Moderate: JBoss Operations Network 3.1.0 update
|Last updated on:||2012-06-12|
JBoss Operations Network 3.1.0, which fixes one security issue, several
bugs, and adds enhancements, is now available from the Red Hat Customer
The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
JBoss Operations Network (JBoss ON) is a middleware management solution
that provides a single point of control to deploy, manage, and monitor
JBoss Enterprise Middleware, applications, and services.
This JBoss ON 3.1.0 release serves as a replacement for JBoss ON 3.0.1, and
includes several bug fixes and enhancements. Refer to the JBoss ON 3.1.0
Release Notes for information on the most significant of these changes. The
Release Notes will be available shortly from
The following security issue is also fixed with this release:
A flaw was found in the way the Apache Xerces2 Java Parser processed the
SYSTEM identifier in DTDs. A remote attacker could provide a
specially-crafted XML file, which once parsed by an application using the
Apache Xerces2 Java Parser, would lead to a denial of service (application
hang due to excessive CPU use). (CVE-2009-2625)
Warning: Before applying the update, back up your existing JBoss ON
installation (including its databases, applications, configuration files,
the JBoss ON server's file system directory, and so on).
All users of JBoss Operations Network 3.0.1 as provided from the Red Hat
Customer Portal are advised to upgrade to JBoss Operations Network 3.1.0.
log in to download the update). Before applying this update, back up your
existing JBoss ON installation (including its databases, applications,
configuration files, the JBoss ON server's file system directory, and so
Refer to the JBoss Operations Network 3.1.0 Release Notes for installation
Bugs fixed (see bugzilla for more information)
512921 - CVE-2009-2625 xerces-j2, JDK: XML parsing Denial-Of-Service (6845701)
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: