From bugzilla at redhat.com Wed Apr 1 15:06:46 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 1 Apr 2015 15:06:46 +0000 Subject: [RHSA-2015:0773-01] Important: Red Hat JBoss Data Grid 6.4.1 update Message-ID: <201504011506.t31F6lop021712@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Data Grid 6.4.1 update Advisory ID: RHSA-2015:0773-01 Product: Red Hat JBoss Data Grid Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0773.html Issue date: 2015-04-01 CVE Names: CVE-2013-4002 CVE-2014-7839 CVE-2014-8122 CVE-2015-0226 CVE-2015-0227 ===================================================================== 1. Summary: Red Hat JBoss Data Grid 6.4.1, which fixes several security issues, multiple bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Description: Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 6.4.1 serves as a replacement for Red Hat JBoss Data Grid 6.4.0. It includes various bug fixes and enhancements, which are detailed in the Red Hat JBoss Data Grid 6.4.1 Release Notes. The Release Notes are available at: https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Data_Grid/ This update also fixes the following security issues: It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption (CVE-2011-2487) threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote attacker to recover the entire plain text form of a symmetric key. (CVE-2015-0226) A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU. (CVE-2013-4002) It was found that the RESTEasy DocumentProvider did not set the external-parameter-entities and external-general-entities features appropriately, thus allowing external entity expansion. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XML eXternal Entity (XXE) attacks. (CVE-2014-7839) It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request. (CVE-2015-0227) It was discovered that under specific conditions the conversation state information stored in a thread-local variable in JBoss Weld was not sanitized correctly when the conversation ended. This could lead to a race condition that could potentially expose sensitive information from a previous conversation to the current conversation. (CVE-2014-8122) Red Hat would like to thank Rune Steinseth of JProfessionals for reporting the CVE-2014-8122 issue. All users of Red Hat JBoss Data Grid 6.4.0 as provided from the Red Hat Customer Portal are advised to upgrade to Red Hat JBoss Data Grid 6.4.1. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying this update, back up your existing JBoss Data Grid installation. 4. Bugs fixed (https://bugzilla.redhat.com/): 1019176 - CVE-2013-4002 Xerces-J2 OpenJDK: XML parsing Denial of Service (JAXP, 8017298) 1165328 - CVE-2014-7839 RESTeasy: External entities expanded by DocumentProvider 1169237 - CVE-2014-8122 JBoss Weld: Limited information disclosure via stale thread state 1191446 - CVE-2015-0226 wss4j: Apache WSS4J is vulnerable to Bleichenbacher's attack (incomplete fix for CVE-2011-2487) 1191451 - CVE-2015-0227 wss4j: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property 5. References: https://access.redhat.com/security/cve/CVE-2013-4002 https://access.redhat.com/security/cve/CVE-2014-7839 https://access.redhat.com/security/cve/CVE-2014-8122 https://access.redhat.com/security/cve/CVE-2015-0226 https://access.redhat.com/security/cve/CVE-2015-0227 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=data.grid&version=6.4.1 https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Data_Grid/ 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVHAlsXlSAg2UNWIIRAqhiAJwJj55K/VynneY7/+iyzyrvrmvKyQCcDYGV VS14yhVJsJJX/acdTA51QXs= =pT5J -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 16 16:40:54 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 16 Apr 2015 16:40:54 +0000 Subject: [RHSA-2015:0846-01] Important: Red Hat JBoss Enterprise Application Platform 6.4.0 update Message-ID: <201504161640.t3GGesoa010798@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 6.4.0 update Advisory ID: RHSA-2015:0846-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0846.html Issue date: 2015-04-16 CVE Names: CVE-2014-3586 CVE-2014-8111 CVE-2015-0226 CVE-2015-0227 CVE-2015-0277 ===================================================================== 1. Summary: Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.0, and fix multiple security issues, several bugs, and add various enhancements, are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 6.4 for RHEL 5 - i386, noarch, x86_64 3. Description: Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption (CVE-2011-2487) threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote attacker to recover the entire plain text form of a symmetric key. (CVE-2015-0226) It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request. (CVE-2015-0227) It was discovered that a JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them. (CVE-2014-8111) A flaw was found in the way PicketLink's Service Provider and Identity Provider handled certain requests. A remote attacker could use this flaw to log to a victim's account via PicketLink. (CVE-2015-0277) It was found that the Command Line Interface, as provided by Red Hat Enterprise Application Platform, created a history file named .jboss-cli-history in the user's home directory with insecure default file permissions. This could allow a malicious local user to gain information otherwise not accessible to them. (CVE-2014-3586) The CVE-2015-0277 issue was discovered by Ondrej Kotek of Red Hat. This release of JBoss Enterprise Application Platform also includes bug fixes and enhancements. Documentation for these changes will be available shortly from the JBoss Enterprise Application Platform 6.4.0 Release Notes, linked to in the References. All users who require JBoss Enterprise Application Platform 6.4.0 on Red Hat Enterprise Linux 5 should install these new packages. The JBoss server process must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Also, back up any customized Red Hat JBoss Enterprise Application Platform 6 configuration files. On update, the configuration files that have been locally modified will not be updated. The updated version of such files will be stored as the rpmnew files. Make sure to locate any such files after the update and merge any changes manually. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1126687 - CVE-2014-3586 JBoss AS CLI: Insecure default permissions on history file 1155445 - RHEL5 RPMs: Upgrade ironjacamar-eap6 to 1.0.31.Final-redhat-1 1158978 - RHEL5 RPMs: Upgrade tomcat-native to 1.1.32.redhat-1 1165220 - RHEL5 RPMs: Upgrade mod_cluster-native to 1.2.11.Final_redhat-2 1165228 - RHEL5 RPMs: Upgrade mod_cluster to 1.2.11.Final-redhat-1 1166455 - RHEL5 RPMs: Upgrade hibernate4-eap6 to 4.2.18.Final-redhat-2 1166745 - RHEL5 RPMs: Upgrade hornetq-native to 2.3.25.Final-redhat-1 1167394 - RHEL5 RPMs: Upgrade snakeyaml to 1.8.0.redhat-3 1167919 - RHEL5 RPMs: Upgrade jcip-annotations-eap6 to 1.0.0.redhat-7 1167926 - RHEL5 RPMs: Upgrade javassist-eap6 to 3.18.1.GA-redhat-1 1179790 - RHEL5 RPMs: Upgrade jboss-aesh to 0.33.14.redhat-1 1179830 - RHEL5 RPMs: Upgrade jboss-jsp-api_2.2_spec to 1.0.2.Final-redhat-1 1179837 - RHEL5 RPMs: Upgrade jboss-vfs2 to 3.2.9.Final-redhat-1 1179844 - RHEL5 RPMs: Upgrade picketlink-federation to 2.5.4.SP4-redhat-1 1179847 - RHEL5 RPMs: Upgrade jbossweb to 7.5.7.Final-redhat-1 1182591 - CVE-2014-8111 Tomcat mod_jk: information leak due to incorrect JkMount/JkUnmount directives processing 1182974 - RHEL5 RPMs: Upgrade atinject-eap6 to 1.0.0.redhat-5 1182980 - RHEL5 RPMs: Upgrade glassfish-jsf12-eap6 to 1.2.15.b01-redhat-12 1182984 - RHEL5 RPMs: Upgrade xml-commons-resolver-eap6 to 1.2.0.redhat-10 1182990 - RHEL5 RPMs: Upgrade sun-ws-metadata-2.0-api to 1.0.0.MR1-redhat-7 1182993 - RHEL5 RPMs: Upgrade jboss-weld-1.1-api to 1.1.0.Final-redhat-6 1182996 - RHEL5 RPMs: Upgrade weld-cdi-1.0-api to 1.0.0.SP4-redhat-5 1182999 - RHEL5 RPMs: Upgrade sun-xsom to 20110809.0.0.redhat-4 1188723 - RHEL5 RPMs: Upgrade hibernate4-search to 4.6.0.Final-redhat-2 1188726 - RHEL5 RPMs: Upgrade cal10n-eap6 to 0.7.7.redhat-1 1188730 - RHEL5 RPMs: Upgrade jdom-eap6 to 1.1.3.redhat-2 1188735 - RHEL5 RPMs: Upgrade hibernate3-commons-annotations to 4.0.2.Final-redhat-1 1188938 - RHEL5 RPMs: Upgrade resteasy to 2.3.10.Final-redhat-1 1188945 - RHEL5 RPMs: Upgrade picketlink-bindings to 2.5.4.SP4-redhat-1 1188952 - RHEL5 RPMs: Upgrade picketbox to 4.1.1.Final-redhat-1 1188958 - RHEL5 RPMs: Upgrade jboss-xnio-base to 3.0.13.GA-redhat-1 1188966 - RHEL5 RPMs: Upgrade jboss-metadata to 7.2.1.Final-redhat-1 1188977 - RHEL5 RPMs: Upgrade jboss-logmanager to 1.5.4.Final-redhat-1 1188984 - RHEL5 RPMs: Upgrade jboss-hal to 2.5.5.Final-redhat-1 1188987 - RHEL5 RPMs: Upgrade jboss-genericjms to 1.0.7.Final-redhat-1 1188990 - RHEL5 RPMs: Upgrade jboss-as-console to 2.5.5.Final-redhat-1 1188993 - RHEL5 RPMs: Upgrade hornetq to 2.3.25.Final-redhat-1 1191446 - CVE-2015-0226 wss4j: Apache WSS4J is vulnerable to Bleichenbacher's attack (incomplete fix for CVE-2011-2487) 1191451 - CVE-2015-0227 wss4j: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property 1194832 - CVE-2015-0277 PicketLink: SP does not take Audience condition of a SAML assertion into account 1195909 - RHEL5 RPMs: Upgrade infinispan to 5.2.11.Final-redhat-2 1195912 - RHEL5 RPMs: Upgrade ecj-eap6 to 4.4.2.redhat-1 1195917 - RHEL5 RPMs: Upgrade httpserver to 1.0.4.Final-redhat-1 1195922 - RHEL5 RPMs: Upgrade jboss-dmr to 1.2.2.Final-redhat-1 1195925 - RHEL5 RPMs: Upgrade jboss-modules to 1.3.6.Final-redhat-1 1195928 - RHEL5 RPMs: Upgrade jboss-remote-naming to 1.0.10.Final-redhat-1 1195931 - RHEL5 RPMs: Upgrade jboss-sasl to 1.0.5.Final-redhat-1 1195934 - RHEL5 RPMs: Upgrade jboss-threads to 2.1.2.Final-redhat-1 1195937 - RHEL5 RPMs: Upgrade jbossts to 4.17.29.Final-redhat-1 1195942 - RHEL5 RPMs: Upgrade jandex-eap6 to 1.2.2.Final-redhat-1 1195951 - RHEL5 RPMs: Upgrade log4j-jboss-logmanager to 1.1.1.Final-redhat-1 1198250 - RHEL5 RPMs: Upgrade jboss-ejb-client to 1.0.30.Final-redhat-1 6. Package List: Red Hat JBoss EAP 6.4 for RHEL 5: Source: apache-commons-cli-eap6-1.2.0-1.redhat_8.1.ep6.el5.src.rpm apache-commons-codec-eap6-1.4.0-4.redhat_4.1.ep6.el5.src.rpm apache-commons-configuration-eap6-1.6.0-1.redhat_4.2.ep6.el5.src.rpm apache-commons-daemon-eap6-1.0.15-8.redhat_1.ep6.el5.src.rpm apache-commons-io-eap6-2.1.0-1.redhat_4.1.ep6.el5.src.rpm apache-commons-lang-eap6-2.6.0-1.redhat_4.1.ep6.el5.src.rpm apache-commons-pool-eap6-1.6.0-1.redhat_7.1.ep6.el5.src.rpm apache-mime4j-0.6.0-1.redhat_4.1.ep6.el5.src.rpm atinject-eap6-1.0.0-1.redhat_5.1.ep6.el5.src.rpm avro-eap6-1.7.5-2.redhat_2.1.ep6.el5.src.rpm cal10n-eap6-0.7.7-1.redhat_1.1.ep6.el5.src.rpm codehaus-jackson-1.9.9-10.redhat_4.1.ep6.el5.src.rpm ecj-eap6-4.4.2-1.redhat_1.1.ep6.el5.src.rpm glassfish-jaf-1.1.1-17.redhat_4.1.ep6.el5.src.rpm glassfish-javamail-1.4.5-2.redhat_2.1.ep6.el5.src.rpm glassfish-jsf-eap6-2.1.28-7.redhat_8.1.ep6.el5.src.rpm glassfish-jsf12-eap6-1.2.15-8.b01_redhat_12.1.ep6.el5.src.rpm hibernate-beanvalidation-api-1.0.0-5.GA_redhat_3.1.ep6.el5.src.rpm hibernate-jpa-2.0-api-1.0.1-6.Final_redhat_3.1.ep6.el5.src.rpm hibernate3-commons-annotations-4.0.2-1.Final_redhat_1.1.ep6.el5.src.rpm hibernate4-eap6-4.2.18-2.Final_redhat_2.1.ep6.el5.src.rpm hibernate4-search-4.6.0-2.Final_redhat_2.1.ep6.el5.src.rpm hibernate4-validator-4.3.2-2.Final_redhat_2.1.ep6.el5.src.rpm hornetq-2.3.25-1.Final_redhat_1.1.ep6.el5.src.rpm hornetq-native-2.3.25-3.Final_redhat_1.ep6.el5.src.rpm httpcomponents-eap6-7.0.0-1.redhat_1.1.ep6.el5.src.rpm httpd-2.2.26-38.ep6.el5.src.rpm httpserver-1.0.4-1.Final_redhat_1.1.ep6.el5.src.rpm infinispan-5.2.11-2.Final_redhat_2.1.ep6.el5.src.rpm ironjacamar-eap6-1.0.31-1.Final_redhat_1.1.ep6.el5.src.rpm jandex-eap6-1.2.2-1.Final_redhat_1.1.ep6.el5.src.rpm jansi-eap6-1.9.0-1.redhat_5.1.ep6.el5.src.rpm javassist-eap6-3.18.1-6.GA_redhat_1.1.ep6.el5.src.rpm jbosgi-deployment-1.3.0-5.Final_redhat_2.1.ep6.el5.src.rpm jbosgi-framework-core-2.1.0-5.Final_redhat_2.1.ep6.el5.src.rpm jbosgi-metadata-2.2.0-4.Final_redhat_2.1.ep6.el5.src.rpm jbosgi-repository-2.1.0-2.Final_redhat_2.1.ep6.el5.src.rpm jbosgi-resolver-3.0.1-2.Final_redhat_2.1.ep6.el5.src.rpm jbosgi-spi-3.2.0-3.Final_redhat_2.1.ep6.el5.src.rpm jbosgi-vfs-1.2.1-5.Final_redhat_4.1.ep6.el5.src.rpm jboss-aesh-0.33.14-1.redhat_1.1.ep6.el5.src.rpm jboss-annotations-api_1.1_spec-1.0.1-5.Final_redhat_3.1.ep6.el5.src.rpm jboss-as-appclient-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-cli-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-client-all-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-clustering-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-cmp-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-configadmin-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-connector-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-console-2.5.5-1.Final_redhat_1.1.ep6.el5.src.rpm jboss-as-controller-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-controller-client-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-core-security-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-deployment-repository-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-deployment-scanner-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-domain-http-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-domain-management-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-ee-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-ee-deployment-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-ejb3-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-embedded-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-host-controller-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-jacorb-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-jaxr-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-jaxrs-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-jdr-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-jmx-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-jpa-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-jsf-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-jsr77-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-logging-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-mail-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-management-client-content-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-messaging-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-modcluster-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-naming-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-network-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-osgi-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-osgi-configadmin-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-osgi-service-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-picketlink-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-platform-mbean-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-pojo-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-process-controller-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-protocol-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-remoting-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-sar-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-security-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-server-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-system-jmx-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-threads-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-transactions-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-version-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-web-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-webservices-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-weld-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-as-xts-7.5.0-8.Final_redhat_21.1.ep6.el5.src.rpm jboss-classfilewriter-1.0.3-3.Final_redhat_2.1.ep6.el5.src.rpm jboss-common-beans-1.1.0-2.Final_redhat_2.1.ep6.el5.src.rpm jboss-common-core-2.2.17-11.GA_redhat_3.1.ep6.el5.src.rpm jboss-connector-api_1.6_spec-1.0.1-5.Final_redhat_3.1.ep6.el5.src.rpm jboss-dmr-1.2.2-1.Final_redhat_1.1.ep6.el5.src.rpm jboss-ejb-api_3.1_spec-1.0.2-11.Final_redhat_3.1.ep6.el5.src.rpm jboss-ejb-client-1.0.30-1.Final_redhat_1.1.ep6.el5.src.rpm jboss-genericjms-1.0.7-1.Final_redhat_1.1.ep6.el5.src.rpm jboss-hal-2.5.5-1.Final_redhat_1.1.ep6.el5.src.rpm jboss-iiop-client-1.0.0-5.Final_redhat_3.1.ep6.el5.src.rpm jboss-interceptors-api_1.1_spec-1.0.1-6.Final_redhat_3.1.ep6.el5.src.rpm jboss-j2eemgmt-api_1.1_spec-1.0.1-6.Final_redhat_3.1.ep6.el5.src.rpm jboss-jad-api_1.2_spec-1.0.1-7.Final_redhat_3.1.ep6.el5.src.rpm jboss-jaspi-api_1.0_spec-1.0.1-7.Final_redhat_3.1.ep6.el5.src.rpm jboss-jaxb-api_2.2_spec-1.0.4-4.Final_redhat_3.1.ep6.el5.src.rpm jboss-jaxr-api_1.0_spec-1.0.2-6.Final_redhat_3.1.ep6.el5.src.rpm jboss-jaxrpc-api_1.1_spec-1.0.1-5.Final_redhat_4.1.ep6.el5.src.rpm jboss-jaxrs-api_1.1_spec-1.0.1-10.Final_redhat_3.1.ep6.el5.src.rpm jboss-jms-api_1.1_spec-1.0.1-13.Final_redhat_3.1.ep6.el5.src.rpm jboss-jsp-api_2.2_spec-1.0.2-1.Final_redhat_1.1.ep6.el5.src.rpm jboss-logging-3.1.4-2.GA_redhat_2.1.ep6.el5.src.rpm jboss-logmanager-1.5.4-1.Final_redhat_1.1.ep6.el5.src.rpm jboss-metadata-7.2.1-1.Final_redhat_1.1.ep6.el5.src.rpm jboss-modules-1.3.6-1.Final_redhat_1.1.ep6.el5.src.rpm jboss-osgi-logging-1.0.0-7.redhat_3.1.ep6.el5.src.rpm jboss-remote-naming-1.0.10-1.Final_redhat_1.1.ep6.el5.src.rpm jboss-rmi-api_1.0_spec-1.0.4-10.Final_redhat_3.1.ep6.el5.src.rpm jboss-sasl-1.0.5-1.Final_redhat_1.1.ep6.el5.src.rpm jboss-seam-int-6.0.0-10.GA_redhat_3.1.ep6.el5.src.rpm jboss-servlet-api_2.5_spec-1.0.1-10.Final_redhat_3.1.ep6.el5.src.rpm jboss-servlet-api_3.0_spec-1.0.2-4.Final_redhat_2.1.ep6.el5.src.rpm jboss-threads-2.1.2-1.Final_redhat_1.1.ep6.el5.src.rpm jboss-transaction-api_1.1_spec-1.0.1-13.Final_redhat_3.1.ep6.el5.src.rpm jboss-vfs2-3.2.9-1.Final_redhat_1.1.ep6.el5.src.rpm