From bugzilla at redhat.com Wed May 1 18:11:09 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 1 May 2013 18:11:09 +0000 Subject: [RHSA-2013:0782-01] Moderate: openssl security update Message-ID: <201305011811.r41IB9Hl008506@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openssl security update Advisory ID: RHSA-2013:0782-01 Product: JBoss Enterprise Web Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0782.html Issue date: 2013-05-01 CVE Names: CVE-2013-0166 CVE-2013-0169 ===================================================================== 1. Summary: An update for the OpenSSL component for JBoss Enterprise Web Platform 5.2.0 for Solaris and Microsoft Windows that fixes two security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially-crafted response. (CVE-2013-0166) It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) Warning: Before applying this update, back up your existing JBoss Enterprise Web Platform installation (including all applications and configuration files). All users of JBoss Enterprise Web Platform 5.2.0 for Solaris and Microsoft Windows as provided from the Red Hat Customer Portal are advised to apply this update. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing JBoss Enterprise Web Platform installation (including all applications and configuration files). JBoss server instances configured to use the Tomcat Native library must be restarted for this update to take effect. 4. Bugs fixed (http://bugzilla.redhat.com/): 907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 908052 - CVE-2013-0166 openssl: DoS due to improper handling of OCSP response verification 5. References: https://www.redhat.com/security/data/cve/CVE-2013-0166.html https://www.redhat.com/security/data/cve/CVE-2013-0169.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=enterpriseweb.platform&version=5.2.0 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRgVqwXlSAg2UNWIIRAloIAJ440IYgd4RyDqTRd/p3vntM5kT+WQCgsfEz HfkVsqpdSu2KzoV8oBlZRxo= =B/eX -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 1 18:11:59 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 1 May 2013 18:11:59 +0000 Subject: [RHSA-2013:0783-01] Moderate: openssl security update Message-ID: <201305011811.r41IBxid021041@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openssl security update Advisory ID: RHSA-2013:0783-01 Product: JBoss Enterprise Application Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0783.html Issue date: 2013-05-01 CVE Names: CVE-2013-0166 CVE-2013-0169 ===================================================================== 1. Summary: An update for the OpenSSL component for JBoss Enterprise Application Platform 5.2.0 for Solaris and Microsoft Windows that fixes two security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially-crafted response. (CVE-2013-0166) It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) Warning: Before applying this update, back up your existing JBoss Enterprise Application Platform installation (including all applications and configuration files). All users of JBoss Enterprise Application Platform 5.2.0 for Solaris and Microsoft Windows as provided from the Red Hat Customer Portal are advised to apply this update. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing JBoss Enterprise Application Platform installation (including all applications and configuration files). JBoss server instances configured to use the Tomcat Native library must be restarted for this update to take effect. 4. Bugs fixed (http://bugzilla.redhat.com/): 907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 908052 - CVE-2013-0166 openssl: DoS due to improper handling of OCSP response verification 5. References: https://www.redhat.com/security/data/cve/CVE-2013-0166.html https://www.redhat.com/security/data/cve/CVE-2013-0169.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=5.2.0 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRgVrKXlSAg2UNWIIRAvcsAJ4in5pJNa8IvaAWovQedSRDPT8c5wCgn5mb Ye1PyaSjfXCbOJGIpqidUF4= =GOdf -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon May 20 19:43:46 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 20 May 2013 19:43:46 +0000 Subject: [RHSA-2013:0833-01] Important: JBoss Enterprise Application Platform 6.1.0 update Message-ID: <201305201943.r4KJhkfJ029785@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: JBoss Enterprise Application Platform 6.1.0 update Advisory ID: RHSA-2013:0833-01 Product: JBoss Enterprise Application Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0833.html Issue date: 2013-05-20 CVE Names: CVE-2012-4529 CVE-2012-4572 CVE-2012-5575 CVE-2013-0166 CVE-2013-0169 CVE-2013-0218 ===================================================================== 1. Summary: JBoss Enterprise Application Platform 6.1.0, which fixes multiple security issues, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Description: JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.1, and includes bug fixes and enhancements. Refer to the 6.1.0 Release Notes for information on the most significant of these changes, available shortly from https://access.redhat.com/site/documentation/ Security fixes: XML encryption backwards compatibility attacks were found against various frameworks, including Apache CXF. An attacker could force a server to use insecure, legacy cryptosystems, even when secure cryptosystems were enabled on endpoints. By forcing the use of legacy cryptosystems, flaws such as CVE-2011-1096 and CVE-2011-2487 would be exposed, allowing plain text to be recovered from cryptograms and symmetric keys. (CVE-2012-5575) Note: Automatic checks to prevent CVE-2012-5575 are only run when WS-SecurityPolicy is used to enforce security requirements. It is best practice to use WS-SecurityPolicy to enforce security requirements. A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially-crafted response. (CVE-2013-0166) It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) When applications running on JBoss Web used the COOKIE session tracking method, the org.apache.catalina.connector.Response.encodeURL() method returned the URL with the jsessionid appended as a query string parameter when processing the first request of a session. An attacker could possibly exploit this flaw by performing a man-in-the-middle attack to obtain a user's jsessionid and hijack their session, or by extracting the jsessionid from log files. Note that no session tracking method is used by default, one must be configured. (CVE-2012-4529) If multiple applications used the same custom authorization module class name, and provided their own implementations of it, the first application to be loaded will have its implementation used for all other applications using the same custom authorization module class name. A local attacker could use this flaw to deploy a malicious application that provides implementations of custom authorization modules that permit or deny user access according to rules supplied by the attacker. (CVE-2012-4572) The GUI installer created a world-readable auto-install XML file containing both the JBoss Enterprise Application Platform administrator password and the sucker password for the selected messaging system in plain text. A local user able to access the directory where the GUI installer was run could use this flaw to gain administrative access to the JBoss Enterprise Application Platform instance. (CVE-2013-0218) Red Hat would like to thank Tibor Jager, Kenneth G. Paterson and Juraj Somorovsky of Ruhr-University Bochum for reporting CVE-2012-5575. CVE-2012-4572 was discovered by Josef Cacek of the Red Hat JBoss EAP Quality Engineering team, and CVE-2013-0218 was discovered by Arun Neelicattu of the Red Hat Security Response Team. Warning: Before applying this update, back up your existing JBoss Enterprise Application Platform installation and deployed applications. Users of JBoss Enterprise Application Platform 6.0.1 as provided from the Red Hat Customer Portal are advised to upgrade to JBoss Enterprise Application Platform 6.1.0. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying this update, back up your existing JBoss Enterprise Application Platform installation and deployed applications. 4. Bugs fixed (http://bugzilla.redhat.com/): 868202 - CVE-2012-4529 JBoss Web: jsessionid exposed via encoded url when using cookie based session tracking 872059 - CVE-2012-4572 JBoss: custom authorization module implementations shared between applications 880443 - CVE-2012-5575 jbossws-native, jbossws-cxf, apache-cxf: XML encryption backwards compatibility attacks 903073 - CVE-2013-0218 JBoss EAP/EWP Installer: Generated auto-install xml is world readable 907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 908052 - CVE-2013-0166 openssl: DoS due to improper handling of OCSP response verification 5. References: https://www.redhat.com/security/data/cve/CVE-2012-4529.html https://www.redhat.com/security/data/cve/CVE-2012-4572.html https://www.redhat.com/security/data/cve/CVE-2012-5575.html https://www.redhat.com/security/data/cve/CVE-2013-0166.html https://www.redhat.com/security/data/cve/CVE-2013-0169.html https://www.redhat.com/security/data/cve/CVE-2013-0218.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/documentation/ https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=distributions http://cxf.apache.org/cve-2012-5575.html 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRmnziXlSAg2UNWIIRAnVxAKC378cUNkeN/oONFQfrKGxLhyzlxwCgtrTr jJBYCBUuow0d2BuBQBlIA6Q= =7T8N -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon May 20 19:49:14 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 20 May 2013 19:49:14 +0000 Subject: [RHSA-2013:0834-02] Important: JBoss Enterprise Application Platform 6.1.0 update Message-ID: <201305201949.r4KJnFnK023764@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: JBoss Enterprise Application Platform 6.1.0 update Advisory ID: RHSA-2013:0834-02 Product: JBoss Enterprise Application Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0834.html Issue date: 2013-05-20 CVE Names: CVE-2012-4529 CVE-2012-4572 CVE-2012-5575 ===================================================================== 1. Summary: Updated JBoss Enterprise Application Platform 6.1.0 packages that fix three security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: JBoss Enterprise Application Platform 6 for RHEL 6 Server - i386, noarch, x86_64 3. Description: JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.1, and includes bug fixes and enhancements. Refer to the 6.1.0 Release Notes for information on the most significant of these changes, available shortly from https://access.redhat.com/site/documentation/ Security fixes: XML encryption backwards compatibility attacks were found against various frameworks, including Apache CXF. An attacker could force a server to use insecure, legacy cryptosystems, even when secure cryptosystems were enabled on endpoints. By forcing the use of legacy cryptosystems, flaws such as CVE-2011-1096 and CVE-2011-2487 would be exposed, allowing plain text to be recovered from cryptograms and symmetric keys. (CVE-2012-5575) Note: Automatic checks to prevent CVE-2012-5575 are only run when WS-SecurityPolicy is used to enforce security requirements. It is best practice to use WS-SecurityPolicy to enforce security requirements. When applications running on JBoss Web used the COOKIE session tracking method, the org.apache.catalina.connector.Response.encodeURL() method returned the URL with the jsessionid appended as a query string parameter when processing the first request of a session. An attacker could possibly exploit this flaw by performing a man-in-the-middle attack to obtain a user's jsessionid and hijack their session, or by extracting the jsessionid from log files. Note that no session tracking method is used by default, one must be configured. (CVE-2012-4529) If multiple applications used the same custom authorization module class name, and provided their own implementations of it, the first application to be loaded will have its implementation used for all other applications using the same custom authorization module class name. A local attacker could use this flaw to deploy a malicious application that provides implementations of custom authorization modules that permit or deny user access according to rules supplied by the attacker. (CVE-2012-4572) Red Hat would like to thank Tibor Jager, Kenneth G. Paterson and Juraj Somorovsky of Ruhr-University Bochum for reporting CVE-2012-5575. CVE-2012-4572 was discovered by Josef Cacek of the Red Hat JBoss EAP Quality Engineering team. Warning: Before applying this update, back up your existing JBoss Enterprise Application Platform installation and deployed applications. Refer to the Solution section for further details. All users of JBoss Enterprise Application Platform 6.0.1 on Red Hat Enterprise Linux 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Also, back up any customized JBoss Enterprise Application Platform 6 configuration files. On update, the configuration files that have been locally modified will not be updated. The updated version of such files will be stored as the rpmnew files. Make sure to locate any such files after the update and merge any changes manually. For more details, refer to the Release Notes for JBoss Enterprise Application Platform 6.1.0, available shortly from https://access.redhat.com/site/documentation/ This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 868202 - CVE-2012-4529 JBoss Web: jsessionid exposed via encoded url when using cookie based session tracking 872059 - CVE-2012-4572 JBoss: custom authorization module implementations shared between applications 880443 - CVE-2012-5575 jbossws-native, jbossws-cxf, apache-cxf: XML encryption backwards compatibility attacks 6. Package List: JBoss Enterprise Application Platform 6 for RHEL 6 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/apache-commons-daemon-eap6-1.0.15-4.redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/apache-commons-daemon-jsvc-eap6-1.0.15-1.redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/apache-commons-pool-eap6-1.6-6.redhat_4.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/apache-cxf-2.6.6-20.redhat_3.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/apache-cxf-xjc-utils-2.6.0-1.redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/atinject-1-9.redhat_3.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/atinject-eap6-1-3.redhat_3.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/codehaus-jackson-1.9.9-4.redhat_2.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/dom4j-1.6.1-19.redhat_5.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/dom4j-eap6-1.6.1-19.redhat_5.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/ecj3-3.7.2-6.redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/glassfish-javamail-1.4.5-1.redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/glassfish-jaxb-2.2.5-14.redhat_5.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/glassfish-jaxb-eap6-2.2.5-14.redhat_5.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/glassfish-jsf-2.1.19-2.redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/glassfish-jsf12-1.2_15-12_b01_redhat_3.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/guava-libraries-13.0.1-1.redhat_1.ep6.el6.1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/h2database-1.3.168-3_redhat_2.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/hibernate4-4.2.0-3.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/hibernate4-validator-4.3.1-1.Final_redhat_1.1.ep6.el6.4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/hornetq-2.3.1-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/hornetq-native-2.3.1-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/httpcomponents-6-7.redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/httpd-2.2.22-18.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/infinispan-5.2.6-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/ironjacamar-1.0.17-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jacorb-jboss-2.3.2-11.redhat_4.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jansi-1.9-2.redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jaxbintros-1.0.2-14.GA_redhat_4.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbosgi-deployment-1.3.0-2.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbosgi-framework-core-2.1.0-2.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbosgi-metadata-2.2.0-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbosgi-repository-2.1.0-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbosgi-resolver-3.0.1-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbosgi-spi-3.2.0-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbosgi-vfs-1.2.1-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-aesh-0.33.3-1_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-appclient-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-cli-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-client-all-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-clustering-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-cmp-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-configadmin-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-connector-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-console-1.5.2-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-controller-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-controller-client-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-deployment-repository-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-deployment-scanner-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-domain-http-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-domain-management-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-ee-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-ee-deployment-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-ejb3-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-embedded-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-host-controller-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jacorb-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jaxr-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jaxrs-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jdr-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jmx-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jpa-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jsf-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jsr77-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-logging-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-mail-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-management-client-content-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-messaging-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-modcluster-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-naming-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-network-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-osgi-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-osgi-configadmin-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-osgi-service-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-platform-mbean-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-pojo-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-process-controller-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-protocol-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-remoting-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-sar-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-security-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-server-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-system-jmx-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-threads-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-transactions-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-version-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-web-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-webservices-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-weld-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-xts-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-common-beans-1.1.0-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-dmr-1.1.6-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-ejb-client-1.0.21-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-jaxrpc-api_1.1_spec-1.0.1-4.Final_redhat_3.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-jaxrs-api_1.1_spec-1.0.1-7.Final_redhat_2.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-jms-api_1.1_spec-1.0.1-6.Final_redhat_2.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-jsf-api_2.1_spec-2.1.19.1-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-logmanager-1.4.0-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-marshalling-1.3.16-.GA.redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-metadata-7.0.8-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-modules-1.2.0-2.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-msc-1.0.4-1.GA_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-remote-naming-1.0.6-2.Final_redhat_2.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-remoting3-3.2.16-1.GA_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-remoting3-jmx-1.1.0-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-security-negotiation-2.2.5-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-servlet-api_3.0_spec-1.0.2-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-threads-2.1.0-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-transaction-api_1.1_spec-1.0.1-6.Final_redhat_2.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-appclient-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-bundles-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-core-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-domain-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-javadocs-7.2.0-7.Final_redhat_7.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-modules-eap-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-product-eap-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-standalone-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-welcome-content-eap-7.2.0-8.Final_redhat_8.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossts-4.17.4-3.Final_redhat_2.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossweb-7.2.0-2.redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossws-api-1.0.1-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossws-common-2.1.1-1.Final_redhat_2.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossws-common-tools-1.1.0-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossws-cxf-4.1.3-1.Final_redhat_3.ep6.el6.2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossws-native-4.1.1-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossws-spi-2.1.2-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jcip-annotations-1.0-3.redhat_3.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jcip-annotations-eap6-1.0-3.1.redhat_3.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jgroups-3.2.7-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/joda-time-1.6.2-5.redhat_4.ep6.el6.5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jul-to-slf4j-stub-1.0.1-1.Final_redhat_1.1.ep6.el6.2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/mod_cluster-1.2.4-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/mod_cluster-native-1.2.4-1.Final.redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/mod_jk-1.2.37-2.redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/netty-3.6.2-1_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/objectweb-asm-eap6-3.3.1-6.2.redhat_4.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/opensaml-2.5.1-1.redhat_1.ep6.el6.2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/openws-1.4.2-9_redhat_3.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/org.osgi-4.2.0-9.redhat_3.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/picketbox-4.0.17-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/picketlink-federation-2.1.6-3.Final_redhat_2.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/relaxngDatatype-2011.1-4.redhat_6.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/relaxngDatatype-eap6-2011.1-4.redhat_6.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/resteasy-2.3.6-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/slf4j-eap6-1.7.2-10.redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/slf4j-jboss-logmanager-1.0.2-1.GA_redhat_1.3.ep6.el6.2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/sun-ws-metadata-2.0-api-1.0.MR1-12_MR1_redhat_3.ep6.el6.5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/tomcat-native-1.1.27-4.redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/velocity-eap6-1.7-2.1.redhat_2.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/weld-cdi-1.0-api-1.0-8.SP4_redhat_2.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/weld-core-1.1.13-1.Final_redhat_1.ep6.el6.1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/woodstox-core-4.2.0-7.redhat_2.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/wsdl4j-eap6-1.6.2-12.3.redhat_4.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/wss4j-1.6.9-2.redhat_2.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/xerces-j2-eap6-2.9.1-14_redhat_4.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/xml-commons-resolver-eap6-1.2-10.redhat_3.ep6.el6.4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/xml-security-1.5.3-1.redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/xmltooling-1.3.2-10.redhat_4.ep6.el6.src.rpm i386: apache-commons-daemon-jsvc-eap6-1.0.15-1.redhat_1.ep6.el6.i386.rpm apache-commons-daemon-jsvc-eap6-debuginfo-1.0.15-1.redhat_1.ep6.el6.i386.rpm hornetq-native-2.3.1-1.Final_redhat_1.ep6.el6.i386.rpm hornetq-native-debuginfo-2.3.1-1.Final_redhat_1.ep6.el6.i386.rpm httpd-2.2.22-18.ep6.el6.i386.rpm httpd-debuginfo-2.2.22-18.ep6.el6.i386.rpm httpd-devel-2.2.22-18.ep6.el6.i386.rpm httpd-tools-2.2.22-18.ep6.el6.i386.rpm jbossas-hornetq-native-2.3.1-1.Final_redhat_1.ep6.el6.i386.rpm jbossas-jbossweb-native-1.1.27-4.redhat_1.ep6.el6.i386.rpm mod_cluster-native-1.2.4-1.Final.redhat_1.ep6.el6.i386.rpm mod_cluster-native-debuginfo-1.2.4-1.Final.redhat_1.ep6.el6.i386.rpm mod_jk-ap22-1.2.37-2.redhat_1.ep6.el6.i386.rpm mod_jk-debuginfo-1.2.37-2.redhat_1.ep6.el6.i386.rpm mod_ssl-2.2.22-18.ep6.el6.i386.rpm tomcat-native-1.1.27-4.redhat_1.ep6.el6.i386.rpm tomcat-native-debuginfo-1.1.27-4.redhat_1.ep6.el6.i386.rpm noarch: apache-commons-daemon-eap6-1.0.15-4.redhat_1.ep6.el6.noarch.rpm apache-commons-pool-eap6-1.6-6.redhat_4.ep6.el6.noarch.rpm apache-cxf-2.6.6-20.redhat_3.ep6.el6.noarch.rpm apache-cxf-xjc-utils-2.6.0-1.redhat_1.ep6.el6.noarch.rpm atinject-1-9.redhat_3.ep6.el6.noarch.rpm atinject-eap6-1-3.redhat_3.ep6.el6.noarch.rpm codehaus-jackson-1.9.9-4.redhat_2.ep6.el6.noarch.rpm codehaus-jackson-core-asl-1.9.9-4.redhat_2.ep6.el6.noarch.rpm codehaus-jackson-jaxrs-1.9.9-4.redhat_2.ep6.el6.noarch.rpm codehaus-jackson-mapper-asl-1.9.9-4.redhat_2.ep6.el6.noarch.rpm codehaus-jackson-xc-1.9.9-4.redhat_2.ep6.el6.noarch.rpm cxf-xjc-boolean-2.6.0-1.redhat_1.ep6.el6.noarch.rpm cxf-xjc-dv-2.6.0-1.redhat_1.ep6.el6.noarch.rpm cxf-xjc-ts-2.6.0-1.redhat_1.ep6.el6.noarch.rpm dom4j-1.6.1-19.redhat_5.ep6.el6.noarch.rpm dom4j-eap6-1.6.1-19.redhat_5.ep6.el6.noarch.rpm ecj3-3.7.2-6.redhat_1.ep6.el6.noarch.rpm glassfish-javamail-1.4.5-1.redhat_1.ep6.el6.noarch.rpm glassfish-jaxb-2.2.5-14.redhat_5.ep6.el6.noarch.rpm glassfish-jaxb-eap6-2.2.5-14.redhat_5.ep6.el6.noarch.rpm glassfish-jsf-2.1.19-2.redhat_1.ep6.el6.noarch.rpm glassfish-jsf12-1.2_15-12_b01_redhat_3.ep6.el6.noarch.rpm guava-13.0.1-1.redhat_1.ep6.el6.1.noarch.rpm h2database-1.3.168-3_redhat_2.ep6.el6.noarch.rpm hibernate4-4.2.0-3.Final_redhat_1.ep6.el6.noarch.rpm hibernate4-core-4.2.0-3.Final_redhat_1.ep6.el6.noarch.rpm hibernate4-entitymanager-4.2.0-3.Final_redhat_1.ep6.el6.noarch.rpm hibernate4-envers-4.2.0-3.Final_redhat_1.ep6.el6.noarch.rpm hibernate4-infinispan-4.2.0-3.Final_redhat_1.ep6.el6.noarch.rpm hibernate4-validator-4.3.1-1.Final_redhat_1.1.ep6.el6.4.noarch.rpm hornetq-2.3.1-1.Final_redhat_1.ep6.el6.noarch.rpm httpclient-4.2.1-7.redhat_1.ep6.el6.noarch.rpm httpcomponents-client-4.2.1-7.redhat_1.ep6.el6.noarch.rpm httpcomponents-core-4.2.1-7.redhat_1.ep6.el6.noarch.rpm httpcomponents-project-6-7.redhat_1.ep6.el6.noarch.rpm httpcore-4.2.1-7.redhat_1.ep6.el6.noarch.rpm httpmime-4.2.1-7.redhat_1.ep6.el6.noarch.rpm infinispan-5.2.6-1.Final_redhat_1.ep6.el6.noarch.rpm infinispan-cachestore-jdbc-5.2.6-1.Final_redhat_1.ep6.el6.noarch.rpm infinispan-cachestore-remote-5.2.6-1.Final_redhat_1.ep6.el6.noarch.rpm infinispan-client-hotrod-5.2.6-1.Final_redhat_1.ep6.el6.noarch.rpm infinispan-core-5.2.6-1.Final_redhat_1.ep6.el6.noarch.rpm ironjacamar-1.0.17-1.Final_redhat_1.ep6.el6.noarch.rpm jacorb-jboss-2.3.2-11.redhat_4.ep6.el6.noarch.rpm jansi-1.9-2.redhat_1.ep6.el6.noarch.rpm jaxbintros-1.0.2-14.GA_redhat_4.ep6.el6.noarch.rpm jbosgi-deployment-1.3.0-2.Final_redhat_1.ep6.el6.noarch.rpm jbosgi-framework-core-2.1.0-2.Final_redhat_1.ep6.el6.noarch.rpm jbosgi-metadata-2.2.0-1.Final_redhat_1.ep6.el6.noarch.rpm jbosgi-repository-2.1.0-1.Final_redhat_1.ep6.el6.noarch.rpm jbosgi-resolver-3.0.1-1.Final_redhat_1.ep6.el6.noarch.rpm jbosgi-spi-3.2.0-1.Final_redhat_1.ep6.el6.noarch.rpm jbosgi-vfs-1.2.1-1.Final_redhat_1.ep6.el6.noarch.rpm jboss-aesh-0.33.3-1_redhat_1.ep6.el6.noarch.rpm jboss-as-appclient-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-cli-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-client-all-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-clustering-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-cmp-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-configadmin-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-connector-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-console-1.5.2-1.Final_redhat_1.ep6.el6.noarch.rpm jboss-as-controller-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-controller-client-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-deployment-repository-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-deployment-scanner-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-domain-http-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-domain-management-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-ee-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-ee-deployment-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-ejb3-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-embedded-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-host-controller-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-jacorb-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-jaxr-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-jaxrs-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-jdr-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-jmx-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-jpa-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-jsf-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-jsr77-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-logging-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-mail-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-management-client-content-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-messaging-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-modcluster-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-naming-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-network-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-osgi-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-osgi-configadmin-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-osgi-service-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-platform-mbean-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-pojo-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-process-controller-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-protocol-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-remoting-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-sar-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-security-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-server-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-system-jmx-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-threads-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-transactions-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-version-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-web-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-webservices-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-weld-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-as-xts-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jboss-common-beans-1.1.0-1.Final_redhat_1.ep6.el6.noarch.rpm jboss-dmr-1.1.6-1.Final_redhat_1.ep6.el6.noarch.rpm jboss-ejb-client-1.0.21-1.Final_redhat_1.ep6.el6.noarch.rpm jboss-jaxrpc-api_1.1_spec-1.0.1-4.Final_redhat_3.ep6.el6.noarch.rpm jboss-jaxrs-api_1.1_spec-1.0.1-7.Final_redhat_2.ep6.el6.noarch.rpm jboss-jms-api_1.1_spec-1.0.1-6.Final_redhat_2.ep6.el6.noarch.rpm jboss-jsf-api_2.1_spec-2.1.19.1-1.Final_redhat_1.ep6.el6.noarch.rpm jboss-logmanager-1.4.0-1.Final_redhat_1.ep6.el6.noarch.rpm jboss-marshalling-1.3.16-.GA.redhat_1.ep6.el6.noarch.rpm jboss-metadata-7.0.8-1.Final_redhat_1.ep6.el6.noarch.rpm jboss-metadata-appclient-7.0.8-1.Final_redhat_1.ep6.el6.noarch.rpm jboss-metadata-common-7.0.8-1.Final_redhat_1.ep6.el6.noarch.rpm jboss-metadata-ear-7.0.8-1.Final_redhat_1.ep6.el6.noarch.rpm jboss-metadata-ejb-7.0.8-1.Final_redhat_1.ep6.el6.noarch.rpm jboss-metadata-web-7.0.8-1.Final_redhat_1.ep6.el6.noarch.rpm jboss-modules-1.2.0-2.Final_redhat_1.ep6.el6.noarch.rpm jboss-msc-1.0.4-1.GA_redhat_1.ep6.el6.noarch.rpm jboss-remote-naming-1.0.6-2.Final_redhat_2.ep6.el6.noarch.rpm jboss-remoting3-3.2.16-1.GA_redhat_1.ep6.el6.noarch.rpm jboss-remoting3-jmx-1.1.0-1.Final_redhat_1.ep6.el6.noarch.rpm jboss-security-negotiation-2.2.5-1.Final_redhat_1.ep6.el6.noarch.rpm jboss-servlet-api_3.0_spec-1.0.2-1.Final_redhat_1.ep6.el6.noarch.rpm jboss-threads-2.1.0-1.Final_redhat_1.ep6.el6.noarch.rpm jboss-transaction-api_1.1_spec-1.0.1-6.Final_redhat_2.ep6.el6.noarch.rpm jbossas-appclient-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jbossas-bundles-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jbossas-core-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jbossas-domain-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jbossas-javadocs-7.2.0-7.Final_redhat_7.ep6.el6.noarch.rpm jbossas-modules-eap-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jbossas-product-eap-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jbossas-standalone-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jbossas-welcome-content-eap-7.2.0-8.Final_redhat_8.ep6.el6.noarch.rpm jbossts-4.17.4-3.Final_redhat_2.ep6.el6.noarch.rpm jbossweb-7.2.0-2.redhat_1.ep6.el6.noarch.rpm jbossws-api-1.0.1-1.Final_redhat_1.ep6.el6.noarch.rpm jbossws-common-2.1.1-1.Final_redhat_2.ep6.el6.noarch.rpm jbossws-common-tools-1.1.0-1.Final_redhat_1.ep6.el6.noarch.rpm jbossws-cxf-4.1.3-1.Final_redhat_3.ep6.el6.2.noarch.rpm jbossws-native-4.1.1-1.Final_redhat_1.ep6.el6.noarch.rpm jbossws-spi-2.1.2-1.Final_redhat_1.ep6.el6.noarch.rpm jcip-annotations-1.0-3.redhat_3.ep6.el6.noarch.rpm jcip-annotations-eap6-1.0-3.1.redhat_3.ep6.el6.noarch.rpm jgroups-3.2.7-1.Final_redhat_1.ep6.el6.noarch.rpm joda-time-1.6.2-5.redhat_4.ep6.el6.5.noarch.rpm jul-to-slf4j-stub-1.0.1-1.Final_redhat_1.1.ep6.el6.2.noarch.rpm mod_cluster-1.2.4-1.Final_redhat_1.ep6.el6.noarch.rpm mod_cluster-demo-1.2.4-1.Final_redhat_1.ep6.el6.noarch.rpm netty-3.6.2-1_redhat_1.1.ep6.el6.noarch.rpm objectweb-asm-eap6-3.3.1-6.2.redhat_4.ep6.el6.noarch.rpm opensaml-2.5.1-1.redhat_1.ep6.el6.2.noarch.rpm openws-1.4.2-9_redhat_3.ep6.el6.noarch.rpm org.osgi.core-4.2.0-9.redhat_3.ep6.el6.noarch.rpm org.osgi.enterprise-4.2.0-9.redhat_3.ep6.el6.noarch.rpm picketbox-4.0.17-1.Final_redhat_1.ep6.el6.noarch.rpm picketlink-federation-2.1.6-3.Final_redhat_2.ep6.el6.noarch.rpm relaxngDatatype-2011.1-4.redhat_6.ep6.el6.noarch.rpm relaxngDatatype-eap6-2011.1-4.redhat_6.ep6.el6.noarch.rpm resteasy-2.3.6-1.Final_redhat_1.ep6.el6.noarch.rpm slf4j-eap6-1.7.2-10.redhat_1.ep6.el6.noarch.rpm slf4j-jboss-logmanager-1.0.2-1.GA_redhat_1.3.ep6.el6.2.noarch.rpm sun-ws-metadata-2.0-api-1.0.MR1-12_MR1_redhat_3.ep6.el6.5.noarch.rpm velocity-eap6-1.7-2.1.redhat_2.ep6.el6.noarch.rpm weld-cdi-1.0-api-1.0-8.SP4_redhat_2.ep6.el6.noarch.rpm weld-core-1.1.13-1.Final_redhat_1.ep6.el6.1.noarch.rpm woodstox-core-4.2.0-7.redhat_2.ep6.el6.noarch.rpm woodstox-stax2-api-3.1.1-7.redhat_3.ep6.el6.noarch.rpm wsdl4j-eap6-1.6.2-12.3.redhat_4.ep6.el6.noarch.rpm wss4j-1.6.9-2.redhat_2.ep6.el6.noarch.rpm xerces-j2-eap6-2.9.1-14_redhat_4.ep6.el6.noarch.rpm xml-commons-resolver-eap6-1.2-10.redhat_3.ep6.el6.4.noarch.rpm xml-security-1.5.3-1.redhat_1.ep6.el6.noarch.rpm xmltooling-1.3.2-10.redhat_4.ep6.el6.noarch.rpm x86_64: apache-commons-daemon-jsvc-eap6-1.0.15-1.redhat_1.ep6.el6.x86_64.rpm apache-commons-daemon-jsvc-eap6-debuginfo-1.0.15-1.redhat_1.ep6.el6.x86_64.rpm hornetq-native-2.3.1-1.Final_redhat_1.ep6.el6.x86_64.rpm hornetq-native-debuginfo-2.3.1-1.Final_redhat_1.ep6.el6.x86_64.rpm httpd-2.2.22-18.ep6.el6.x86_64.rpm httpd-debuginfo-2.2.22-18.ep6.el6.x86_64.rpm httpd-devel-2.2.22-18.ep6.el6.x86_64.rpm httpd-tools-2.2.22-18.ep6.el6.x86_64.rpm jbossas-hornetq-native-2.3.1-1.Final_redhat_1.ep6.el6.x86_64.rpm jbossas-jbossweb-native-1.1.27-4.redhat_1.ep6.el6.x86_64.rpm mod_cluster-native-1.2.4-1.Final.redhat_1.ep6.el6.x86_64.rpm mod_cluster-native-debuginfo-1.2.4-1.Final.redhat_1.ep6.el6.x86_64.rpm mod_jk-ap22-1.2.37-2.redhat_1.ep6.el6.x86_64.rpm mod_jk-debuginfo-1.2.37-2.redhat_1.ep6.el6.x86_64.rpm mod_ssl-2.2.22-18.ep6.el6.x86_64.rpm tomcat-native-1.1.27-4.redhat_1.ep6.el6.x86_64.rpm tomcat-native-debuginfo-1.1.27-4.redhat_1.ep6.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-4529.html https://www.redhat.com/security/data/cve/CVE-2012-4572.html https://www.redhat.com/security/data/cve/CVE-2012-5575.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/documentation/ http://cxf.apache.org/cve-2012-5575.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRmn4rXlSAg2UNWIIRApJ9AJ9b/hFZ56Yj6zenXmy4ctIc/5Aw+wCfdTwX PJdiuXFX42Wj+ahEYfW81kk= =bErk -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon May 20 19:50:12 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 20 May 2013 19:50:12 +0000 Subject: [RHSA-2013:0839-02] Important: JBoss Enterprise Application Platform 6.1.0 update Message-ID: <201305201950.r4KJoDah031694@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: JBoss Enterprise Application Platform 6.1.0 update Advisory ID: RHSA-2013:0839-02 Product: JBoss Enterprise Application Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0839.html Issue date: 2013-05-20 CVE Names: CVE-2012-4529 CVE-2012-4572 CVE-2012-5575 ===================================================================== 1. Summary: Updated JBoss Enterprise Application Platform 6.1.0 packages that fix three security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: JBoss Enterprise Application Platform 6 for RHEL 5 Server - i386, noarch, x86_64 3. Description: JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.1, and includes bug fixes and enhancements. Refer to the 6.1.0 Release Notes for information on the most significant of these changes, available shortly from https://access.redhat.com/site/documentation/ Security fixes: XML encryption backwards compatibility attacks were found against various frameworks, including Apache CXF. An attacker could force a server to use insecure, legacy cryptosystems, even when secure cryptosystems were enabled on endpoints. By forcing the use of legacy cryptosystems, flaws such as CVE-2011-1096 and CVE-2011-2487 would be exposed, allowing plain text to be recovered from cryptograms and symmetric keys. (CVE-2012-5575) Note: Automatic checks to prevent CVE-2012-5575 are only run when WS-SecurityPolicy is used to enforce security requirements. It is best practice to use WS-SecurityPolicy to enforce security requirements. When applications running on JBoss Web used the COOKIE session tracking method, the org.apache.catalina.connector.Response.encodeURL() method returned the URL with the jsessionid appended as a query string parameter when processing the first request of a session. An attacker could possibly exploit this flaw by performing a man-in-the-middle attack to obtain a user's jsessionid and hijack their session, or by extracting the jsessionid from log files. Note that no session tracking method is used by default, one must be configured. (CVE-2012-4529) If multiple applications used the same custom authorization module class name, and provided their own implementations of it, the first application to be loaded will have its implementation used for all other applications using the same custom authorization module class name. A local attacker could use this flaw to deploy a malicious application that provides implementations of custom authorization modules that permit or deny user access according to rules supplied by the attacker. (CVE-2012-4572) Red Hat would like to thank Tibor Jager, Kenneth G. Paterson and Juraj Somorovsky of Ruhr-University Bochum for reporting CVE-2012-5575. CVE-2012-4572 was discovered by Josef Cacek of the Red Hat JBoss EAP Quality Engineering team. Warning: Before applying this update, back up your existing JBoss Enterprise Application Platform installation and deployed applications. Refer to the Solution section for further details. All users of JBoss Enterprise Application Platform 6.0.1 on Red Hat Enterprise Linux 5 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Also, back up any customized JBoss Enterprise Application Platform 6 configuration files. On update, the configuration files that have been locally modified will not be updated. The updated version of such files will be stored as the rpmnew files. Make sure to locate any such files after the update and merge any changes manually. For more details, refer to the Release Notes for JBoss Enterprise Application Platform 6.1.0, available shortly from https://access.redhat.com/site/documentation/ This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 868202 - CVE-2012-4529 JBoss Web: jsessionid exposed via encoded url when using cookie based session tracking 872059 - CVE-2012-4572 JBoss: custom authorization module implementations shared between applications 880443 - CVE-2012-5575 jbossws-native, jbossws-cxf, apache-cxf: XML encryption backwards compatibility attacks 6. Package List: JBoss Enterprise Application Platform 6 for RHEL 5 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/apache-commons-daemon-eap6-1.0.15-4.redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/apache-commons-daemon-jsvc-eap6-1.0.15-1.redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/apache-commons-pool-eap6-1.6-6.redhat_4.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/apache-cxf-2.6.6-20.redhat_3.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/apache-cxf-xjc-utils-2.6.0-1.redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/atinject-1-9.redhat_3.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/atinject-eap6-1-3.redhat_3.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/codehaus-jackson-1.9.9-4.redhat_2.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/dom4j-1.6.1-19.redhat_5.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/dom4j-eap6-1.6.1-19.redhat_5.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/ecj3-3.7.2-6.redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/glassfish-javamail-1.4.5-1.redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/glassfish-jaxb-2.2.5-14.redhat_5.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/glassfish-jaxb-eap6-2.2.5-14.redhat_5.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/glassfish-jsf-2.1.19-2.redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/glassfish-jsf12-1.2_15-12_b01_redhat_3.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/guava-libraries-13.0.1-1.redhat_1.ep6.el5.1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/h2database-1.3.168-3_redhat_2.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/hibernate4-4.2.0-4.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/hibernate4-validator-4.3.1-1.Final_redhat_1.1.ep6.el5.5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/hornetq-2.3.1-1.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/hornetq-native-2.3.1-1.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/httpcomponents-6-7.redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/httpd-2.2.22-19.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/infinispan-5.2.6-1.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/ironjacamar-1.0.17-1.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jacorb-jboss-2.3.2-11.redhat_4.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jansi-1.9-2.redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jaxbintros-1.0.2-14.GA_redhat_4.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbosgi-deployment-1.3.0-2.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbosgi-framework-core-2.1.0-2.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbosgi-metadata-2.2.0-1.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbosgi-repository-2.1.0-1.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbosgi-resolver-3.0.1-1.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbosgi-spi-3.2.0-1.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbosgi-vfs-1.2.1-1.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-aesh-0.33.3-1_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-appclient-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-cli-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-client-all-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-clustering-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-cmp-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-configadmin-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-connector-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-console-1.5.2-1.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-controller-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-controller-client-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-deployment-repository-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-deployment-scanner-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-domain-http-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-domain-management-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-ee-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-ee-deployment-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-ejb3-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-embedded-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-host-controller-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-jacorb-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-jaxr-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-jaxrs-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-jdr-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-jmx-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-jpa-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-jsf-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-jsr77-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-logging-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-mail-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-management-client-content-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-messaging-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-modcluster-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-naming-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-network-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-osgi-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-osgi-configadmin-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-osgi-service-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-platform-mbean-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-pojo-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-process-controller-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-protocol-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-remoting-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-sar-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-security-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-server-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-system-jmx-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-threads-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-transactions-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-version-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-web-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-webservices-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-weld-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-xts-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-common-beans-1.1.0-1.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-dmr-1.1.6-1.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-ejb-client-1.0.21-1.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-jaxrpc-api_1.1_spec-1.0.1-4.Final_redhat_3.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-jaxrs-api_1.1_spec-1.0.1-7.Final_redhat_2.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-jms-api_1.1_spec-1.0.1-6.Final_redhat_2.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-jsf-api_2.1_spec-2.1.19.1-1.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-logmanager-1.4.0-1.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-marshalling-1.3.16-.GA.redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-metadata-7.0.8-1.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-modules-1.2.0-2.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-msc-1.0.4-1.GA_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-remote-naming-1.0.6-2.Final_redhat_2.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-remoting3-3.2.16-1.GA_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-remoting3-jmx-1.1.0-1.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-security-negotiation-2.2.5-1.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-servlet-api_3.0_spec-1.0.2-1.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-threads-2.1.0-1.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-transaction-api_1.1_spec-1.0.1-6.Final_redhat_2.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossas-appclient-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossas-bundles-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossas-core-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossas-domain-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossas-javadocs-7.2.0-7.Final_redhat_7.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossas-modules-eap-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossas-product-eap-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossas-standalone-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossas-welcome-content-eap-7.2.0-8.Final_redhat_8.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossts-4.17.4-3.Final_redhat_2.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossweb-7.2.0-2.redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossws-api-1.0.1-1.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossws-common-2.1.1-1.Final_redhat_2.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossws-common-tools-1.1.0-1.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossws-cxf-4.1.3-1.Final_redhat_3.ep6.el5.2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossws-native-4.1.1-1.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossws-spi-2.1.2-1.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jcip-annotations-1.0-3.redhat_3.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jcip-annotations-eap6-1.0-3.1.redhat_3.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jgroups-3.2.7-1.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/joda-time-1.6.2-5.redhat_4.ep6.el5.5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jul-to-slf4j-stub-1.0.1-1.Final_redhat_1.1.ep6.el5.2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/mod_cluster-1.2.4-1.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/mod_cluster-native-1.2.4-1.Final.redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/mod_jk-1.2.37-2.redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/netty-3.6.2-1_redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/objectweb-asm-eap6-3.3.1-6.2.redhat_4.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/opensaml-2.5.1-1.redhat_1.ep6.el5.2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/openws-1.4.2-9_redhat_3.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/org.osgi-4.2.0-9.redhat_3.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/picketbox-4.0.17-1.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/picketlink-federation-2.1.6-3.Final_redhat_2.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/relaxngDatatype-2011.1-4.redhat_6.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/relaxngDatatype-eap6-2011.1-4.redhat_6.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/resteasy-2.3.6-1.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/slf4j-eap6-1.7.2-10.redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/slf4j-jboss-logmanager-1.0.2-1.GA_redhat_1.3.ep6.el5.2.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/sun-ws-metadata-2.0-api-1.0.MR1-12_MR1_redhat_3.ep6.el5.5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/tomcat-native-1.1.27-4.redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/velocity-eap6-1.7-2.1.redhat_2.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/weld-cdi-1.0-api-1.0-8.SP4_redhat_2.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/weld-core-1.1.13-1.Final_redhat_1.ep6.el5.1.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/woodstox-core-4.2.0-7.redhat_2.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/wsdl4j-eap6-1.6.2-12.3.redhat_4.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/wss4j-1.6.9-2.redhat_2.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/xerces-j2-eap6-2.9.1-14_redhat_4.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/xml-commons-resolver-eap6-1.2-10.redhat_3.ep6.el5.4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/xml-security-1.5.3-1.redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/xmltooling-1.3.2-10.redhat_4.ep6.el5.src.rpm i386: apache-commons-daemon-jsvc-eap6-1.0.15-1.redhat_1.ep6.el5.i386.rpm apache-commons-daemon-jsvc-eap6-debuginfo-1.0.15-1.redhat_1.ep6.el5.i386.rpm hornetq-native-2.3.1-1.Final_redhat_1.ep6.el5.i386.rpm hornetq-native-debuginfo-2.3.1-1.Final_redhat_1.ep6.el5.i386.rpm httpd-2.2.22-19.ep6.el5.i386.rpm httpd-debuginfo-2.2.22-19.ep6.el5.i386.rpm httpd-devel-2.2.22-19.ep6.el5.i386.rpm httpd-tools-2.2.22-19.ep6.el5.i386.rpm jbossas-hornetq-native-2.3.1-1.Final_redhat_1.ep6.el5.i386.rpm jbossas-jbossweb-native-1.1.27-4.redhat_1.ep6.el5.i386.rpm mod_cluster-native-1.2.4-1.Final.redhat_1.ep6.el5.i386.rpm mod_cluster-native-debuginfo-1.2.4-1.Final.redhat_1.ep6.el5.i386.rpm mod_jk-ap22-1.2.37-2.redhat_1.ep6.el5.i386.rpm mod_jk-debuginfo-1.2.37-2.redhat_1.ep6.el5.i386.rpm mod_ssl-2.2.22-19.ep6.el5.i386.rpm tomcat-native-1.1.27-4.redhat_1.ep6.el5.i386.rpm tomcat-native-debuginfo-1.1.27-4.redhat_1.ep6.el5.i386.rpm noarch: apache-commons-daemon-eap6-1.0.15-4.redhat_1.ep6.el5.noarch.rpm apache-commons-pool-eap6-1.6-6.redhat_4.ep6.el5.noarch.rpm apache-cxf-2.6.6-20.redhat_3.ep6.el5.noarch.rpm apache-cxf-xjc-utils-2.6.0-1.redhat_1.ep6.el5.noarch.rpm atinject-1-9.redhat_3.ep6.el5.noarch.rpm atinject-eap6-1-3.redhat_3.ep6.el5.noarch.rpm codehaus-jackson-1.9.9-4.redhat_2.ep6.el5.noarch.rpm codehaus-jackson-core-asl-1.9.9-4.redhat_2.ep6.el5.noarch.rpm codehaus-jackson-jaxrs-1.9.9-4.redhat_2.ep6.el5.noarch.rpm codehaus-jackson-mapper-asl-1.9.9-4.redhat_2.ep6.el5.noarch.rpm codehaus-jackson-xc-1.9.9-4.redhat_2.ep6.el5.noarch.rpm cxf-xjc-boolean-2.6.0-1.redhat_1.ep6.el5.noarch.rpm cxf-xjc-dv-2.6.0-1.redhat_1.ep6.el5.noarch.rpm cxf-xjc-ts-2.6.0-1.redhat_1.ep6.el5.noarch.rpm dom4j-1.6.1-19.redhat_5.ep6.el5.noarch.rpm dom4j-eap6-1.6.1-19.redhat_5.ep6.el5.noarch.rpm ecj3-3.7.2-6.redhat_1.ep6.el5.noarch.rpm glassfish-javamail-1.4.5-1.redhat_1.ep6.el5.noarch.rpm glassfish-jaxb-2.2.5-14.redhat_5.ep6.el5.noarch.rpm glassfish-jaxb-eap6-2.2.5-14.redhat_5.ep6.el5.noarch.rpm glassfish-jsf-2.1.19-2.redhat_1.ep6.el5.noarch.rpm glassfish-jsf12-1.2_15-12_b01_redhat_3.ep6.el5.noarch.rpm guava-13.0.1-1.redhat_1.ep6.el5.1.noarch.rpm h2database-1.3.168-3_redhat_2.ep6.el5.noarch.rpm hibernate4-4.2.0-4.Final_redhat_1.ep6.el5.noarch.rpm hibernate4-core-4.2.0-4.Final_redhat_1.ep6.el5.noarch.rpm hibernate4-entitymanager-4.2.0-4.Final_redhat_1.ep6.el5.noarch.rpm hibernate4-envers-4.2.0-4.Final_redhat_1.ep6.el5.noarch.rpm hibernate4-infinispan-4.2.0-4.Final_redhat_1.ep6.el5.noarch.rpm hibernate4-validator-4.3.1-1.Final_redhat_1.1.ep6.el5.5.noarch.rpm hornetq-2.3.1-1.Final_redhat_1.ep6.el5.noarch.rpm httpclient-4.2.1-7.redhat_1.ep6.el5.noarch.rpm httpcomponents-client-4.2.1-7.redhat_1.ep6.el5.noarch.rpm httpcomponents-core-4.2.1-7.redhat_1.ep6.el5.noarch.rpm httpcomponents-project-6-7.redhat_1.ep6.el5.noarch.rpm httpcore-4.2.1-7.redhat_1.ep6.el5.noarch.rpm httpmime-4.2.1-7.redhat_1.ep6.el5.noarch.rpm infinispan-5.2.6-1.Final_redhat_1.ep6.el5.noarch.rpm infinispan-cachestore-jdbc-5.2.6-1.Final_redhat_1.ep6.el5.noarch.rpm infinispan-cachestore-remote-5.2.6-1.Final_redhat_1.ep6.el5.noarch.rpm infinispan-client-hotrod-5.2.6-1.Final_redhat_1.ep6.el5.noarch.rpm infinispan-core-5.2.6-1.Final_redhat_1.ep6.el5.noarch.rpm ironjacamar-1.0.17-1.Final_redhat_1.ep6.el5.noarch.rpm jacorb-jboss-2.3.2-11.redhat_4.ep6.el5.noarch.rpm jansi-1.9-2.redhat_1.ep6.el5.noarch.rpm jaxbintros-1.0.2-14.GA_redhat_4.ep6.el5.noarch.rpm jbosgi-deployment-1.3.0-2.Final_redhat_1.ep6.el5.noarch.rpm jbosgi-framework-core-2.1.0-2.Final_redhat_1.ep6.el5.noarch.rpm jbosgi-metadata-2.2.0-1.Final_redhat_1.ep6.el5.noarch.rpm jbosgi-repository-2.1.0-1.Final_redhat_1.ep6.el5.noarch.rpm jbosgi-resolver-3.0.1-1.Final_redhat_1.ep6.el5.noarch.rpm jbosgi-spi-3.2.0-1.Final_redhat_1.ep6.el5.noarch.rpm jbosgi-vfs-1.2.1-1.Final_redhat_1.ep6.el5.noarch.rpm jboss-aesh-0.33.3-1_redhat_1.ep6.el5.noarch.rpm jboss-as-appclient-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-cli-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-client-all-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-clustering-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-cmp-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-configadmin-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-connector-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-console-1.5.2-1.Final_redhat_1.ep6.el5.noarch.rpm