eec4cb46b
 
x86_64:
glassfish-jaxb-2.1.4-1.17.patch04.ep1.el5.noarch.rpm     MD5: ed9de15749613b027688256678b66d3c
SHA-256: cef8d28c36a7734076a70d30cbc67226a769047117d26fc6cd6823183cb55d00
glassfish-jaxws-2.1.1-1jpp.ep1.13.el5.noarch.rpm     MD5: 9c0e7f14ba9b6b47d82ca346248bed12
SHA-256: 3caff06f69bf6ddaa8b8f86893948bf219c9eec15828eb68e70bbc0009753946
hibernate3-3.2.4-1.SP1_CP11.0jpp.ep2.0.el5.noarch.rpm
File outdated by:  RHBA-2011:1298
    MD5: 282828de0685fea972e06091e890315c
SHA-256: 6344a0fe7bcfa58bcd3fd6936f2447a1403f559b0118d1f5a21f22a67def83bd
hibernate3-annotations-3.3.1-2.0.GA_CP04.ep1.el5.noarch.rpm
File outdated by:  RHBA-2011:1298
    MD5: 1d27bacde7df8944815f03c5b7ea524c
SHA-256: a1df42abe02b31ddf2bdbd786bc048bfbde41e73c1d9b4a9d453ae67658d7588
hibernate3-annotations-javadoc-3.3.1-2.0.GA_CP04.ep1.el5.noarch.rpm
File outdated by:  RHBA-2011:1298
    MD5: 218231c973bbc4aee6f0e06dc307b5ed
SHA-256: 743d7c08bf6f3ebfba852280ac613735c91b6d41ceb4209c4d8021656c1c6477
hibernate3-javadoc-3.2.4-1.SP1_CP11.0jpp.ep2.0.el5.noarch.rpm
File outdated by:  RHBA-2011:1298
    MD5: f14d8e4c9e1628014a81aeb5208f4b07
SHA-256: c25b2d6856c3c5a76d09504070b6103408ec5214086d5a016d5a70339b1fc7ad
javassist-3.9.0-2.ep1.1.el5.noarch.rpm     MD5: 7fe6e709b9118d4ea43ab90e2f352c76
SHA-256: 5faf80d7fe835cbd66a9eef467d84fa2c950d64098ad4a95b093b35e474046d4
jboss-common-1.2.2-1.ep1.1.el5.noarch.rpm     MD5: 192fae1a7fb87a7a97cf7477a9d8bf82
SHA-256: c017db8773dc94efd7b4fa57b19864cfa186c9810b941b4ad8c845c56da7a0e2
jboss-messaging-1.4.0-4.SP3_CP11.1.ep1.el5.noarch.rpm
File outdated by:  RHBA-2011:1298
    MD5: ddcf155638a9b65cf8004c14d5233020
SHA-256: c314c6ba9519b0ca5d698ed9f18b21fb0b21402a350f82ccb02f527bc6fd7817
jboss-remoting-2.2.3-4.SP3.ep1.el5.noarch.rpm
File outdated by:  RHBA-2011:1298
    MD5: 03ac7bf2ec644ca728cc954251090a4a
SHA-256: 8b0118d6d4896dd8186639221e9f86e2744cafa37c998843a52e9774d38b0ef2
jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.22.el5.1.noarch.rpm
File outdated by:  RHBA-2011:1298
    MD5: 82bc16ba82efe34934ae01e044599bb2
SHA-256: e890238c430052160f413cdaea0891415ae9a2565ecf22897b21746b855e1716
jboss-seam-docs-1.2.1-3.JBPAPP_4_3_0_GA.ep1.22.el5.1.noarch.rpm
File outdated by:  RHBA-2011:1298
    MD5: debe4e23eca67d9b8b6ddebf00a22ee0
SHA-256: cf8bbf7e598555ab791e3476f7e18905297c6bcdd3cef165ac074acba5c2e162
jboss-seam2-2.0.2.FP-1.ep1.26.el5.noarch.rpm
File outdated by:  RHBA-2013:1099
    MD5: 6fbf7448fb7e2954e61ea8fdd23a0f58
SHA-256: 47fcf1ba6f925f17929102ad154e503d24e608bc6e271f79460fd1b86398d4a9
jboss-seam2-docs-2.0.2.FP-1.ep1.26.el5.noarch.rpm
File outdated by:  RHBA-2013:1099
    MD5: ff7bb00f2bde4e0b7c1f1f8b4573a130
SHA-256: a66301b7b9e3dc7a267803e71fb9a25598ac2cc3b45152cdf883bb619f2c7656
jbossas-4.3.0-8.GA_CP09.2.1.ep1.el5.noarch.rpm
File outdated by:  RHSA-2013:0249
    MD5: af19c298279820a1101f476c6a13826b
SHA-256: dbd4da8b171a2066c00ba9aff31f3fce3e8b3c879d8c6a75eb91c85b03e26022
jbossas-4.3.0.GA_CP09-bin-4.3.0-8.GA_CP09.2.1.ep1.el5.noarch.rpm     MD5: 8f33ddbef300facd8b8918dd1e16f4c4
SHA-256: a1b812e0a6adcac6b9d9b6202807721a355053995778ceaeac1f13928e9492b8
jbossas-client-4.3.0-8.GA_CP09.2.1.ep1.el5.noarch.rpm
File outdated by:  RHSA-2013:0249
    MD5: a687744d1a12d1f934acd7dff1179325
SHA-256: 2c4829cfd267e363e16d4568e79445b8bea97ceb70c3cf4c9b4d2d477be75c41
jbossts-4.2.3-2.SP5_CP10.1jpp.ep1.1.el5.noarch.rpm     MD5: 54e031bf68ec8f1c8c69f0564484b183
SHA-256: 1abb111090572ac8c59eda4d47f1fe01be0415ca884b1f54989f06d1dd0bd00c
jbossweb-2.0.0-7.CP15.0jpp.ep1.1.el5.noarch.rpm
File outdated by:  RHBA-2011:1298
    MD5: 1caf0aa9435aafeb474c23acebcb6e0b
SHA-256: 70313e6929ae06d240fe62b1d8e3ba82b7235904e053ab4082ba86a0a3a3757c
jbossws-2.0.1-6.SP2_CP09.2.ep1.el5.noarch.rpm
File outdated by:  RHBA-2011:1298
    MD5: b3c9d298c3ae9fb13102a45c1797c3bb
SHA-256: 5ffbdc3f47cf4f6b20aff74bd94985f2518dc41d7020742c10ee232dc83bd5b6
jbossws-common-1.0.0-3.GA_CP06.1.ep1.el5.noarch.rpm
File outdated by:  RHSA-2011:1306
    MD5: 882bc3045c0431150863a327efb83293
SHA-256: a09a8c22b4d2cf7bd3d70f7fb0d02139a258a5c853191290ae3da229b3f743de
jgroups-2.4.9-1.ep1.el5.noarch.rpm
File outdated by:  RHBA-2011:1298
    MD5: 0d1b74c5377a23b0b97e671f008782f9
SHA-256: 70b5880152ca48365d3ddef41dd53282a3a8e35c77691a173ff31c9c378e1d70
quartz-1.5.2-1jpp.patch01.ep1.4.2.el5.noarch.rpm     MD5: 28afda32817950f875de900dcf9dd68b
SHA-256: d6467406d017721e5213933ae251d9adbb072478e4785b96949415a1e7c9e457
rh-eap-docs-4.3.0-8.GA_CP09.ep1.3.el5.noarch.rpm
File outdated by:  RHBA-2011:1298
    MD5: 09b2b44bc9f9547ead47941ae4557d52
SHA-256: b25c769a6532abdfbb333a5c18585492b65028dcff4482852389ae5734c65035
rh-eap-docs-examples-4.3.0-8.GA_CP09.ep1.3.el5.noarch.rpm
File outdated by:  RHBA-2011:1298
    MD5: 5c39b81a6e5a3a4f051742c71984d1bf
SHA-256: eeeaffeb96fa165db1813b6cbf39432d87b946b4ed523872cdffbbaee532c5a1
xalan-j2-2.7.1-4.ep1.1.el5.noarch.rpm     MD5: 98b3428a785846469397e3b8e254da29
SHA-256: 85a36b5435428ac636e5e604a553dc5ae0a0fa9eaadd3bac8209d81eec4cb46b
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

604617 - CVE-2010-3878 JBoss EAP jmx console FileDeployment CSRF
633859 - CVE-2010-3708 JBoss drools deserialization remote code execution
638236 - Tracker bug for the EAP 4.3.0.cp09 release.
641389 - CVE-2010-3862 JBoss Remoting Denial-Of-Service


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/