jboss-weld-1.1-api-1.1.0-1.Final_redhat_6.1.ep6.el5.src.rpm jboss-xnio-base-3.0.13-1.GA_redhat_1.1.ep6.el5.src.rpm jbossas-appclient-7.5.0-9.Final_redhat_21.1.ep6.el5.src.rpm jbossas-bundles-7.5.0-9.Final_redhat_21.1.ep6.el5.src.rpm jbossas-core-7.5.0-11.Final_redhat_21.1.ep6.el5.src.rpm jbossas-domain-7.5.0-9.Final_redhat_21.1.ep6.el5.src.rpm jbossas-javadocs-7.5.0-23.Final_redhat_21.1.ep6.el5.src.rpm jbossas-modules-eap-7.5.0-14.Final_redhat_21.1.ep6.el5.src.rpm jbossas-product-eap-7.5.0-9.Final_redhat_21.1.ep6.el5.src.rpm jbossas-standalone-7.5.0-9.Final_redhat_21.1.ep6.el5.src.rpm jbossas-welcome-content-eap-7.5.0-9.Final_redhat_21.1.ep6.el5.src.rpm jbossts-4.17.29-1.Final_redhat_1.1.ep6.el5.src.rpm jbossweb-7.5.7-1.Final_redhat_1.1.ep6.el5.src.rpm jbossxb2-2.0.3-15.GA_redhat_3.1.ep6.el5.src.rpm jcip-annotations-eap6-1.0.0-1.redhat_7.1.ep6.el5.src.rpm jdom-eap6-1.1.3-1.redhat_2.1.ep6.el5.src.rpm joda-time-eap6-1.6.2-2.redhat_5.1.ep6.el5.src.rpm jul-to-slf4j-stub-1.0.1-2.Final_redhat_2.1.ep6.el5.src.rpm log4j-jboss-logmanager-1.1.1-1.Final_redhat_1.1.ep6.el5.src.rpm lucene-solr-3.6.2-5.redhat_8.1.ep6.el5.src.rpm mod_cluster-1.2.11-1.Final_redhat_1.1.ep6.el5.src.rpm mod_cluster-native-1.2.11-2.Final_redhat_2.ep6.el5.src.rpm mod_jk-1.2.40-3.redhat_2.ep6.el5.src.rpm mod_rt-2.4.1-6.GA.ep6.el5.src.rpm mod_snmp-2.4.1-13.GA.ep6.el5.src.rpm objectweb-asm-eap6-3.3.1-8.redhat_9.1.ep6.el5.src.rpm org.osgi.core-eap6-4.2.0-14.redhat_8.1.ep6.el5.src.rpm org.osgi.enterprise-eap6-4.2.0-15.redhat_10.1.ep6.el5.src.rpm picketbox-4.1.1-1.Final_redhat_1.1.ep6.el5.src.rpm picketbox-commons-1.0.0-1.final_redhat_3.1.ep6.el5.src.rpm picketlink-bindings-2.5.4-5.SP4_redhat_1.1.ep6.el5.src.rpm picketlink-federation-2.5.4-5.SP4_redhat_1.1.ep6.el5.src.rpm relaxngDatatype-eap6-2011.1.0-1.redhat_9.1.ep6.el5.src.rpm resteasy-2.3.10-1.Final_redhat_1.1.ep6.el5.src.rpm rngom-eap6-201103.0.0-1.redhat_4.1.ep6.el5.src.rpm snakeyaml-eap6-1.8.0-1.redhat_3.1.ep6.el5.src.rpm staxmapper-1.1.0-7.Final_redhat_3.1.ep6.el5.src.rpm sun-codemodel-2.6.0-1.redhat_3.1.ep6.el5.src.rpm sun-txw2-20110809.0.0-1.redhat_5.1.ep6.el5.src.rpm sun-ws-metadata-2.0-api-1.0.0-2.MR1_redhat_7.1.ep6.el5.src.rpm sun-xsom-20110809.0.0-1.redhat_4.1.ep6.el5.src.rpm tomcat-native-1.1.32-3.redhat_1.ep6.el5.src.rpm velocity-eap6-1.7.0-1.redhat_4.1.ep6.el5.src.rpm weld-cdi-1.0-api-1.0.0-1.SP4_redhat_5.1.ep6.el5.src.rpm xml-commons-resolver-eap6-1.2.0-1.redhat_10.2.ep6.el5.src.rpm i386: hornetq-native-2.3.25-3.Final_redhat_1.ep6.el5.i386.rpm hornetq-native-debuginfo-2.3.25-3.Final_redhat_1.ep6.el5.i386.rpm httpd-2.2.26-38.ep6.el5.i386.rpm httpd-debuginfo-2.2.26-38.ep6.el5.i386.rpm httpd-devel-2.2.26-38.ep6.el5.i386.rpm httpd-manual-2.2.26-38.ep6.el5.i386.rpm httpd-tools-2.2.26-38.ep6.el5.i386.rpm jbossas-hornetq-native-2.3.25-3.Final_redhat_1.ep6.el5.i386.rpm jbossas-jbossweb-native-1.1.32-3.redhat_1.ep6.el5.i386.rpm mod_cluster-native-1.2.11-2.Final_redhat_2.ep6.el5.i386.rpm mod_cluster-native-debuginfo-1.2.11-2.Final_redhat_2.ep6.el5.i386.rpm mod_jk-ap22-1.2.40-3.redhat_2.ep6.el5.i386.rpm mod_jk-debuginfo-1.2.40-3.redhat_2.ep6.el5.i386.rpm mod_rt-2.4.1-6.GA.ep6.el5.i386.rpm mod_rt-debuginfo-2.4.1-6.GA.ep6.el5.i386.rpm mod_snmp-2.4.1-13.GA.ep6.el5.i386.rpm mod_snmp-debuginfo-2.4.1-13.GA.ep6.el5.i386.rpm mod_ssl-2.2.26-38.ep6.el5.i386.rpm tomcat-native-1.1.32-3.redhat_1.ep6.el5.i386.rpm tomcat-native-debuginfo-1.1.32-3.redhat_1.ep6.el5.i386.rpm noarch: apache-commons-cli-eap6-1.2.0-1.redhat_8.1.ep6.el5.noarch.rpm apache-commons-codec-eap6-1.4.0-4.redhat_4.1.ep6.el5.noarch.rpm apache-commons-configuration-eap6-1.6.0-1.redhat_4.2.ep6.el5.noarch.rpm apache-commons-daemon-eap6-1.0.15-8.redhat_1.ep6.el5.noarch.rpm apache-commons-io-eap6-2.1.0-1.redhat_4.1.ep6.el5.noarch.rpm apache-commons-lang-eap6-2.6.0-1.redhat_4.1.ep6.el5.noarch.rpm apache-commons-pool-eap6-1.6.0-1.redhat_7.1.ep6.el5.noarch.rpm apache-mime4j-0.6.0-1.redhat_4.1.ep6.el5.noarch.rpm atinject-eap6-1.0.0-1.redhat_5.1.ep6.el5.noarch.rpm avro-eap6-1.7.5-2.redhat_2.1.ep6.el5.noarch.rpm cal10n-eap6-0.7.7-1.redhat_1.1.ep6.el5.noarch.rpm codehaus-jackson-1.9.9-10.redhat_4.1.ep6.el5.noarch.rpm codehaus-jackson-core-asl-1.9.9-10.redhat_4.1.ep6.el5.noarch.rpm codehaus-jackson-jaxrs-1.9.9-10.redhat_4.1.ep6.el5.noarch.rpm codehaus-jackson-mapper-asl-1.9.9-10.redhat_4.1.ep6.el5.noarch.rpm codehaus-jackson-xc-1.9.9-10.redhat_4.1.ep6.el5.noarch.rpm ecj-eap6-4.4.2-1.redhat_1.1.ep6.el5.noarch.rpm glassfish-jaf-1.1.1-17.redhat_4.1.ep6.el5.noarch.rpm glassfish-javamail-1.4.5-2.redhat_2.1.ep6.el5.noarch.rpm glassfish-jsf-eap6-2.1.28-7.redhat_8.1.ep6.el5.noarch.rpm glassfish-jsf12-eap6-1.2.15-8.b01_redhat_12.1.ep6.el5.noarch.rpm hibernate-beanvalidation-api-1.0.0-5.GA_redhat_3.1.ep6.el5.noarch.rpm hibernate-jpa-2.0-api-1.0.1-6.Final_redhat_3.1.ep6.el5.noarch.rpm hibernate3-commons-annotations-4.0.2-1.Final_redhat_1.1.ep6.el5.noarch.rpm hibernate4-core-eap6-4.2.18-2.Final_redhat_2.1.ep6.el5.noarch.rpm hibernate4-eap6-4.2.18-2.Final_redhat_2.1.ep6.el5.noarch.rpm hibernate4-entitymanager-eap6-4.2.18-2.Final_redhat_2.1.ep6.el5.noarch.rpm hibernate4-envers-eap6-4.2.18-2.Final_redhat_2.1.ep6.el5.noarch.rpm hibernate4-infinispan-eap6-4.2.18-2.Final_redhat_2.1.ep6.el5.noarch.rpm hibernate4-search-4.6.0-2.Final_redhat_2.1.ep6.el5.noarch.rpm hibernate4-validator-4.3.2-2.Final_redhat_2.1.ep6.el5.noarch.rpm hornetq-2.3.25-1.Final_redhat_1.1.ep6.el5.noarch.rpm httpclient-eap6-4.3.6-1.redhat_1.1.ep6.el5.noarch.rpm httpcomponents-client-eap6-4.3.6-1.redhat_1.1.ep6.el5.noarch.rpm httpcomponents-core-eap6-4.3.3-1.redhat_1.1.ep6.el5.noarch.rpm httpcomponents-project-eap6-7.0.0-1.redhat_1.1.ep6.el5.noarch.rpm httpcore-eap6-4.3.3-1.redhat_1.1.ep6.el5.noarch.rpm httpmime-eap6-4.3.6-1.redhat_1.1.ep6.el5.noarch.rpm httpserver-1.0.4-1.Final_redhat_1.1.ep6.el5.noarch.rpm infinispan-5.2.11-2.Final_redhat_2.1.ep6.el5.noarch.rpm infinispan-cachestore-jdbc-5.2.11-2.Final_redhat_2.1.ep6.el5.noarch.rpm infinispan-cachestore-remote-5.2.11-2.Final_redhat_2.1.ep6.el5.noarch.rpm infinispan-client-hotrod-5.2.11-2.Final_redhat_2.1.ep6.el5.noarch.rpm infinispan-core-5.2.11-2.Final_redhat_2.1.ep6.el5.noarch.rpm ironjacamar-common-api-eap6-1.0.31-1.Final_redhat_1.1.ep6.el5.noarch.rpm ironjacamar-common-impl-eap6-1.0.31-1.Final_redhat_1.1.ep6.el5.noarch.rpm ironjacamar-common-spi-eap6-1.0.31-1.Final_redhat_1.1.ep6.el5.noarch.rpm ironjacamar-core-api-eap6-1.0.31-1.Final_redhat_1.1.ep6.el5.noarch.rpm ironjacamar-core-impl-eap6-1.0.31-1.Final_redhat_1.1.ep6.el5.noarch.rpm ironjacamar-deployers-common-eap6-1.0.31-1.Final_redhat_1.1.ep6.el5.noarch.rpm ironjacamar-eap6-1.0.31-1.Final_redhat_1.1.ep6.el5.noarch.rpm ironjacamar-jdbc-eap6-1.0.31-1.Final_redhat_1.1.ep6.el5.noarch.rpm ironjacamar-spec-api-eap6-1.0.31-1.Final_redhat_1.1.ep6.el5.noarch.rpm ironjacamar-validator-eap6-1.0.31-1.Final_redhat_1.1.ep6.el5.noarch.rpm jandex-eap6-1.2.2-1.Final_redhat_1.1.ep6.el5.noarch.rpm jansi-eap6-1.9.0-1.redhat_5.1.ep6.el5.noarch.rpm javassist-eap6-3.18.1-6.GA_redhat_1.1.ep6.el5.noarch.rpm jbosgi-deployment-1.3.0-5.Final_redhat_2.1.ep6.el5.noarch.rpm jbosgi-framework-core-2.1.0-5.Final_redhat_2.1.ep6.el5.noarch.rpm jbosgi-metadata-2.2.0-4.Final_redhat_2.1.ep6.el5.noarch.rpm jbosgi-repository-2.1.0-2.Final_redhat_2.1.ep6.el5.noarch.rpm jbosgi-resolver-3.0.1-2.Final_redhat_2.1.ep6.el5.noarch.rpm jbosgi-spi-3.2.0-3.Final_redhat_2.1.ep6.el5.noarch.rpm jbosgi-vfs-1.2.1-5.Final_redhat_4.1.ep6.el5.noarch.rpm jboss-aesh-0.33.14-1.redhat_1.1.ep6.el5.noarch.rpm jboss-annotations-api_1.1_spec-1.0.1-5.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-appclient-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-cli-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-client-all-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-clustering-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-cmp-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-configadmin-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-connector-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-console-2.5.5-1.Final_redhat_1.1.ep6.el5.noarch.rpm