Low: jboss-remoting security update
| Advisory: | RHSA-2010:0964-1 |
|---|---|
| Type: | Security Advisory |
| Severity: | Low |
| Issued on: | 2010-12-08 |
| Last updated on: | 2010-12-08 |
| Affected Products: | JBoss Enterprise Application Platform 4.3.0 EL4 JBoss Enterprise Application Platform 4.3.0 EL5 |
| CVEs (cve.mitre.org): |
CVE-2010-4265 |
Details
An updated jboss-remoting package that fixes one security issue is now
available for JBoss Enterprise Application Platform 4.3 for Red Hat
Enterprise Linux 4 and 5.
The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
JBoss Remoting is a framework for building distributed applications in
Java.
The JBoss Enterprise Application Platform 4.3.0.CP09 updates RHSA-2010:0937
and RHSA-2010:0938 did not, unlike the errata texts stated, provide a fix
for CVE-2010-3862. A remote attacker could use specially-crafted input to
cause the JBoss Remoting listeners to become unresponsive, resulting in a
denial of service condition for services communicating via JBoss Remoting
sockets. (CVE-2010-4265)
Red Hat would like to thank Ole Husgaard of eXerp.com for reporting this
issue.
Warning: Before applying this update, backup your existing JBoss Enterprise
Application Platform installation (including all applications and
configuration files).
Users of JBoss Enterprise Application Platform 4.3 on Red Hat Enterprise
Linux 4 and 5 should upgrade to this updated package, which contains a
backported patch to correct this issue. The JBoss server process must be
restarted for this update to take effect.
Solution
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Updated packages
| JBoss Enterprise Application Platform 4.3.0 EL4 | |
| SRPMS: | |
| jboss-remoting-2.2.3-4.SP3.ep1.1.el4.src.rpm File outdated by: RHBA-2011:1297 |
MD5: bc44fb10a48cc26f7947319db56e2c4e SHA-256: 26492975ecee1fd64db7a567a6c18dc39005e4b01307a950cbc3282dc09b022e |
| IA-32: | |
| jboss-remoting-2.2.3-4.SP3.ep1.1.el4.noarch.rpm File outdated by: RHBA-2011:1297 |
MD5: f07f5885e756e6921daf4324be9b592d SHA-256: 5ff72a40aff1a615bb94e10ccff8e6c0b28fb23be80b86d029bdb6d6885cc273 |
| x86_64: | |
| jboss-remoting-2.2.3-4.SP3.ep1.1.el4.noarch.rpm File outdated by: RHBA-2011:1297 |
MD5: f07f5885e756e6921daf4324be9b592d SHA-256: 5ff72a40aff1a615bb94e10ccff8e6c0b28fb23be80b86d029bdb6d6885cc273 |
| JBoss Enterprise Application Platform 4.3.0 EL5 | |
| SRPMS: | |
| jboss-remoting-2.2.3-4.SP3.ep1.1.el5.src.rpm File outdated by: RHBA-2011:1298 |
MD5: 1990aa45bd31b13e0441a089e9200c59 SHA-256: cdd464467181b7ec423e05309bf15308337411cb05681ac518ae5b4d14184ce4 |
| IA-32: | |
| jboss-remoting-2.2.3-4.SP3.ep1.1.el5.noarch.rpm File outdated by: RHBA-2011:1298 |
MD5: ffcf73fc6560ec57bea5dcb87d42799e SHA-256: a596027e852894757b59aa0cc97e532a12e0db5f38338a9273246159462e934c |
| x86_64: | |
| jboss-remoting-2.2.3-4.SP3.ep1.1.el5.noarch.rpm File outdated by: RHBA-2011:1298 |
MD5: ffcf73fc6560ec57bea5dcb87d42799e SHA-256: a596027e852894757b59aa0cc97e532a12e0db5f38338a9273246159462e934c |
| (The unlinked packages above are only available from the Red Hat Network) | |
Bugs fixed (see bugzilla for more information)
660623 - CVE-2010-4265 jboss-remoting: missing fix for CVE-2010-3862
References
https://access.redhat.com/security/updates/classification/#low
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
