SecurityHome.eu [RHSA-2018:2088-01] Moderate: Red Hat JBoss Enterprise Application

Home / mailings PDF

[RHSA-2018:2088-01] Moderate: Red Hat JBoss Enterprise Application
Posted on 27 June 2018
RedHat
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Red Hat JBoss Enterprise Application Platform 7.1.3 security update
Advisory ID: RHSA-2018:2088-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2018:2088
Issue date: 2018-06-27
CVE Names: CVE-2018-7489
=====================================================================

1. Summary:

An update is now available for Red Hat JBoss Enterprise Application
Platform 7.1.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Red Hat JBoss Enterprise Application Platform is a platform for Java
applications based on the JBoss Application Server.

This release of Red Hat JBoss Enterprise Application Platform 7.1.3 serves
as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.2,
and includes bug fixes and enhancements, which are documented in the
Release Notes. The Release Notes for JBoss Enterprise Application Platform
can be found on the Product Documentation page, linked in References.

Security Fix(es):

* jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe
serialization via c3p0 libraries (CVE-2018-7489)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

1549276 - CVE-2018-7489 jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

5. References:

https://access.redhat.com/security/cve/CVE-2018-7489
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=7.1
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=7.1/

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.

TOP

Mailings :

Last 20

Exploits :

Last 20