jboss-as-controller-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-controller-client-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-core-security-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-deployment-repository-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-deployment-scanner-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-domain-http-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-domain-management-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-ee-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-ee-deployment-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-ejb3-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-embedded-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-host-controller-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-jacorb-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-jaxr-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-jaxrs-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-jdr-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-jmx-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-jpa-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-jsf-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-jsr77-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-logging-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-mail-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-management-client-content-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-messaging-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-modcluster-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-naming-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-network-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-osgi-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-osgi-configadmin-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-osgi-service-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-picketlink-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-platform-mbean-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-pojo-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-process-controller-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-protocol-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-remoting-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-sar-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-security-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-server-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-system-jmx-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-threads-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-transactions-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-version-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-web-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-webservices-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-weld-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-as-xts-7.5.0-8.Final_redhat_21.1.ep6.el5.noarch.rpm jboss-classfilewriter-1.0.3-3.Final_redhat_2.1.ep6.el5.noarch.rpm jboss-common-beans-1.1.0-2.Final_redhat_2.1.ep6.el5.noarch.rpm jboss-common-core-2.2.17-11.GA_redhat_3.1.ep6.el5.noarch.rpm jboss-connector-api_1.6_spec-1.0.1-5.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-dmr-1.2.2-1.Final_redhat_1.1.ep6.el5.noarch.rpm jboss-ejb-api_3.1_spec-1.0.2-11.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-ejb-client-1.0.30-1.Final_redhat_1.1.ep6.el5.noarch.rpm jboss-genericjms-1.0.7-1.Final_redhat_1.1.ep6.el5.noarch.rpm jboss-hal-2.5.5-1.Final_redhat_1.1.ep6.el5.noarch.rpm jboss-iiop-client-1.0.0-5.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-interceptors-api_1.1_spec-1.0.1-6.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-j2eemgmt-api_1.1_spec-1.0.1-6.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-jad-api_1.2_spec-1.0.1-7.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-jaspi-api_1.0_spec-1.0.1-7.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-jaxb-api_2.2_spec-1.0.4-4.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-jaxr-api_1.0_spec-1.0.2-6.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-jaxrpc-api_1.1_spec-1.0.1-5.Final_redhat_4.1.ep6.el5.noarch.rpm jboss-jaxrs-api_1.1_spec-1.0.1-10.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-jms-api_1.1_spec-1.0.1-13.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-jsp-api_2.2_spec-1.0.2-1.Final_redhat_1.1.ep6.el5.noarch.rpm jboss-logging-3.1.4-2.GA_redhat_2.1.ep6.el5.noarch.rpm jboss-logmanager-1.5.4-1.Final_redhat_1.1.ep6.el5.noarch.rpm jboss-metadata-7.2.1-1.Final_redhat_1.1.ep6.el5.noarch.rpm jboss-metadata-appclient-7.2.1-1.Final_redhat_1.1.ep6.el5.noarch.rpm jboss-metadata-common-7.2.1-1.Final_redhat_1.1.ep6.el5.noarch.rpm jboss-metadata-ear-7.2.1-1.Final_redhat_1.1.ep6.el5.noarch.rpm jboss-metadata-ejb-7.2.1-1.Final_redhat_1.1.ep6.el5.noarch.rpm jboss-metadata-web-7.2.1-1.Final_redhat_1.1.ep6.el5.noarch.rpm jboss-modules-1.3.6-1.Final_redhat_1.1.ep6.el5.noarch.rpm jboss-osgi-logging-1.0.0-7.redhat_3.1.ep6.el5.noarch.rpm jboss-remote-naming-1.0.10-1.Final_redhat_1.1.ep6.el5.noarch.rpm jboss-rmi-api_1.0_spec-1.0.4-10.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-sasl-1.0.5-1.Final_redhat_1.1.ep6.el5.noarch.rpm jboss-seam-int-6.0.0-10.GA_redhat_3.1.ep6.el5.noarch.rpm jboss-servlet-api_2.5_spec-1.0.1-10.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-servlet-api_3.0_spec-1.0.2-4.Final_redhat_2.1.ep6.el5.noarch.rpm jboss-threads-2.1.2-1.Final_redhat_1.1.ep6.el5.noarch.rpm jboss-transaction-api_1.1_spec-1.0.1-13.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-vfs2-3.2.9-1.Final_redhat_1.1.ep6.el5.noarch.rpm jboss-weld-1.1-api-1.1.0-1.Final_redhat_6.1.ep6.el5.noarch.rpm jboss-xnio-base-3.0.13-1.GA_redhat_1.1.ep6.el5.noarch.rpm jbossas-appclient-7.5.0-9.Final_redhat_21.1.ep6.el5.noarch.rpm jbossas-bundles-7.5.0-9.Final_redhat_21.1.ep6.el5.noarch.rpm jbossas-core-7.5.0-11.Final_redhat_21.1.ep6.el5.noarch.rpm jbossas-domain-7.5.0-9.Final_redhat_21.1.ep6.el5.noarch.rpm jbossas-javadocs-7.5.0-23.Final_redhat_21.1.ep6.el5.noarch.rpm jbossas-modules-eap-7.5.0-14.Final_redhat_21.1.ep6.el5.noarch.rpm jbossas-product-eap-7.5.0-9.Final_redhat_21.1.ep6.el5.noarch.rpm jbossas-standalone-7.5.0-9.Final_redhat_21.1.ep6.el5.noarch.rpm jbossas-welcome-content-eap-7.5.0-9.Final_redhat_21.1.ep6.el5.noarch.rpm jbossts-4.17.29-1.Final_redhat_1.1.ep6.el5.noarch.rpm jbossweb-7.5.7-1.Final_redhat_1.1.ep6.el5.noarch.rpm jbossxb2-2.0.3-15.GA_redhat_3.1.ep6.el5.noarch.rpm jcip-annotations-eap6-1.0.0-1.redhat_7.1.ep6.el5.noarch.rpm jdom-eap6-1.1.3-1.redhat_2.1.ep6.el5.noarch.rpm joda-time-eap6-1.6.2-2.redhat_5.1.ep6.el5.noarch.rpm jul-to-slf4j-stub-1.0.1-2.Final_redhat_2.1.ep6.el5.noarch.rpm log4j-jboss-logmanager-1.1.1-1.Final_redhat_1.1.ep6.el5.noarch.rpm lucene-solr-3.6.2-5.redhat_8.1.ep6.el5.noarch.rpm mod_cluster-1.2.11-1.Final_redhat_1.1.ep6.el5.noarch.rpm mod_cluster-demo-1.2.11-1.Final_redhat_1.1.ep6.el5.noarch.rpm objectweb-asm-eap6-3.3.1-8.redhat_9.1.ep6.el5.noarch.rpm org.osgi.core-eap6-4.2.0-14.redhat_8.1.ep6.el5.noarch.rpm org.osgi.enterprise-eap6-4.2.0-15.redhat_10.1.ep6.el5.noarch.rpm picketbox-4.1.1-1.Final_redhat_1.1.ep6.el5.noarch.rpm picketbox-commons-1.0.0-1.final_redhat_3.1.ep6.el5.noarch.rpm picketlink-bindings-2.5.4-5.SP4_redhat_1.1.ep6.el5.noarch.rpm picketlink-federation-2.5.4-5.SP4_redhat_1.1.ep6.el5.noarch.rpm relaxngDatatype-eap6-2011.1.0-1.redhat_9.1.ep6.el5.noarch.rpm resteasy-2.3.10-1.Final_redhat_1.1.ep6.el5.noarch.rpm rngom-eap6-201103.0.0-1.redhat_4.1.ep6.el5.noarch.rpm snakeyaml-eap6-1.8.0-1.redhat_3.1.ep6.el5.noarch.rpm staxmapper-1.1.0-7.Final_redhat_3.1.ep6.el5.noarch.rpm sun-codemodel-2.6.0-1.redhat_3.1.ep6.el5.noarch.rpm sun-txw2-20110809.0.0-1.redhat_5.1.ep6.el5.noarch.rpm sun-ws-metadata-2.0-api-1.0.0-2.MR1_redhat_7.1.ep6.el5.noarch.rpm sun-xsom-20110809.0.0-1.redhat_4.1.ep6.el5.noarch.rpm velocity-eap6-1.7.0-1.redhat_4.1.ep6.el5.noarch.rpm weld-cdi-1.0-api-1.0.0-1.SP4_redhat_5.1.ep6.el5.noarch.rpm xml-commons-resolver-eap6-1.2.0-1.redhat_10.2.ep6.el5.noarch.rpm x86_64: hornetq-native-2.3.25-3.Final_redhat_1.ep6.el5.x86_64.rpm hornetq-native-debuginfo-2.3.25-3.Final_redhat_1.ep6.el5.x86_64.rpm httpd-2.2.26-38.ep6.el5.x86_64.rpm httpd-debuginfo-2.2.26-38.ep6.el5.x86_64.rpm httpd-devel-2.2.26-38.ep6.el5.x86_64.rpm httpd-manual-2.2.26-38.ep6.el5.x86_64.rpm httpd-tools-2.2.26-38.ep6.el5.x86_64.rpm jbossas-hornetq-native-2.3.25-3.Final_redhat_1.ep6.el5.x86_64.rpm jbossas-jbossweb-native-1.1.32-3.redhat_1.ep6.el5.x86_64.rpm mod_cluster-native-1.2.11-2.Final_redhat_2.ep6.el5.x86_64.rpm mod_cluster-native-debuginfo-1.2.11-2.Final_redhat_2.ep6.el5.x86_64.rpm mod_jk-ap22-1.2.40-3.redhat_2.ep6.el5.x86_64.rpm mod_jk-debuginfo-1.2.40-3.redhat_2.ep6.el5.x86_64.rpm mod_rt-2.4.1-6.GA.ep6.el5.x86_64.rpm mod_rt-debuginfo-2.4.1-6.GA.ep6.el5.x86_64.rpm mod_snmp-2.4.1-13.GA.ep6.el5.x86_64.rpm mod_snmp-debuginfo-2.4.1-13.GA.ep6.el5.x86_64.rpm mod_ssl-2.2.26-38.ep6.el5.x86_64.rpm tomcat-native-1.1.32-3.redhat_1.ep6.el5.x86_64.rpm tomcat-native-debuginfo-1.1.32-3.redhat_1.ep6.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3586 https://access.redhat.com/security/cve/CVE-2014-8111 https://access.redhat.com/security/cve/CVE-2015-0226 https://access.redhat.com/security/cve/CVE-2015-0227 https://access.redhat.com/security/cve/CVE-2015-0277 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVL+XvXlSAg2UNWIIRAvpIAJ0fLjf+3qEpZezU3V8+70kuTJnXowCgk08b F8K/0DIYiJiot0UIgKf3VYk= =rZi8 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 16 16:43:08 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 16 Apr 2015 16:43:08 +0000 Subject: [RHSA-2015:0847-01] Important: Red Hat JBoss Enterprise Application Platform 6.4.0 update Message-ID: <201504161643.t3GGh809027970@int-mx14.