jboss-as-controller-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-controller-client-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-deployment-repository-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-deployment-scanner-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-domain-http-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-domain-management-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-ee-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-ee-deployment-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-ejb3-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-embedded-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-host-controller-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-jacorb-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-jaxr-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-jaxrs-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-jdr-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-jmx-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-jpa-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-jsf-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-jsr77-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-logging-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-mail-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-management-client-content-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-messaging-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-modcluster-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-naming-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-network-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-osgi-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-osgi-configadmin-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-osgi-service-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-platform-mbean-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-pojo-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-process-controller-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-protocol-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-remoting-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-sar-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-security-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-server-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-system-jmx-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-threads-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-transactions-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-version-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-web-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-webservices-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-weld-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-as-xts-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jboss-common-beans-1.1.0-1.Final_redhat_1.ep6.el5.noarch.rpm jboss-dmr-1.1.6-1.Final_redhat_1.ep6.el5.noarch.rpm jboss-ejb-client-1.0.21-1.Final_redhat_1.ep6.el5.noarch.rpm jboss-jaxrpc-api_1.1_spec-1.0.1-4.Final_redhat_3.ep6.el5.noarch.rpm jboss-jaxrs-api_1.1_spec-1.0.1-7.Final_redhat_2.ep6.el5.noarch.rpm jboss-jms-api_1.1_spec-1.0.1-6.Final_redhat_2.ep6.el5.noarch.rpm jboss-jsf-api_2.1_spec-2.1.19.1-1.Final_redhat_1.ep6.el5.noarch.rpm jboss-logmanager-1.4.0-1.Final_redhat_1.ep6.el5.noarch.rpm jboss-marshalling-1.3.16-.GA.redhat_1.ep6.el5.noarch.rpm jboss-metadata-7.0.8-1.Final_redhat_1.ep6.el5.noarch.rpm jboss-metadata-appclient-7.0.8-1.Final_redhat_1.ep6.el5.noarch.rpm jboss-metadata-common-7.0.8-1.Final_redhat_1.ep6.el5.noarch.rpm jboss-metadata-ear-7.0.8-1.Final_redhat_1.ep6.el5.noarch.rpm jboss-metadata-ejb-7.0.8-1.Final_redhat_1.ep6.el5.noarch.rpm jboss-metadata-web-7.0.8-1.Final_redhat_1.ep6.el5.noarch.rpm jboss-modules-1.2.0-2.Final_redhat_1.ep6.el5.noarch.rpm jboss-msc-1.0.4-1.GA_redhat_1.ep6.el5.noarch.rpm jboss-remote-naming-1.0.6-2.Final_redhat_2.ep6.el5.noarch.rpm jboss-remoting3-3.2.16-1.GA_redhat_1.ep6.el5.noarch.rpm jboss-remoting3-jmx-1.1.0-1.Final_redhat_1.ep6.el5.noarch.rpm jboss-security-negotiation-2.2.5-1.Final_redhat_1.ep6.el5.noarch.rpm jboss-servlet-api_3.0_spec-1.0.2-1.Final_redhat_1.ep6.el5.noarch.rpm jboss-threads-2.1.0-1.Final_redhat_1.ep6.el5.noarch.rpm jboss-transaction-api_1.1_spec-1.0.1-6.Final_redhat_2.ep6.el5.noarch.rpm jbossas-appclient-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jbossas-bundles-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jbossas-core-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jbossas-domain-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jbossas-javadocs-7.2.0-7.Final_redhat_7.ep6.el5.noarch.rpm jbossas-modules-eap-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jbossas-product-eap-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jbossas-standalone-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jbossas-welcome-content-eap-7.2.0-8.Final_redhat_8.ep6.el5.noarch.rpm jbossts-4.17.4-3.Final_redhat_2.ep6.el5.noarch.rpm jbossweb-7.2.0-2.redhat_1.ep6.el5.noarch.rpm jbossws-api-1.0.1-1.Final_redhat_1.ep6.el5.noarch.rpm jbossws-common-2.1.1-1.Final_redhat_2.ep6.el5.noarch.rpm jbossws-common-tools-1.1.0-1.Final_redhat_1.ep6.el5.noarch.rpm jbossws-cxf-4.1.3-1.Final_redhat_3.ep6.el5.2.noarch.rpm jbossws-native-4.1.1-1.Final_redhat_1.ep6.el5.noarch.rpm jbossws-spi-2.1.2-1.Final_redhat_1.ep6.el5.noarch.rpm jcip-annotations-1.0-3.redhat_3.ep6.el5.noarch.rpm jcip-annotations-eap6-1.0-3.1.redhat_3.ep6.el5.noarch.rpm jgroups-3.2.7-1.Final_redhat_1.ep6.el5.noarch.rpm joda-time-1.6.2-5.redhat_4.ep6.el5.5.noarch.rpm jul-to-slf4j-stub-1.0.1-1.Final_redhat_1.1.ep6.el5.2.noarch.rpm mod_cluster-1.2.4-1.Final_redhat_1.ep6.el5.noarch.rpm mod_cluster-demo-1.2.4-1.Final_redhat_1.ep6.el5.noarch.rpm netty-3.6.2-1_redhat_1.1.ep6.el5.noarch.rpm objectweb-asm-eap6-3.3.1-6.2.redhat_4.ep6.el5.noarch.rpm opensaml-2.5.1-1.redhat_1.ep6.el5.2.noarch.rpm openws-1.4.2-9_redhat_3.ep6.el5.noarch.rpm org.osgi.core-4.2.0-9.redhat_3.ep6.el5.noarch.rpm org.osgi.enterprise-4.2.0-9.redhat_3.ep6.el5.noarch.rpm picketbox-4.0.17-1.Final_redhat_1.ep6.el5.noarch.rpm picketlink-federation-2.1.6-3.Final_redhat_2.ep6.el5.noarch.rpm relaxngDatatype-2011.1-4.redhat_6.ep6.el5.noarch.rpm relaxngDatatype-eap6-2011.1-4.redhat_6.ep6.el5.noarch.rpm resteasy-2.3.6-1.Final_redhat_1.ep6.el5.noarch.rpm slf4j-1.7.2-10.redhat_1.ep6.el5.noarch.rpm slf4j-eap6-1.7.2-10.redhat_1.ep6.el5.noarch.rpm slf4j-jboss-logmanager-1.0.2-1.GA_redhat_1.3.ep6.el5.2.noarch.rpm sun-ws-metadata-2.0-api-1.0.MR1-12_MR1_redhat_3.ep6.el5.5.noarch.rpm velocity-eap6-1.7-2.1.redhat_2.ep6.el5.noarch.rpm weld-cdi-1.0-api-1.0-8.SP4_redhat_2.ep6.el5.noarch.rpm weld-core-1.1.13-1.Final_redhat_1.ep6.el5.1.noarch.rpm woodstox-core-4.2.0-7.redhat_2.ep6.el5.noarch.rpm woodstox-stax2-api-3.1.1-7.redhat_3.ep6.el5.noarch.rpm wsdl4j-eap6-1.6.2-12.3.redhat_4.ep6.el5.noarch.rpm wss4j-1.6.9-2.redhat_2.ep6.el5.noarch.rpm xerces-j2-eap6-2.9.1-14_redhat_4.ep6.el5.noarch.rpm xml-commons-resolver-eap6-1.2-10.redhat_3.ep6.el5.4.noarch.rpm xml-security-1.5.3-1.redhat_1.ep6.el5.noarch.rpm xmltooling-1.3.2-10.redhat_4.ep6.el5.noarch.rpm x86_64: apache-commons-daemon-jsvc-eap6-1.0.15-1.redhat_1.ep6.el5.x86_64.rpm apache-commons-daemon-jsvc-eap6-debuginfo-1.0.15-1.redhat_1.ep6.el5.x86_64.rpm hornetq-native-2.3.1-1.Final_redhat_1.ep6.el5.x86_64.rpm hornetq-native-debuginfo-2.3.1-1.Final_redhat_1.ep6.el5.x86_64.rpm httpd-2.2.22-19.ep6.el5.x86_64.rpm httpd-debuginfo-2.2.22-19.ep6.el5.x86_64.rpm httpd-devel-2.2.22-19.ep6.el5.x86_64.rpm httpd-tools-2.2.22-19.ep6.el5.x86_64.rpm jbossas-hornetq-native-2.3.1-1.Final_redhat_1.ep6.el5.x86_64.rpm jbossas-jbossweb-native-1.1.27-4.redhat_1.ep6.el5.x86_64.rpm mod_cluster-native-1.2.4-1.Final.redhat_1.ep6.el5.x86_64.rpm mod_cluster-native-debuginfo-1.2.4-1.Final.redhat_1.ep6.el5.x86_64.rpm mod_jk-ap22-1.2.37-2.redhat_1.ep6.el5.x86_64.rpm mod_jk-debuginfo-1.2.37-2.redhat_1.ep6.el5.x86_64.rpm mod_ssl-2.2.22-19.ep6.el5.x86_64.rpm tomcat-native-1.1.27-4.redhat_1.ep6.el5.x86_64.rpm tomcat-native-debuginfo-1.1.27-4.redhat_1.ep6.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-4529.html https://www.redhat.com/security/data/cve/CVE-2012-4572.html https://www.redhat.com/security/data/cve/CVE-2012-5575.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/documentation/ http://cxf.apache.org/cve-2012-5575.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRmn5mXlSAg2UNWIIRAi9qAKDAanLvG4hSxQxUy9p69GnXwdC7FgCfeYiX TgBhzXPYWGcmroVi1rplzz0= =ZMQF -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 28 17:50:56 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 28 May 2013 17:50:56 +0000 Subject: [RHSA-2013:0871-01] Important: tomcat6 and tomcat7 security update Message-ID: <201305281750.r4SHouLe012435@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: tomcat6 and tomcat7 security update Advisory ID: RHSA-2013:0871-01 Product: JBoss Enterprise Web Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0871.html Issue date: 2013-05-28 CVE Names: CVE-2013-1976 ===================================================================== 1. Summary: Updated tomcat6 and tomcat7 packages that fix one security issue are now available for JBoss Enterprise Web Server 2.0.0 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: JBoss Enterprise Web Server 2 for RHEL 5 Server - noarch JBoss Enterprise Web Server 2 for RHEL 6 Server - noarch 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A flaw was found in the way the tomcat6 and tomcat7 init scripts handled the tomcat6-initd.log and tomcat7-initd.log log files. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. (CVE-2013-1976) Note: With this update, tomcat6-initd.log and tomcat7-initd.log have been moved to the /var/log/ directory. Red Hat would like to thank Simon Fayer of Imperial College London for reporting this issue. Warning: Before applying the update, back up your existing JBoss Enterprise Web Server installation (including all applications and configuration files). Users of Tomcat should upgrade to these updated packages, which resolve this issue. Tomcat must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 927622 - CVE-2013-1976 tomcat: Improper TOMCAT_LOG management in init script (DoS, ACE) 6. Package List: JBoss Enterprise Web Server 2 for RHEL 5 Server: Source: tomcat6-6.0.35-12_patch_07.ep6.el5.src.rpm tomcat7-7.0.30-5_patch_03.ep6.el5.src.rpm noarch: tomcat6-6.0.35-12_patch_07.ep6.el5.noarch.rpm tomcat6-admin-webapps-6.0.35-12_patch_07.ep6.el5.noarch.rpm tomcat6-docs-webapp-6.0.35-12_patch_07.ep6.el5.noarch.rpm tomcat6-el-1.0-api-6.0.35-12_patch_07.ep6.el5.noarch.rpm tomcat6-javadoc-6.0.35-12_patch_07.ep6.el5.noarch.rpm tomcat6-jsp-2.1-api-6.0.35-12_patch_07.ep6.el5.noarch.rpm tomcat6-lib-6.0.35-12_patch_07.ep6.el5.noarch.rpm tomcat6-log4j-6.0.35-12_patch_07.ep6.el5.noarch.rpm tomcat6-servlet-2.5-api-6.0.35-12_patch_07.ep6.el5.noarch.rpm tomcat6-webapps-6.0.35-12_patch_07.ep6.el5.noarch.rpm tomcat7-7.0.30-5_patch_03.ep6.el5.noarch.rpm tomcat7-admin-webapps-7.0.30-5_patch_03.ep6.el5.noarch.rpm tomcat7-docs-webapp-7.0.30-5_patch_03.ep6.el5.noarch.rpm tomcat7-el-1.0-api-7.0.30-5_patch_03.ep6.el5.noarch.rpm tomcat7-javadoc-7.0.30-5_patch_03.ep6.el5.noarch.rpm tomcat7-jsp-2.2-api-7.0.30-5_patch_03.ep6.el5.noarch.rpm tomcat7-lib-7.0.30-5_patch_03.ep6.el5.noarch.rpm tomcat7-log4j-7.0.30-5_patch_03.ep6.el5.noarch.rpm tomcat7-servlet-3.0-api-7.0.30-5_patch_03.ep6.el5.noarch.rpm tomcat7-webapps-7.0.30-5_patch_03.ep6.el5.noarch.rpm JBoss Enterprise Web Server 2 for RHEL 6 Server: Source: tomcat6-6.0.35-33_patch_07.ep6.el6.src.rpm tomcat7-7.0.30-7_patch_03.ep6.el6.src.rpm noarch: tomcat6-6.0.35-33_patch_07.ep6.el6.noarch.rpm tomcat6-admin-webapps-6.0.35-33_patch_07.ep6.el6.noarch.rpm tomcat6-docs-webapp-6.0.35-33_patch_07.ep6.el6.noarch.rpm tomcat6-el-1.0-api-6.0.35-33_patch_07.ep6.el6.noarch.rpm tomcat6-javadoc-6.0.35-33_patch_07.ep6.el6.noarch.rpm tomcat6-jsp-2.1-api-6.0.35-33_patch_07.ep6.el6.noarch.rpm tomcat6-lib-6.0.35-33_patch_07.ep6.el6.noarch.rpm tomcat6-log4j-6.0.35-33_patch_07.ep6.el6.noarch.rpm tomcat6-servlet-2.5-api-6.0.35-33_patch_07.ep6.el6.noarch.rpm tomcat6-webapps-6.0.35-33_patch_07.ep6.el6.noarch.rpm tomcat7-7.0.30-7_patch_03.ep6.el6.noarch.rpm tomcat7-admin-webapps-7.0.30-7_patch_03.ep6.el6.noarch.rpm tomcat7-docs-webapp-7.0.30-7_patch_03.ep6.el6.noarch.rpm tomcat7-el-1.0-api-7.0.30-7_patch_03.ep6.el6.noarch.rpm tomcat7-javadoc-7.0.30-7_patch_03.ep6.el6.noarch.rpm tomcat7-jsp-2.2-api-7.0.30-7_patch_03.ep6.el6.noarch.rpm tomcat7-lib-7.0.30-7_patch_03.ep6.el6.noarch.rpm tomcat7-log4j-7.0.30-7_patch_03.ep6.el6.noarch.rpm tomcat7-servlet-3.0-api-7.0.30-7_patch_03.ep6.el6.noarch.rpm tomcat7-webapps-7.0.30-7_patch_03.ep6.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1976.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRpO5CXlSAg2UNWIIRAq53AKColwIoAaj/llqSJZ3toxOG5t1QVwCeNSk3 ljdq7QG+M1MvW3PF6p4XVJ8= =2gzT -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 28 17:52:03 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 28 May 2013 17:52:03 +0000 Subject: [RHSA-2013:0872-01] Important: tomcat5 and tomcat6 security update Message-ID: <201305281752.r4SHq3Nl006561@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: tomcat5 and tomcat6 security update Advisory ID: RHSA-2013:0872-01 Product: JBoss Enterprise Web Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0872.html Issue date: 2013-05-28 CVE Names: CVE-2013-1976 ===================================================================== 1. Summary: Updated tomcat5 and tomcat6 packages that fix one security issue are now available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: JBoss Enterprise Web Server 1.0 for RHEL 5 Server - noarch JBoss Enterprise Web Server 1.0 for RHEL 6 Server - noarch 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A flaw was found in the way the tomcat5 and tomcat6 init scripts handled the tomcat5-initd.log and tomcat6-initd.log log files. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. (CVE-2013-1976) Note: With this update, tomcat5-initd.log and tomcat6-initd.log have been moved to the /var/log/ directory. Red Hat would like to thank Simon Fayer of Imperial College London for reporting this issue. Warning: Before applying the update, back up your existing JBoss Enterprise Web Server installation (including all applications and configuration files). Users of Tomcat should upgrade to these updated packages, which resolve this issue. Tomcat must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 927622 - CVE-2013-1976 tomcat: Improper TOMCAT_LOG management in init script (DoS, ACE) 6. Package List: JBoss Enterprise Web Server 1.0 for RHEL 5 Server: Source: tomcat5-5.5.33-33_patch_09.ep5.el5.src.rpm tomcat6-6.0.32-32_patch_09.ep5.el5.src.rpm noarch: tomcat5-5.5.33-33_patch_09.ep5.el5.noarch.rpm tomcat5-admin-webapps-5.5.33-33_patch_09.ep5.el5.noarch.rpm tomcat5-common-lib-5.5.33-33_patch_09.ep5.el5.noarch.rpm tomcat5-jasper-5.5.33-33_patch_09.ep5.el5.noarch.rpm tomcat5-jasper-eclipse-5.5.33-33_patch_09.ep5.el5.noarch.rpm tomcat5-jasper-javadoc-5.5.33-33_patch_09.ep5.el5.noarch.rpm tomcat5-jsp-2.0-api-5.5.33-33_patch_09.ep5.el5.noarch.rpm tomcat5-jsp-2.0-api-javadoc-5.5.33-33_patch_09.ep5.el5.noarch.rpm tomcat5-parent-5.5.33-33_patch_09.ep5.el5.noarch.rpm tomcat5-server-lib-5.5.33-33_patch_09.ep5.el5.noarch.rpm tomcat5-servlet-2.4-api-5.5.33-33_patch_09.ep5.el5.noarch.rpm tomcat5-servlet-2.4-api-javadoc-5.5.33-33_patch_09.ep5.el5.noarch.rpm tomcat5-webapps-5.5.33-33_patch_09.ep5.el5.noarch.rpm tomcat6-6.0.32-32_patch_09.ep5.el5.noarch.rpm tomcat6-admin-webapps-6.0.32-32_patch_09.ep5.el5.noarch.rpm tomcat6-docs-webapp-6.0.32-32_patch_09.ep5.el5.noarch.rpm tomcat6-el-1.0-api-6.0.32-32_patch_09.ep5.el5.noarch.rpm tomcat6-javadoc-6.0.32-32_patch_09.ep5.el5.noarch.rpm tomcat6-jsp-2.1-api-6.0.32-32_patch_09.ep5.el5.noarch.rpm tomcat6-lib-6.0.32-32_patch_09.ep5.el5.noarch.rpm tomcat6-log4j-6.0.32-32_patch_09.ep5.el5.noarch.rpm tomcat6-servlet-2.5-api-6.0.32-32_patch_09.ep5.el5.noarch.rpm tomcat6-webapps-6.0.32-32_patch_09.ep5.el5.noarch.rpm JBoss Enterprise Web Server 1.0 for RHEL 6 Server: Source: tomcat5-5.5.33-36_patch_09.ep5.el6.src.rpm tomcat6-6.0.32-35_patch_09.ep5.el6.src.rpm noarch: tomcat5-5.5.33-36_patch_09.ep5.el6.noarch.rpm tomcat5-admin-webapps-5.5.33-36_patch_09.ep5.el6.noarch.rpm tomcat5-common-lib-5.5.33-36_patch_09.ep5.el6.noarch.rpm tomcat5-jasper-5.5.33-36_patch_09.ep5.el6.noarch.rpm tomcat5-jasper-eclipse-5.5.33-36_patch_09.ep5.el6.noarch.rpm tomcat5-jasper-javadoc-5.5.33-36_patch_09.ep5.el6.noarch.rpm tomcat5-jsp-2.0-api-5.5.33-36_patch_09.ep5.el6.noarch.rpm tomcat5-jsp-2.0-api-javadoc-5.5.33-36_patch_09.ep5.el6.noarch.rpm tomcat5-parent-5.5.33-36_patch_09.ep5.el6.noarch.rpm tomcat5-server-lib-5.5.33-36_patch_09.ep5.el6.noarch.rpm tomcat5-servlet-2.4-api-5.5.33-36_patch_09.ep5.el6.noarch.rpm tomcat5-servlet-2.4-api-javadoc-5.5.33-36_patch_09.ep5.el6.noarch.rpm tomcat5-webapps-5.5.33-36_patch_09.ep5.el6.noarch.rpm tomcat6-6.0.32-35_patch_09.ep5.el6.noarch.rpm tomcat6-admin-webapps-6.0.32-35_patch_09.ep5.el6.noarch.rpm tomcat6-docs-webapp-6.0.32-35_patch_09.ep5.el6.noarch.rpm tomcat6-el-1.0-api-6.0.32-35_patch_09.ep5.el6.noarch.rpm tomcat6-javadoc-6.0.32-35_patch_09.ep5.el6.noarch.rpm tomcat6-jsp-2.1-api-6.0.32-35_patch_09.ep5.el6.noarch.rpm tomcat6-lib-6.0.32-35_patch_09.ep5.el6.noarch.rpm tomcat6-log4j-6.0.32-35_patch_09.ep5.el6.noarch.rpm tomcat6-servlet-2.5-api-6.0.32-35_patch_09.ep5.el6.noarch.rpm tomcat6-webapps-6.0.32-35_patch_09.ep5.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1976.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRpO6PXlSAg2UNWIIRAh+EAKCQ+F9CPWcuOu8h97g0q8IskdXGdgCfR5CW 2aYbYn+xxWbanU9FjBUyEg8= =62zu -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 28 17:53:15 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 28 May 2013 17:53:15 +0000 Subject: [RHSA-2013:0873-01] Important: JBoss Enterprise Application Platform 5.2.0 security update Message-ID: <201305281753.r4SHrF5f030011@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: JBoss Enterprise Application Platform 5.2.0 security update Advisory ID: RHSA-2013:0873-01 Product: JBoss Enterprise Application Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0873.html Issue date: 2013-05-28 CVE Names: CVE-2012-5575 ===================================================================== 1. Summary: Updated packages for JBoss Enterprise Application Platform 5.2.0 which fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: JBoss Enterprise Application Platform 5 for RHEL 4 AS - noarch JBoss Enterprise Application Platform 5 for RHEL 4 ES - noarch JBoss Enterprise Application Platform 5 for RHEL 5 Server - noarch JBoss Enterprise Application Platform 5 for RHEL 6 Server - noarch 3. Description: JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. XML encryption backwards compatibility attacks were found against various frameworks, including Apache CXF. An attacker could force a server to use insecure, legacy cryptosystems, even when secure cryptosystems were enabled on endpoints. By forcing the use of legacy cryptosystems, flaws such as CVE-2011-1096 and CVE-2011-2487 would be exposed, allowing plain text to be recovered from cryptograms and symmetric keys. This issue affected both the JBoss Web Services CXF (jbossws-cxf) and JBoss Web Services Native (jbossws-native) stacks. (CVE-2012-5575) Red Hat would like to thank Tibor Jager, Kenneth G. Paterson and Juraj Somorovsky of Ruhr-University Bochum for reporting this issue. If you are using jbossws-cxf, then automatic checks to prevent this flaw are only run when WS-SecurityPolicy is used to enforce security requirements. It is best practice to use WS-SecurityPolicy to enforce security requirements. If you are using jbossws-native, the fix for this flaw is implemented by two new configuration parameters in the 'encryption' element. This element can be a child of 'requires' in both client and server wsse configuration descriptors (set on a per-application basis via the application's jboss-wsse-server.xml and jboss-wsse-client.xml files). The new attributes are 'algorithms' and 'keyWrapAlgorithms'. These attributes should contain a blank space or comma separated list of algorithm IDs that are allowed for the encrypted incoming message, both for encryption and private key wrapping. For backwards compatibility, no algorithm checks are performed by default for empty lists or missing attributes. For example (do not include the line break in your configuration): encryption algorithms="aes-192-gcm aes-256-gcm" keyWrapAlgorithms="rsa_oaep" Specifies that incoming messages are required to be encrypted, and that the only permitted encryption algorithms are AES-192 and 256 in GCM mode, and RSA-OAEP only for key wrapping. Before performing any decryption, the jbossws-native stack will verify that each algorithm specified in the incoming messages is included in the allowed algorithms lists from these new encryption element attributes. The algorithm values to be used for 'algorithms' and 'keyWrapAlgorithms' are the same as for 'algorithm' and 'keyWrapAlgorithm' in the 'encrypt' element. Warning: Before applying this update, back up your existing JBoss Enterprise Application Platform installation (including all applications and configuration files). All users of JBoss Enterprise Application Platform 5.2.0 on Red Hat Enterprise Linux 4, 5, and 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 880443 - CVE-2012-5575 jbossws-native, jbossws-cxf, apache-cxf: XML encryption backwards compatibility attacks 6. Package List: JBoss Enterprise Application Platform 5 for RHEL 4 AS: Source: ftp://updates.redhat.com/enterprise/4AS/en/JBEAP/SRPMS/apache-cxf-2.2.12-12.patch_07.ep5.el4.src.rpm ftp://updates.redhat.com/enterprise/4AS/en/JBEAP/SRPMS/jbossws-3.1.2-14.SP15_patch_02.ep5.el4.src.rpm ftp://updates.redhat.com/enterprise/4AS/en/JBEAP/SRPMS/wss4j-1.5.12-6_patch_03.ep5.el4.src.rpm noarch: apache-cxf-2.2.12-12.patch_07.ep5.el4.noarch.rpm jbossws-3.1.2-14.SP15_patch_02.ep5.el4.noarch.rpm wss4j-1.5.12-6_patch_03.ep5.el4.noarch.rpm JBoss Enterprise Application Platform 5 for RHEL 4 ES: Source: ftp://updates.redhat.com/enterprise/4ES/en/JBEAP/SRPMS/apache-cxf-2.2.12-12.patch_07.ep5.el4.src.rpm ftp://updates.redhat.com/enterprise/4ES/en/JBEAP/SRPMS/jbossws-3.1.2-14.SP15_patch_02.ep5.el4.src.rpm ftp://updates.redhat.com/enterprise/4ES/en/JBEAP/SRPMS/wss4j-1.5.12-6_patch_03.ep5.el4.src.rpm noarch: apache-cxf-2.2.12-12.patch_07.ep5.el4.noarch.rpm jbossws-3.1.2-14.SP15_patch_02.ep5.el4.noarch.rpm wss4j-1.5.12-6_patch_03.ep5.el4.noarch.rpm JBoss Enterprise Application Platform 5 for RHEL 5 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/apache-cxf-2.2.12-12.patch_07.ep5.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossws-3.1.2-14.SP15_patch_02.ep5.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/wss4j-1.5.12-6_patch_03.ep5.el5.src.rpm noarch: apache-cxf-2.2.12-12.patch_07.ep5.el5.noarch.rpm jbossws-3.1.2-14.SP15_patch_02.ep5.el5.noarch.rpm wss4j-1.5.12-6_patch_03.ep5.el5.noarch.rpm JBoss Enterprise Application Platform 5 for RHEL 6 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/apache-cxf-2.2.12-12.patch_07.ep5.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossws-3.1.2-14.SP15_patch_02.ep5.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/wss4j-1.5.12-6_patch_03.ep5.el6.src.rpm noarch: apache-cxf-2.2.12-12.patch_07.ep5.el6.noarch.rpm jbossws-3.1.2-14.SP15_patch_02.ep5.el6.noarch.rpm wss4j-1.5.12-6_patch_03.ep5.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5575.html https://access.redhat.com/security/updates/classification/#important http://ws.apache.org/wss4j/best_practice.html http://cxf.apache.org/cve-2012-5575.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRpO72XlSAg2UNWIIRAg6SAJ98q8sHWcmQDO/N0Gk3my43HBgUqgCeMKD/ vZuqul6GjKIzxuw+06zCTPo= =1ZuP -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 28 17:53:50 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 28 May 2013 17:53:50 +0000 Subject: [RHSA-2013:0874-01] Important: JBoss Enterprise Web Platform 5.2.0 security update Message-ID: <201305281753.r4SHro2x030140@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: JBoss Enterprise Web Platform 5.2.0 security update Advisory ID: RHSA-2013:0874-01 Product: JBoss Enterprise Web Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0874.html Issue date: 2013-05-28 CVE Names: CVE-2012-5575 ===================================================================== 1. Summary: Updated packages for JBoss Enterprise Web Platform 5.2.0 which fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: JBoss Enterprise Web Platform 5 for RHEL 4 AS - noarch JBoss Enterprise Web Platform 5 for RHEL 4 ES - noarch JBoss Enterprise Web Platform 5 for RHEL 5 Server - noarch JBoss Enterprise Web Platform 5 for RHEL 6 Server - noarch 3. Description: The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and rich Java applications. XML encryption backwards compatibility attacks were found against various frameworks, including Apache CXF. An attacker could force a server to use insecure, legacy cryptosystems, even when secure cryptosystems were enabled on endpoints. By forcing the use of legacy cryptosystems, flaws such as CVE-2011-1096 and CVE-2011-2487 would be exposed, allowing plain text to be recovered from cryptograms and symmetric keys. This issue affected both the JBoss Web Services CXF (jbossws-cxf) and JBoss Web Services Native (jbossws-native) stacks. (CVE-2012-5575) Red Hat would like to thank Tibor Jager, Kenneth G. Paterson and Juraj Somorovsky of Ruhr-University Bochum for reporting this issue. If you are using jbossws-cxf, then automatic checks to prevent this flaw are only run when WS-SecurityPolicy is used to enforce security requirements. It is best practice to use WS-SecurityPolicy to enforce security requirements. If you are using jbossws-native, the fix for this flaw is implemented by two new configuration parameters in the 'encryption' element. This element can be a child of 'requires' in both client and server wsse configuration descriptors (set on a per-application basis via the application's jboss-wsse-server.xml and jboss-wsse-client.xml files). The new attributes are 'algorithms' and 'keyWrapAlgorithms'. These attributes should contain a blank space or comma separated list of algorithm IDs that are allowed for the encrypted incoming message, both for encryption and private key wrapping. For backwards compatibility, no algorithm checks are performed by default for empty lists or missing attributes. For example (do not include the line break in your configuration): encryption algorithms="aes-192-gcm aes-256-gcm" keyWrapAlgorithms="rsa_oaep" Specifies that incoming messages are required to be encrypted, and that the only permitted encryption algorithms are AES-192 and 256 in GCM mode, and RSA-OAEP only for key wrapping. Before performing any decryption, the jbossws-native stack will verify that each algorithm specified in the incoming messages is included in the allowed algorithms lists from these new encryption element attributes. The algorithm values to be used for 'algorithms' and 'keyWrapAlgorithms' are the same as for 'algorithm' and 'keyWrapAlgorithm' in the 'encrypt' element. Warning: Before applying this update, back up your existing JBoss Enterprise Web Platform installation (including all applications and configuration files). All users of JBoss Enterprise Web Platform 5.2.0 on Red Hat Enterprise Linux 4, 5, and 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 880443 - CVE-2012-5575 jbossws-native, jbossws-cxf, apache-cxf: XML encryption backwards compatibility attacks 6. Package List: JBoss Enterprise Web Platform 5 for RHEL 4 AS: Source: apache-cxf-2.2.12-12.patch_07.ep5.el4.src.rpm jbossws-3.1.2-14.SP15_patch_02.ep5.el4.src.rpm wss4j-1.5.12-6_patch_03.ep5.el4.src.rpm noarch: apache-cxf-2.2.12-12.patch_07.ep5.el4.noarch.rpm jbossws-3.1.2-14.SP15_patch_02.ep5.el4.noarch.rpm wss4j-1.5.12-6_patch_03.ep5.el4.noarch.rpm JBoss Enterprise Web Platform 5 for RHEL 4 ES: Source: apache-cxf-2.2.12-12.patch_07.ep5.el4.src.rpm jbossws-3.1.2-14.SP15_patch_02.ep5.el4.src.rpm wss4j-1.5.12-6_patch_03.ep5.el4.src.rpm noarch: apache-cxf-2.2.12-12.patch_07.ep5.el4.noarch.rpm jbossws-3.1.2-14.SP15_patch_02.ep5.el4.noarch.rpm wss4j-1.5.12-6_patch_03.ep5.el4.noarch.rpm JBoss Enterprise Web Platform 5 for RHEL 5 Server: Source: apache-cxf-2.2.12-12.patch_07.ep5.el5.src.rpm jbossws-3.1.2-14.SP15_patch_02.ep5.el5.src.rpm wss4j-1.5.12-6_patch_03.ep5.el5.src.rpm noarch: apache-cxf-2.2.12-12.patch_07.ep5.el5.noarch.rpm jbossws-3.1.2-14.SP15_patch_02.ep5.el5.noarch.rpm wss4j-1.5.12-6_patch_03.ep5.el5.noarch.rpm JBoss Enterprise Web Platform 5 for RHEL 6 Server: Source: apache-cxf-2.2.12-12.patch_07.ep5.el6.src.rpm jbossws-3.1.2-14.SP15_patch_02.ep5.el6.src.rpm wss4j-1.5.12-6_patch_03.ep5.el6.src.rpm noarch: apache-cxf-2.2.12-12.patch_07.ep5.el6.noarch.rpm jbossws-3.1.2-14.SP15_patch_02.ep5.el6.noarch.rpm wss4j-1.5.12-6_patch_03.ep5.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5575.html https://access.redhat.com/security/updates/classification/#important http://ws.apache.org/wss4j/best_practice.html http://cxf.apache.org/cve-2012-5575.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRpO8ZXlSAg2UNWIIRAgwmAKCnDesF3xgbi3YsULQs2AFowwWPbgCdEbRQ vj8SAalIeRmBJjJ+bIKzPck= =izsi -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 28 17:54:21 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 28 May 2013 17:54:21 +0000 Subject: [RHSA-2013:0875-01] Important: JBoss Enterprise Application Platform 5.2.0 security update Message-ID: <201305281754.r4SHsLuZ008339@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: JBoss Enterprise Application Platform 5.2.0 security update Advisory ID: RHSA-2013:0875-01 Product: JBoss Enterprise Application Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0875.html Issue date: 2013-05-28 CVE Names: CVE-2012-5575 ===================================================================== 1. Summary: An update for JBoss Enterprise Application Platform 5.2.0 which fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Description: JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. XML encryption backwards compatibility attacks were found against various frameworks, including Apache CXF. An attacker could force a server to use insecure, legacy cryptosystems, even when secure cryptosystems were enabled on endpoints. By forcing the use of legacy cryptosystems, flaws such as CVE-2011-1096 and CVE-2011-2487 would be exposed, allowing plain text to be recovered from cryptograms and symmetric keys. This issue affected both the JBoss Web Services CXF (jbossws-cxf) and JBoss Web Services Native (jbossws-native) stacks. (CVE-2012-5575) Red Hat would like to thank Tibor Jager, Kenneth G. Paterson and Juraj Somorovsky of Ruhr-University Bochum for reporting this issue. If you are using jbossws-cxf, then automatic checks to prevent this flaw are only run when WS-SecurityPolicy is used to enforce security requirements. It is best practice to use WS-SecurityPolicy to enforce security requirements. If you are using jbossws-native, the fix for this flaw is implemented by two new configuration parameters in the 'encryption' element. This element can be a child of 'requires' in both client and server wsse configuration descriptors (set on a per-application basis via the application's jboss-wsse-server.xml and jboss-wsse-client.xml files). The new attributes are 'algorithms' and 'keyWrapAlgorithms'. These attributes should contain a blank space or comma separated list of algorithm IDs that are allowed for the encrypted incoming message, both for encryption and private key wrapping. For backwards compatibility, no algorithm checks are performed by default for empty lists or missing attributes. For example (do not include the line break in your configuration): encryption algorithms="aes-192-gcm aes-256-gcm" keyWrapAlgorithms="rsa_oaep" Specifies that incoming messages are required to be encrypted, and that the only permitted encryption algorithms are AES-192 and 256 in GCM mode, and RSA-OAEP only for key wrapping. Before performing any decryption, the jbossws-native stack will verify that each algorithm specified in the incoming messages is included in the allowed algorithms lists from these new encryption element attributes. The algorithm values to be used for 'algorithms' and 'keyWrapAlgorithms' are the same as for 'algorithm' and 'keyWrapAlgorithm' in the 'encrypt' element. Warning: Before applying this update, back up your existing JBoss Enterprise Application Platform installation (including all applications and configuration files). All users of JBoss Enterprise Application Platform 5.2.0 as provided from the Red Hat Customer Portal are advised to apply this update. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing JBoss Enterprise Application Platform installation (including all applications and configuration files). The JBoss server process must be restarted for this update to take effect. 4. Bugs fixed (http://bugzilla.redhat.com/): 880443 - CVE-2012-5575 jbossws-native, jbossws-cxf, apache-cxf: XML encryption backwards compatibility attacks 5. References: https://www.redhat.com/security/data/cve/CVE-2012-5575.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=5.2.0 http://ws.apache.org/wss4j/best_practice.html http://cxf.apache.org/cve-2012-5575.html 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRpO83XlSAg2UNWIIRAqQyAKC5BUlgpKoCPFXZzLxumHAkTohuJgCfamot dR0mpZ725OWq1o4fUxBTxNk= =R8Rn -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 28 17:54:54 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 28 May 2013 17:54:54 +0000 Subject: [RHSA-2013:0876-01] Important: JBoss Enterprise Web Platform 5.2.0 security update Message-ID: <201305281754.r4SHstVF013543@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: JBoss Enterprise Web Platform 5.2.0 security update Advisory ID: RHSA-2013:0876-01 Product: JBoss Enterprise Web Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0876.html Issue date: 2013-05-28 CVE Names: CVE-2012-5575 ===================================================================== 1. Summary: An update for JBoss Enterprise Web Platform 5.2.0 which fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Description: The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and rich Java applications. XML encryption backwards compatibility attacks were found against various frameworks, including Apache CXF. An attacker could force a server to use insecure, legacy cryptosystems, even when secure cryptosystems were enabled on endpoints. By forcing the use of legacy cryptosystems, flaws such as CVE-2011-1096 and CVE-2011-2487 would be exposed, allowing plain text to be recovered from cryptograms and symmetric keys. This issue affected both the JBoss Web Services CXF (jbossws-cxf) and JBoss Web Services Native (jbossws-native) stacks. (CVE-2012-5575) Red Hat would like to thank Tibor Jager, Kenneth G. Paterson and Juraj Somorovsky of Ruhr-University Bochum for reporting this issue. If you are using jbossws-cxf, then automatic checks to prevent this flaw are only run when WS-SecurityPolicy is used to enforce security requirements. It is best practice to use WS-SecurityPolicy to enforce security requirements. If you are using jbossws-native, the fix for this flaw is implemented by two new configuration parameters in the 'encryption' element. This element can be a child of 'requires' in both client and server wsse configuration descriptors (set on a per-application basis via the application's jboss-wsse-server.xml and jboss-wsse-client.xml files). The new attributes are 'algorithms' and 'keyWrapAlgorithms'. These attributes should contain a blank space or comma separated list of algorithm IDs that are allowed for the encrypted incoming message, both for encryption and private key wrapping. For backwards compatibility, no algorithm checks are performed by default for empty lists or missing attributes. For example (do not include the line break in your configuration): encryption algorithms="aes-192-gcm aes-256-gcm" keyWrapAlgorithms="rsa_oaep" Specifies that incoming messages are required to be encrypted, and that the only permitted encryption algorithms are AES-192 and 256 in GCM mode, and RSA-OAEP only for key wrapping. Before performing any decryption, the jbossws-native stack will verify that each algorithm specified in the incoming messages is included in the allowed algorithms lists from these new encryption element attributes. The algorithm values to be used for 'algorithms' and 'keyWrapAlgorithms' are the same as for 'algorithm' and 'keyWrapAlgorithm' in the 'encrypt' element. Warning: Before applying this update, back up your existing JBoss Enterprise Web Platform installation (including all applications and configuration files). All users of JBoss Enterprise Web Platform 5.2.0 as provided from the Red Hat Customer Portal are advised to apply this update. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing JBoss Enterprise Web Platform installation (including all applications and configuration files). The JBoss server process must be restarted for this update to take effect. 4. Bugs fixed (http://bugzilla.redhat.com/): 880443 - CVE-2012-5575 jbossws-native, jbossws-cxf, apache-cxf: XML encryption backwards compatibility attacks 5. References: https://www.redhat.com/security/data/cve/CVE-2012-5575.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=enterpriseweb.platform&version=5.2.0 http://ws.apache.org/wss4j/best_practice.html http://cxf.apache.org/cve-2012-5575.html 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRpO9XXlSAg2UNWIIRAt2MAJ4wtt9l8TlH0LqXu2vAZU4yznA2LwCfakWs vg46IV83jUcs803mpiJd8SY= =qdKt -----END PGP SIGNATURE-----