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 6.4.0 update Advisory ID: RHSA-2015:0847-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0847.html Issue date: 2015-04-16 CVE Names: CVE-2014-3586 CVE-2014-8111 CVE-2015-0226 CVE-2015-0227 CVE-2015-0277 ===================================================================== 1. Summary: Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.0, and fix multiple security issues, several bugs, and add various enhancements, are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 6.4 for RHEL 6 - i386, noarch, ppc64, x86_64 3. Description: Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption (CVE-2011-2487) threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote attacker to recover the entire plain text form of a symmetric key. (CVE-2015-0226) It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request. (CVE-2015-0227) It was discovered that a JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them. (CVE-2014-8111) A flaw was found in the way PicketLink's Service Provider and Identity Provider handled certain requests. A remote attacker could use this flaw to log to a victim's account via PicketLink. (CVE-2015-0277) It was found that the Command Line Interface, as provided by Red Hat Enterprise Application Platform, created a history file named .jboss-cli-history in the user's home directory with insecure default file permissions. This could allow a malicious local user to gain information otherwise not accessible to them. (CVE-2014-3586) The CVE-2015-0277 issue was discovered by Ondrej Kotek of Red Hat. This release of JBoss Enterprise Application Platform also includes bug fixes and enhancements. Documentation for these changes will be available shortly from the JBoss Enterprise Application Platform 6.4.0 Release Notes, linked to in the References. All users who require JBoss Enterprise Application Platform 6.4.0 on Red Hat Enterprise Linux 6 should install these new packages. The JBoss server process must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Also, back up any customized Red Hat JBoss Enterprise Application Platform 6 configuration files. On update, the configuration files that have been locally modified will not be updated. The updated version of such files will be stored as the rpmnew files. Make sure to locate any such files after the update and merge any changes manually. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1126687 - CVE-2014-3586 JBoss AS CLI: Insecure default permissions on history file 1155444 - RHEL6 RPMs: Upgrade ironjacamar-eap6 to 1.0.31.Final-redhat-1 1158977 - RHEL6 RPMs: Upgrade tomcat-native to 1.1.32.redhat-1 1165219 - RHEL6 RPMs: Upgrade mod_cluster-native to 1.2.11.Final_redhat-2 1165227 - RHEL6 RPMs: Upgrade mod_cluster to 1.2.11.Final-redhat-1 1166454 - RHEL6 RPMs: Upgrade hibernate4-eap6 to 4.2.18.Final-redhat-2 1166744 - RHEL6 RPMs: Upgrade hornetq-native to 2.3.25.Final-redhat-1 1167393 - RHEL6 RPMs: Upgrade snakeyaml to 1.8.0.redhat-3 1167918 - RHEL6 RPMs: Upgrade jcip-annotations-eap6 to 1.0.0.redhat-7 1167925 - RHEL6 RPMs: Upgrade javassist-eap6 to 3.18.1.GA-redhat-1 1179789 - RHEL6 RPMs: Upgrade jboss-aesh to 0.33.14.redhat-1 1179829 - RHEL6 RPMs: Upgrade jboss-jsp-api_2.2_spec to 1.0.2.Final-redhat-1 1179836 - RHEL6 RPMs: Upgrade jboss-vfs2 to 3.2.9.Final-redhat-1 1179843 - RHEL6 RPMs: Upgrade picketlink-federation to 2.5.4.SP4-redhat-1 1179846 - RHEL6 RPMs: Upgrade jbossweb to 7.5.7.Final-redhat-1 1182591 - CVE-2014-8111 Tomcat mod_jk: information leak due to incorrect JkMount/JkUnmount directives processing 1182973 - RHEL6 RPMs: Upgrade atinject-eap6 to 1.0.0.redhat-5 1182979 - RHEL6 RPMs: Upgrade glassfish-jsf12-eap6 to 1.2.15.b01-redhat-12 1182983 - RHEL6 RPMs: Upgrade xml-commons-resolver-eap6 to 1.2.0.redhat-10 1182989 - RHEL6 RPMs: Upgrade sun-ws-metadata-2.0-api to 1.0.0.MR1-redhat-7 1182992 - RHEL6 RPMs: Upgrade jboss-weld-1.1-api to 1.1.0.Final-redhat-6 1182994 - RHEL6 RPMs: Upgrade weld-cdi-1.0-api to 1.0.0.SP4-redhat-5 1182998 - RHEL6 RPMs: Upgrade sun-xsom to 20110809.0.0.redhat-4 1188722 - RHEL6 RPMs: Upgrade hibernate4-search to 4.6.0.Final-redhat-2 1188725 - RHEL6 RPMs: Upgrade cal10n-eap6 to 0.7.7.redhat-1 1188729 - RHEL6 RPMs: Upgrade jdom-eap6 to 1.1.3.redhat-2 1188734 - RHEL6 RPMs: Upgrade hibernate3-commons-annotations to 4.0.2.Final-redhat-1 1188937 - RHEL6 RPMs: Upgrade resteasy to 2.3.10.Final-redhat-1 1188944 - RHEL6 RPMs: Upgrade picketlink-bindings to 2.5.4.SP4-redhat-1 1188951 - RHEL6 RPMs: Upgrade picketbox to 4.1.1.Final-redhat-1 1188957 - RHEL6 RPMs: Upgrade jboss-xnio-base to 3.0.13.GA-redhat-1 1188965 - RHEL6 RPMs: Upgrade jboss-metadata to 7.2.1.Final-redhat-1 1188976 - RHEL6 RPMs: Upgrade jboss-logmanager to 1.5.4.Final-redhat-1 1188983 - RHEL6 RPMs: Upgrade jboss-hal to 2.5.5.Final-redhat-1 1188986 - RHEL6 RPMs: Upgrade jboss-genericjms to 1.0.7.Final-redhat-1 1188989 - RHEL6 RPMs: Upgrade jboss-as-console to 2.5.5.Final-redhat-1 1188992 - RHEL6 RPMs: Upgrade hornetq to 2.3.25.Final-redhat-1 1191446 - CVE-2015-0226 wss4j: Apache WSS4J is vulnerable to Bleichenbacher's attack (incomplete fix for CVE-2011-2487) 1191451 - CVE-2015-0227 wss4j: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property 1194832 - CVE-2015-0277 PicketLink: SP does not take Audience condition of a SAML assertion into account 1195908 - RHEL6 RPMs: Upgrade infinispan to 5.2.11.Final-redhat-2 1195911 - RHEL6 RPMs: Upgrade ecj-eap6 to 4.4.2.redhat-1 1195916 - RHEL6 RPMs: Upgrade httpserver to 1.0.4.Final-redhat-1 1195921 - RHEL6 RPMs: Upgrade jboss-dmr to 1.2.2.Final-redhat-1 1195924 - RHEL6 RPMs: Upgrade jboss-modules to 1.3.6.Final-redhat-1 1195927 - RHEL6 RPMs: Upgrade jboss-remote-naming to 1.0.10.Final-redhat-1 1195930 - RHEL6 RPMs: Upgrade jboss-sasl to 1.0.5.Final-redhat-1 1195933 - RHEL6 RPMs: Upgrade jboss-threads to 2.1.2.Final-redhat-1 1195936 - RHEL6 RPMs: Upgrade jbossts to 4.17.29.Final-redhat-1 1195941 - RHEL6 RPMs: Upgrade jandex-eap6 to 1.2.2.Final-redhat-1 1195950 - RHEL6 RPMs: Upgrade log4j-jboss-logmanager to 1.1.1.Final-redhat-1 1198249 - RHEL6 RPMs: Upgrade jboss-ejb-client to 1.0.30.Final-redhat-1 6. Package List: Red Hat JBoss EAP 6.4 for RHEL 6: Source: apache-commons-cli-eap6-1.2.0-1.redhat_8.1.ep6.el6.src.rpm apache-commons-codec-eap6-1.4.0-4.redhat_4.1.ep6.el6.src.rpm apache-commons-configuration-eap6-1.6.0-1.redhat_4.2.ep6.el6.src.rpm apache-commons-daemon-eap6-1.0.15-8.redhat_1.ep6.el6.src.rpm apache-commons-io-eap6-2.1.0-1.redhat_4.1.ep6.el6.src.rpm apache-commons-lang-eap6-2.6.0-1.redhat_4.1.ep6.el6.src.rpm apache-commons-pool-eap6-1.6.0-1.redhat_7.1.ep6.el6.src.rpm apache-mime4j-0.6.0-1.redhat_4.1.ep6.el6.src.rpm atinject-eap6-1.0.0-1.redhat_5.1.ep6.el6.src.rpm avro-eap6-1.7.5-2.redhat_2.1.ep6.el6.src.rpm cal10n-eap6-0.7.7-1.redhat_1.1.ep6.el6.src.rpm codehaus-jackson-1.9.9-10.redhat_4.1.ep6.el6.src.rpm ecj-eap6-4.4.2-1.redhat_1.1.ep6.el6.src.rpm glassfish-jaf-1.1.1-17.redhat_4.1.ep6.el6.src.rpm glassfish-javamail-1.4.5-2.redhat_2.1.ep6.el6.src.rpm glassfish-jsf-eap6-2.1.28-7.redhat_8.1.ep6.el6.src.rpm glassfish-jsf12-eap6-1.2.15-8.b01_redhat_12.1.ep6.el6.src.rpm hibernate-beanvalidation-api-1.0.0-5.GA_redhat_3.1.ep6.el6.src.rpm hibernate-jpa-2.0-api-1.0.1-6.Final_redhat_3.1.ep6.el6.src.rpm hibernate3-commons-annotations-4.0.2-1.Final_redhat_1.1.ep6.el6.src.rpm hibernate4-eap6-4.2.18-2.Final_redhat_2.1.ep6.el6.src.rpm hibernate4-search-4.6.0-2.Final_redhat_2.1.ep6.el6.src.rpm hibernate4-validator-4.3.2-2.Final_redhat_2.1.ep6.el6.src.rpm hornetq-2.3.25-1.Final_redhat_1.1.ep6.el6.src.rpm hornetq-native-2.3.25-3.Final_redhat_1.ep6.el6.src.rpm httpcomponents-eap6-7.0.0-1.redhat_1.1.ep6.el6.src.rpm httpd-2.2.26-38.ep6.el6.src.rpm httpserver-1.0.4-1.Final_redhat_1.1.ep6.el6.src.rpm infinispan-5.2.11-2.Final_redhat_2.1.ep6.el6.src.rpm ironjacamar-eap6-1.0.31-1.Final_redhat_1.1.ep6.el6.src.rpm jandex-eap6-1.2.2-1.Final_redhat_1.1.ep6.el6.src.rpm jansi-eap6-1.9.0-1.redhat_5.1.ep6.el6.src.rpm javassist-eap6-3.18.1-6.GA_redhat_1.1.ep6.el6.src.rpm jbosgi-deployment-1.3.0-5.Final_redhat_2.1.ep6.el6.src.rpm jbosgi-framework-core-2.1.0-5.Final_redhat_2.1.ep6.el6.src.rpm jbosgi-metadata-2.2.0-4.Final_redhat_2.1.ep6.el6.src.rpm jbosgi-repository-2.1.0-2.Final_redhat_2.1.ep6.el6.src.rpm jbosgi-resolver-3.0.1-2.Final_redhat_2.1.ep6.el6.src.rpm jbosgi-spi-3.2.0-3.Final_redhat_2.1.ep6.el6.src.rpm jbosgi-vfs-1.2.1-5.Final_redhat_4.1.ep6.el6.src.rpm jboss-aesh-0.33.14-1.redhat_1.1.ep6.el6.src.rpm jboss-annotations-api_1.1_spec-1.0.1-5.Final_redhat_3.1.ep6.el6.src.rpm jboss-as-appclient-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-cli-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-client-all-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-clustering-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-cmp-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-configadmin-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-connector-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-console-2.5.5-1.Final_redhat_1.1.ep6.el6.src.rpm jboss-as-controller-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-controller-client-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-core-security-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-deployment-repository-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-deployment-scanner-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-domain-http-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-domain-management-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-ee-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-ee-deployment-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-ejb3-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-embedded-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-host-controller-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-jacorb-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-jaxr-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-jaxrs-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-jdr-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-jmx-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-jpa-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-jsf-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-jsr77-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-logging-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-mail-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-management-client-content-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-messaging-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-modcluster-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-naming-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-network-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-osgi-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-osgi-configadmin-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-osgi-service-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-picketlink-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-platform-mbean-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-pojo-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-process-controller-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-protocol-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-remoting-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-sar-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-security-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-server-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-system-jmx-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-threads-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-transactions-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-version-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-web-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-webservices-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-weld-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-as-xts-7.5.0-8.Final_redhat_21.1.ep6.el6.src.rpm jboss-classfilewriter-1.0.3-3.Final_redhat_2.1.ep6.el6.src.rpm jboss-common-beans-1.1.0-2.Final_redhat_2.1.ep6.el6.src.rpm jboss-common-core-2.2.17-11.GA_redhat_3.1.ep6.el6.src.rpm jboss-connector-api_1.6_spec-1.0.1-5.Final_redhat_3.1.ep6.el6.src.rpm jboss-dmr-1.2.2-1.Final_redhat_1.1.ep6.el6.src.rpm jboss-ejb-api_3.1_spec-1.0.2-11.Final_redhat_3.1.ep6.el6.src.rpm jboss-ejb-client-1.0.30-1.Final_redhat_1.1.ep6.el6.src.rpm jboss-genericjms-1.0.7-1.Final_redhat_1.1.ep6.el6.src.rpm jboss-hal-2.5.5-1.Final_redhat_1.1.ep6.el6.src.rpm jboss-iiop-client-1.0.0-5.Final_redhat_3.1.ep6.el6.src.rpm jboss-interceptors-api_1.1_spec-1.0.1-6.Final_redhat_3.1.ep6.el6.src.rpm jboss-j2eemgmt-api_1.1_spec-1.0.1-6.Final_redhat_3.1.ep6.el6.src.rpm jboss-jad-api_1.2_spec-1.0.1-7.Final_redhat_3.1.ep6.el6.src.rpm jboss-jaspi-api_1.0_spec-1.0.1-7.Final_redhat_3.1.ep6.el6.src.rpm jboss-jaxb-api_2.2_spec-1.0.4-4.Final_redhat_3.1.ep6.el6.src.rpm jboss-jaxr-api_1.0_spec-1.0.2-6.Final_redhat_3.1.ep6.el6.src.rpm jboss-jaxrpc-api_1.1_spec-1.0.1-5.Final_redhat_4.1.ep6.el6.src.rpm jboss-jaxrs-api_1.1_spec-1.0.1-10.Final_redhat_3.1.ep6.el6.src.rpm jboss-jms-api_1.1_spec-1.0.1-13.Final_redhat_3.1.ep6.el6.src.rpm jboss-jsp-api_2.2_spec-1.0.2-1.Final_redhat_1.1.ep6.el6.src.rpm jboss-logging-3.1.4-2.GA_redhat_2.1.ep6.el6.src.rpm jboss-logmanager-1.5.4-1.Final_redhat_1.1.ep6.el6.src.rpm jboss-metadata-7.2.1-1.Final_redhat_1.1.ep6.el6.src.rpm jboss-modules-1.3.6-1.Final_redhat_1.1.ep6.el6.src.rpm jboss-osgi-logging-1.0.0-7.redhat_3.1.ep6.el6.src.rpm jboss-remote-naming-1.0.10-1.Final_redhat_1.1.ep6.el6.src.rpm jboss-rmi-api_1.0_spec-1.0.4-10.Final_redhat_3.1.ep6.el6.src.rpm jboss-sasl-1.0.5-1.Final_redhat_1.1.ep6.el6.src.rpm jboss-seam-int-6.0.0-10.GA_redhat_3.1.ep6.el6.src.rpm jboss-servlet-api_2.5_spec-1.0.1-10.Final_redhat_3.1.ep6.el6.src.rpm jboss-servlet-api_3.0_spec-1.0.2-4.Final_redhat_2.1.ep6.el6.src.rpm jboss-threads-2.1.2-1.Final_redhat_1.1.ep6.el6.src.rpm jboss-transaction-api_1.1_spec-1.0.1-13.Final_redhat_3.1.ep6.el6.src.rpm jboss-vfs2-3.2.9-1.Final_redhat_1.1.ep6.el6.src.rpm jboss-weld-1.1-api-1.1.0-1.Final_redhat_6.1.ep6.el6.src.rpm jboss-xnio-base-3.0.13-1.GA_redhat_1.1.ep6.el6.src.rpm jbossas-appclient-7.5.0-9.Final_redhat_21.1.ep6.el6.src.rpm jbossas-bundles-7.5.0-9.Final_redhat_21.1.ep6.el6.src.rpm jbossas-core-7.5.0-11.Final_redhat_21.1.ep6.el6.src.rpm jbossas-domain-7.5.0-9.Final_redhat_21.1.ep6.el6.src.rpm jbossas-javadocs-7.5.0-23.Final_redhat_21.1.ep6.el6.src.rpm jbossas-modules-eap-7.5.0-14.Final_redhat_21.1.ep6.el6.src.rpm jbossas-product-eap-7.5.0-9.Final_redhat_21.1.ep6.el6.src.rpm jbossas-standalone-7.5.0-9.Final_redhat_21.1.ep6.el6.src.rpm jbossas-welcome-content-eap-7.5.0-9.Final_redhat_21.1.ep6.el6.src.rpm jbossts-4.17.29-1.Final_redhat_1.1.ep6.el6.src.rpm jbossweb-7.5.7-1.Final_redhat_1.1.ep6.el6.src.rpm jbossxb2-2.0.3-15.GA_redhat_3.1.ep6.el6.src.rpm jcip-annotations-eap6-1.0.0-1.redhat_7.1.ep6.el6.src.rpm jdom-eap6-1.1.3-1.redhat_2.1.ep6.el6.src.rpm joda-time-eap6-1.6.2-2.redhat_5.1.ep6.el6.src.rpm jul-to-slf4j-stub-1.0.1-2.Final_redhat_2.1.ep6.el6.src.rpm log4j-jboss-logmanager-1.1.1-1.Final_redhat_1.1.ep6.el6.src.rpm lucene-solr-3.6.2-5.redhat_8.1.ep6.el6.src.rpm mod_cluster-1.2.11-1.Final_redhat_1.1.ep6.el6.src.rpm mod_cluster-native-1.2.11-2.Final_redhat_2.ep6.el6.src.rpm mod_jk-1.2.40-3.redhat_2.ep6.el6.src.rpm mod_rt-2.4.1-6.GA.ep6.el6.src.rpm mod_snmp-2.4.1-13.GA.ep6.el6.src.rpm objectweb-asm-eap6-3.3.1-8.redhat_9.1.ep6.el6.src.rpm org.osgi.core-eap6-4.2.0-14.redhat_8.1.ep6.el6.src.rpm org.osgi.enterprise-eap6-4.2.0-15.redhat_10.1.ep6.el6.src.rpm picketbox-4.1.1-1.Final_redhat_1.1.ep6.el6.src.rpm picketbox-commons-1.0.0-1.final_redhat_3.1.ep6.el6.src.rpm picketlink-bindings-2.5.4-5.SP4_redhat_1.1.ep6.el6.src.rpm picketlink-federation-2.5.4-5.SP4_redhat_1.1.ep6.el6.src.rpm relaxngDatatype-eap6-2011.1.0-1.redhat_9.1.ep6.el6.src.rpm resteasy-2.3.10-1.Final_redhat_1.1.ep6.el6.src.rpm rngom-eap6-201103.0.0-1.redhat_4.1.ep6.el6.src.rpm snakeyaml-eap6-1.8.0-1.redhat_3.1.ep6.el6.src.rpm staxmapper-1.1.0-7.Final_redhat_3.1.ep6.el6.src.rpm sun-codemodel-2.6.0-1.redhat_3.1.ep6.el6.src.rpm sun-txw2-20110809.0.0-1.redhat_5.1.ep6.el6.src.rpm sun-ws-metadata-2.0-api-1.0.0-2.MR1_redhat_7.1.ep6.el6.src.rpm sun-xsom-20110809.0.0-1.redhat_4.1.ep6.el6.src.rpm tomcat-native-1.1.32-3.redhat_1.ep6.el6.src.rpm velocity-eap6-1.7.0-1.redhat_4.1.ep6.el6.src.rpm weld-cdi-1.0-api-1.0.0-1.SP4_redhat_5.1.ep6.el6.src.rpm xml-commons-resolver-eap6-1.2.0-1.redhat_10.2.ep6.el6.src.rpm i386: hornetq-native-2.3.25-3.Final_redhat_1.ep6.el6.i386.rpm hornetq-native-debuginfo-2.3.25-3.Final_redhat_1.ep6.el6.i386.rpm httpd-2.2.26-38.ep6.el6.i386.rpm httpd-debuginfo-2.2.26-38.ep6.el6.i386.rpm httpd-devel-2.2.26-38.ep6.el6.i386.rpm httpd-manual-2.2.26-38.ep6.el6.i386.rpm httpd-tools-2.2.26-38.ep6.el6.i386.rpm jbossas-hornetq-native-2.3.25-3.Final_redhat_1.ep6.el6.i386.rpm jbossas-jbossweb-native-1.1.32-3.redhat_1.ep6.el6.i386.rpm mod_cluster-native-1.2.11-2.Final_redhat_2.ep6.el6.i386.rpm mod_cluster-native-debuginfo-1.2.11-2.Final_redhat_2.ep6.el6.i386.rpm mod_jk-ap22-1.2.40-3.redhat_2.ep6.el6.i386.rpm mod_jk-debuginfo-1.2.40-3.redhat_2.ep6.el6.i386.rpm mod_rt-2.4.1-6.GA.ep6.el6.i386.rpm mod_rt-debuginfo-2.4.1-6.GA.ep6.el6.i386.rpm mod_snmp-2.4.1-13.GA.ep6.el6.i386.rpm mod_snmp-debuginfo-2.4.1-13.GA.ep6.el6.i386.rpm mod_ssl-2.2.26-38.ep6.el6.i386.rpm tomcat-native-1.1.32-3.redhat_1.ep6.el6.i386.rpm tomcat-native-debuginfo-1.1.32-3.redhat_1.ep6.el6.i386.rpm noarch: apache-commons-cli-eap6-1.2.0-1.redhat_8.1.ep6.el6.noarch.rpm apache-commons-codec-eap6-1.4.0-4.redhat_4.1.ep6.el6.noarch.rpm apache-commons-configuration-eap6-1.6.0-1.redhat_4.2.ep6.el6.noarch.rpm apache-commons-daemon-eap6-1.0.15-8.redhat_1.ep6.el6.noarch.rpm apache-commons-io-eap6-2.1.0-1.redhat_4.1.ep6.el6.noarch.rpm apache-commons-lang-eap6-2.6.0-1.redhat_4.1.ep6.el6.noarch.rpm apache-commons-pool-eap6-1.6.0-1.redhat_7.1.ep6.el6.noarch.rpm apache-mime4j-0.6.0-1.redhat_4.1.ep6.el6.noarch.rpm atinject-eap6-1.0.0-1.redhat_5.1.ep6.el6.noarch.rpm avro-eap6-1.7.5-2.redhat_2.1.ep6.el6.noarch.rpm cal10n-eap6-0.7.7-1.redhat_1.1.ep6.el6.noarch.rpm codehaus-jackson-1.9.9-10.redhat_4.1.ep6.el6.noarch.rpm codehaus-jackson-core-asl-1.9.9-10.redhat_4.1.ep6.el6.noarch.rpm codehaus-jackson-jaxrs-1.9.9-10.redhat_4.1.ep6.el6.noarch.rpm codehaus-jackson-mapper-asl-1.9.9-10.redhat_4.1.ep6.el6.noarch.rpm codehaus-jackson-xc-1.9.9-10.redhat_4.1.ep6.el6.noarch.rpm ecj-eap6-4.4.2-1.redhat_1.1.ep6.el6.noarch.rpm glassfish-jaf-1.1.1-17.redhat_4.1.ep6.el6.noarch.rpm glassfish-javamail-1.4.5-2.redhat_2.1.ep6.el6.noarch.rpm glassfish-jsf-eap6-2.1.28-7.redhat_8.1.ep6.el6.noarch.rpm glassfish-jsf12-eap6-1.2.15-8.b01_redhat_12.1.ep6.el6.noarch.rpm hibernate-beanvalidation-api-1.0.0-5.GA_redhat_3.1.ep6.el6.noarch.rpm hibernate-jpa-2.0-api-1.0.1-6.Final_redhat_3.1.ep6.el6.noarch.rpm hibernate3-commons-annotations-4.0.2-1.Final_redhat_1.1.ep6.el6.noarch.rpm hibernate4-core-eap6-4.2.18-2.Final_redhat_2.1.ep6.el6.noarch.rpm hibernate4-eap6-4.2.18-2.Final_redhat_2.1.ep6.el6.noarch.rpm hibernate4-entitymanager-eap6-4.2.18-2.Final_redhat_2.1.ep6.el6.noarch.rpm hibernate4-envers-eap6-4.2.18-2.Final_redhat_2.1.ep6.el6.noarch.rpm hibernate4-infinispan-eap6-4.2.18-2.Final_redhat_2.1.ep6.el6.noarch.rpm hibernate4-search-4.6.0-2.Final_redhat_2.1.ep6.el6.noarch.rpm hibernate4-validator-4.3.2-2.Final_redhat_2.1.ep6.el6.noarch.rpm hornetq-2.3.25-1.Final_redhat_1.1.ep6.el6.noarch.rpm httpclient-eap6-4.3.6-1.redhat_1.1.ep6.el6.noarch.rpm httpcomponents-client-eap6-4.3.6-1.redhat_1.1.ep6.el6.noarch.rpm httpcomponents-core-eap6-4.3.3-1.redhat_1.1.ep6.el6.noarch.rpm httpcomponents-project-eap6-7.0.0-1.redhat_1.1.ep6.el6.noarch.rpm httpcore-eap6-4.3.3-1.redhat_1.1.ep6.el6.noarch.rpm httpmime-eap6-4.3.6-1.redhat_1.1.ep6.el6.noarch.rpm httpserver-1.0.4-1.Final_redhat_1.1.ep6.el6.noarch.rpm infinispan-5.2.11-2.Final_redhat_2.1.ep6.el6.noarch.rpm infinispan-cachestore-jdbc-5.2.11-2.Final_redhat_2.1.ep6.el6.noarch.rpm infinispan-cachestore-remote-5.2.11-2.Final_redhat_2.1.ep6.el6.noarch.rpm infinispan-client-hotrod-5.2.11-2.Final_redhat_2.1.ep6.el6.noarch.rpm infinispan-core-5.2.11-2.Final_redhat_2.1.ep6.el6.noarch.rpm ironjacamar-common-api-eap6-1.0.31-1.Final_redhat_1.1.ep6.el6.noarch.rpm ironjacamar-common-impl-eap6-1.0.31-1.Final_redhat_1.1.ep6.el6.noarch.rpm ironjacamar-common-spi-eap6-1.0.31-1.Final_redhat_1.1.ep6.el6.noarch.rpm ironjacamar-core-api-eap6-1.0.31-1.Final_redhat_1.1.ep6.el6.noarch.rpm ironjacamar-core-impl-eap6-1.0.31-1.Final_redhat_1.1.ep6.el6.noarch.rpm ironjacamar-deployers-common-eap6-1.0.31-1.Final_redhat_1.1.ep6.el6.noarch.rpm ironjacamar-eap6-1.0.31-1.Final_redhat_1.1.ep6.el6.noarch.rpm ironjacamar-jdbc-eap6-1.0.31-1.Final_redhat_1.1.ep6.el6.noarch.rpm ironjacamar-spec-api-eap6-1.0.31-1.Final_redhat_1.1.ep6.el6.noarch.rpm ironjacamar-validator-eap6-1.0.31-1.Final_redhat_1.1.ep6.el6.noarch.rpm jandex-eap6-1.2.2-1.Final_redhat_1.1.ep6.el6.noarch.rpm jansi-eap6-1.9.0-1.redhat_5.1.ep6.el6.noarch.rpm javassist-eap6-3.18.1-6.GA_redhat_1.1.ep6.el6.noarch.rpm jbosgi-deployment-1.3.0-5.Final_redhat_2.1.ep6.el6.noarch.rpm jbosgi-framework-core-2.1.0-5.Final_redhat_2.1.ep6.el6.noarch.rpm jbosgi-metadata-2.2.0-4.Final_redhat_2.1.ep6.el6.noarch.rpm jbosgi-repository-2.1.0-2.Final_redhat_2.1.ep6.el6.noarch.rpm jbosgi-resolver-3.0.1-2.Final_redhat_2.1.ep6.el6.noarch.rpm jbosgi-spi-3.2.0-3.Final_redhat_2.1.ep6.el6.noarch.rpm jbosgi-vfs-1.2.1-5.Final_redhat_4.1.ep6.el6.noarch.rpm jboss-aesh-0.33.14-1.redhat_1.1.ep6.el6.noarch.rpm jboss-annotations-api_1.1_spec-1.0.1-5.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-appclient-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-cli-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-client-all-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-clustering-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-cmp-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-configadmin-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-connector-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-console-2.5.5-1.Final_redhat_1.1.ep6.el6.noarch.rpm jboss-as-controller-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-controller-client-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-core-security-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-deployment-repository-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-deployment-scanner-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-domain-http-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-domain-management-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-ee-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-ee-deployment-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-ejb3-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-embedded-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-host-controller-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-jacorb-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-jaxr-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-jaxrs-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-jdr-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-jmx-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-jpa-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-jsf-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-jsr77-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-logging-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-mail-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-management-client-content-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-messaging-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-modcluster-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-naming-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-network-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-osgi-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-osgi-configadmin-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-osgi-service-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-picketlink-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-platform-mbean-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-pojo-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-process-controller-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-protocol-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-remoting-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-sar-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-security-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-server-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-system-jmx-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-threads-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-transactions-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-version-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-web-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-webservices-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-weld-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-as-xts-7.5.0-8.Final_redhat_21.1.ep6.el6.noarch.rpm jboss-classfilewriter-1.0.3-3.Final_redhat_2.1.ep6.el6.noarch.rpm jboss-common-beans-1.1.0-2.Final_redhat_2.1.ep6.el6.noarch.rpm jboss-common-core-2.2.17-11.GA_redhat_3.1.ep6.el6.noarch.rpm jboss-connector-api_1.6_spec-1.0.1-5.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-dmr-1.2.2-1.Final_redhat_1.1.ep6.el6.noarch.rpm jboss-ejb-api_3.1_spec-1.0.2-11.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-ejb-client-1.0.30-1.Final_redhat_1.1.ep6.el6.noarch.rpm jboss-genericjms-1.0.7-1.Final_redhat_1.1.ep6.el6.noarch.rpm jboss-hal-2.5.5-1.Final_redhat_1.1.ep6.el6.noarch.rpm jboss-iiop-client-1.0.0-5.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-interceptors-api_1.1_spec-1.0.1-6.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-j2eemgmt-api_1.1_spec-1.0.1-6.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-jad-api_1.2_spec-1.0.1-7.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-jaspi-api_1.0_spec-1.0.1-7.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-jaxb-api_2.2_spec-1.0.4-4.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-jaxr-api_1.0_spec-1.0.2-6.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-jaxrpc-api_1.1_spec-1.0.1-5.Final_redhat_4.1.ep6.el6.noarch.rpm jboss-jaxrs-api_1.1_spec-1.0.1-10.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-jms-api_1.1_spec-1.0.1-13.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-jsp-api_2.2_spec-1.0.2-1.Final_redhat_1.1.ep6.el6.noarch.rpm jboss-logging-3.1.4-2.GA_redhat_2.1.ep6.el6.noarch.rpm jboss-logmanager-1.5.4-1.Final_redhat_1.1.ep6.el6.noarch.rpm jboss-metadata-7.2.1-1.Final_redhat_1.1.ep6.el6.noarch.rpm jboss-metadata-appclient-7.2.1-1.Final_redhat_1.1.ep6.el6.noarch.rpm jboss-metadata-common-7.2.1-1.Final_redhat_1.1.ep6.el6.noarch.rpm jboss-metadata-ear-7.2.1-1.Final_redhat_1.1.ep6.el6.noarch.rpm jboss-metadata-ejb-7.2.1-1.Final_redhat_1.1.ep6.el6.noarch.rpm jboss-metadata-web-7.2.1-1.Final_redhat_1.1.ep6.el6.noarch.rpm jboss-modules-1.3.6-1.Final_redhat_1.1.ep6.el6.noarch.rpm jboss-osgi-logging-1.0.0-7.redhat_3.1.ep6.el6.noarch.rpm jboss-remote-naming-1.0.10-1.Final_redhat_1.1.ep6.el6.noarch.rpm jboss-rmi-api_1.0_spec-1.0.4-10.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-sasl-1.0.5-1.Final_redhat_1.1.ep6.el6.noarch.rpm jboss-seam-int-6.0.0-10.GA_redhat_3.1.ep6.el6.noarch.rpm jboss-servlet-api_2.5_spec-1.0.1-10.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-servlet-api_3.0_spec-1.0.2-4.Final_redhat_2.1.ep6.el6.noarch.rpm jboss-threads-2.1.2-1.Final_redhat_1.1.ep6.el6.noarch.rpm jboss-transaction-api_1.1_spec-1.0.1-13.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-vfs2-3.2.9-1.Final_redhat_1.1.ep6.el6.noarch.rpm jboss-weld-1.1-api-1.1.0-1.Final_redhat_6.1.ep6.el6.noarch.rpm jboss-xnio-base-3.0.13-1.GA_redhat_1.1.ep6.el6.noarch.rpm jbossas-appclient-7.5.0-9.Final_redhat_21.1.ep6.el6.noarch.rpm jbossas-bundles-7.5.0-9.Final_redhat_21.1.ep6.el6.noarch.rpm jbossas-core-7.5.0-11.Final_redhat_21.1.ep6.el6.noarch.rpm jbossas-domain-7.5.0-9.Final_redhat_21.1.ep6.el6.noarch.rpm jbossas-javadocs-7.5.0-23.Final_redhat_21.1.ep6.el6.noarch.rpm jbossas-modules-eap-7.5.0-14.Final_redhat_21.1.ep6.el6.noarch.rpm jbossas-product-eap-7.5.0-9.Final_redhat_21.1.ep6.el6.noarch.rpm jbossas-standalone-7.5.0-9.Final_redhat_21.1.ep6.el6.noarch.rpm jbossas-welcome-content-eap-7.5.0-9.Final_redhat_21.1.ep6.el6.noarch.rpm jbossts-4.17.29-1.Final_redhat_1.1.ep6.el6.noarch.rpm jbossweb-7.5.7-1.Final_redhat_1.1.ep6.el6.noarch.rpm jbossxb2-2.0.3-15.GA_redhat_3.1.ep6.el6.noarch.rpm jcip-annotations-eap6-1.0.0-1.redhat_7.1.ep6.el6.noarch.rpm jdom-eap6-1.1.3-1.redhat_2.1.ep6.el6.noarch.rpm joda-time-eap6-1.6.2-2.redhat_5.1.ep6.el6.noarch.rpm jul-to-slf4j-stub-1.0.1-2.Final_redhat_2.1.ep6.el6.noarch.rpm log4j-jboss-logmanager-1.1.1-1.Final_redhat_1.1.ep6.el6.noarch.rpm lucene-solr-3.6.2-5.redhat_8.1.ep6.el6.noarch.rpm mod_cluster-1.2.11-1.Final_redhat_1.1.ep6.el6.noarch.rpm mod_cluster-demo-1.2.11-1.Final_redhat_1.1.ep6.el6.noarch.rpm objectweb-asm-eap6-3.3.1-8.redhat_9.1.ep6.el6.noarch.rpm org.osgi.core-eap6-4.2.0-14.redhat_8.1.ep6.el6.noarch.rpm org.osgi.enterprise-eap6-4.2.0-15.redhat_10.1.ep6.el6.noarch.rpm picketbox-4.1.1-1.Final_redhat_1.1.ep6.el6.noarch.rpm picketbox-commons-1.0.0-1.final_redhat_3.1.ep6.el6.noarch.rpm picketlink-bindings-2.5.4-5.SP4_redhat_1.1.ep6.el6.noarch.rpm picketlink-federation-2.5.4-5.SP4_redhat_1.1.ep6.el6.noarch.rpm relaxngDatatype-eap6-2011.1.0-1.redhat_9.1.ep6.el6.noarch.rpm resteasy-2.3.10-1.Final_redhat_1.1.ep6.el6.noarch.rpm rngom-eap6-201103.0.0-1.redhat_4.1.ep6.el6.noarch.rpm snakeyaml-eap6-1.8.0-1.redhat_3.1.ep6.el6.noarch.rpm staxmapper-1.1.0-7.Final_redhat_3.1.ep6.el6.noarch.rpm sun-codemodel-2.6.0-1.redhat_3.1.ep6.el6.noarch.rpm sun-txw2-20110809.0.0-1.redhat_5.1.ep6.el6.noarch.rpm sun-ws-metadata-2.0-api-1.0.0-2.MR1_redhat_7.1.ep6.el6.noarch.rpm sun-xsom-20110809.0.0-1.redhat_4.1.ep6.el6.noarch.rpm velocity-eap6-1.7.0-1.redhat_4.1.ep6.el6.noarch.rpm weld-cdi-1.0-api-1.0.0-1.SP4_redhat_5.1.ep6.el6.noarch.rpm xml-commons-resolver-eap6-1.2.0-1.redhat_10.2.ep6.el6.noarch.rpm ppc64: hornetq-native-2.3.25-3.Final_redhat_1.ep6.el6.ppc64.rpm hornetq-native-debuginfo-2.3.25-3.Final_redhat_1.ep6.el6.ppc64.rpm httpd-2.2.26-38.ep6.el6.ppc64.rpm httpd-debuginfo-2.2.26-38.ep6.el6.ppc64.rpm httpd-devel-2.2.26-38.ep6.el6.ppc64.rpm httpd-manual-2.2.26-38.ep6.el6.ppc64.rpm httpd-tools-2.2.26-38.ep6.el6.ppc64.rpm jbossas-hornetq-native-2.3.25-3.Final_redhat_1.ep6.el6.ppc64.rpm jbossas-jbossweb-native-1.1.32-3.redhat_1.ep6.el6.ppc64.rpm mod_cluster-native-1.2.11-2.Final_redhat_2.ep6.el6.ppc64.rpm mod_cluster-native-debuginfo-1.2.11-2.Final_redhat_2.ep6.el6.ppc64.rpm mod_jk-ap22-1.2.40-3.redhat_2.ep6.el6.ppc64.rpm mod_jk-debuginfo-1.2.40-3.redhat_2.ep6.el6.ppc64.rpm mod_rt-2.4.1-6.GA.ep6.el6.ppc64.rpm mod_rt-debuginfo-2.4.1-6.GA.ep6.el6.ppc64.rpm mod_snmp-2.4.1-13.GA.ep6.el6.ppc64.rpm mod_snmp-debuginfo-2.4.1-13.GA.ep6.el6.ppc64.rpm mod_ssl-2.2.26-38.ep6.el6.ppc64.rpm tomcat-native-1.1.32-3.redhat_1.ep6.el6.ppc64.rpm tomcat-native-debuginfo-1.1.32-3.redhat_1.ep6.el6.ppc64.rpm x86_64: hornetq-native-2.3.25-3.Final_redhat_1.ep6.el6.x86_64.rpm hornetq-native-debuginfo-2.3.25-3.Final_redhat_1.ep6.el6.x86_64.rpm httpd-2.2.26-38.ep6.el6.x86_64.rpm httpd-debuginfo-2.2.26-38.ep6.el6.x86_64.rpm httpd-devel-2.2.26-38.ep6.el6.x86_64.rpm httpd-manual-2.2.26-38.ep6.el6.x86_64.rpm httpd-tools-2.2.26-38.ep6.el6.x86_64.rpm jbossas-hornetq-native-2.3.25-3.Final_redhat_1.ep6.el6.x86_64.rpm jbossas-jbossweb-native-1.1.32-3.redhat_1.ep6.el6.x86_64.rpm mod_cluster-native-1.2.11-2.Final_redhat_2.ep6.el6.x86_64.rpm mod_cluster-native-debuginfo-1.2.11-2.Final_redhat_2.ep6.el6.x86_64.rpm mod_jk-ap22-1.2.40-3.redhat_2.ep6.el6.x86_64.rpm mod_jk-debuginfo-1.2.40-3.redhat_2.ep6.el6.x86_64.rpm mod_rt-2.4.1-6.GA.ep6.el6.x86_64.rpm mod_rt-debuginfo-2.4.1-6.GA.ep6.el6.x86_64.rpm mod_snmp-2.4.1-13.GA.ep6.el6.x86_64.rpm mod_snmp-debuginfo-2.4.1-13.GA.ep6.el6.x86_64.rpm mod_ssl-2.2.26-38.ep6.el6.x86_64.rpm tomcat-native-1.1.32-3.redhat_1.ep6.el6.x86_64.rpm tomcat-native-debuginfo-1.1.32-3.redhat_1.ep6.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3586 https://access.redhat.com/security/cve/CVE-2014-8111 https://access.redhat.com/security/cve/CVE-2015-0226 https://access.redhat.com/security/cve/CVE-2015-0227 https://access.redhat.com/security/cve/CVE-2015-0277 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVL+ZdXlSAg2UNWIIRAsaYAJ9pVKCUeZ9Fm5J40KJIk69PgBFY6gCgi89t fwulFXOV5H3jFPTXY6VSJco= =GAZF -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 16 16:45:02 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 16 Apr 2015 16:45:02 +0000 Subject: [RHSA-2015:0848-01] Important: Red Hat JBoss Enterprise Application Platform 6.4.0 update Message-ID: <201504161645.t3GGj24u006426@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 6.4.0 update Advisory ID: RHSA-2015:0848-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0848.html Issue date: 2015-04-16 CVE Names: CVE-2014-3586 CVE-2014-8111 CVE-2015-0226 CVE-2015-0227 CVE-2015-0277 ===================================================================== 1. Summary: Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.0, and fix multiple security issues, several bugs, and add various enhancements, are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 6.4 for RHEL 7 - noarch, ppc64, x86_64 3. Description: Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption (CVE-2011-2487) threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote attacker to recover the entire plain text form of a symmetric key. (CVE-2015-0226) A flaw was found in the way PicketLink's Service Provider and Identity Provider handled certain requests. A remote attacker could use this flaw to log to a victim's account via PicketLink. (CVE-2015-0277) It was discovered that a JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them. (CVE-2014-8111) It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request. (CVE-2015-0227) It was found that the Command Line Interface, as provided by Red Hat Enterprise Application Platform, created a history file named .jboss-cli-history in the user's home directory with insecure default file permissions. This could allow a malicious local user to gain information otherwise not accessible to them. (CVE-2014-3586) The CVE-2015-0277 issue was discovered by Ondrej Kotek of Red Hat. This release of JBoss Enterprise Application Platform also includes bug fixes and enhancements. Documentation for these changes will be available shortly from the JBoss Enterprise Application Platform 6.4.0 Release Notes, linked to in the References. All users who require JBoss Enterprise Application Platform 6.4.0 on Red Hat Enterprise Linux 7 should install these new packages. The JBoss server process must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Also, back up any customized Red Hat JBoss Enterprise Application Platform 6 configuration files. On update, the configuration files that have been locally modified will not be updated. The updated version of such files will be stored as the rpmnew files. Make sure to locate any such files after the update and merge any changes manually. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1126687 - CVE-2014-3586 JBoss AS CLI: Insecure default permissions on history file 1155446 - RHEL7 RPMs: Upgrade ironjacamar-eap6 to 1.0.31.Final-redhat-1 1158979 - RHEL7 RPMs: Upgrade tomcat-native to 1.1.32.redhat-1 1165221 - RHEL7 RPMs: Upgrade mod_cluster-native to 1.2.11.Final_redhat-2 1165229 - RHEL7 RPMs: Upgrade mod_cluster to 1.2.11.Final-redhat-1 1166456 - RHEL7 RPMs: Upgrade hibernate4-eap6 to 4.2.18.Final-redhat-2 1166746 - RHEL7 RPMs: Upgrade hornetq-native to 2.3.25.Final-redhat-1 1167398 - RHEL7 RPMs: Upgrade snakeyaml to 1.8.0.redhat-3 1167920 - RHEL7 RPMs: Upgrade jcip-annotations-eap6 to 1.0.0.redhat-7 1167927 - RHEL7 RPMs: Upgrade javassist-eap6 to 3.18.1.GA-redhat-1 1179791 - RHEL7 RPMs: Upgrade jboss-aesh to 0.33.14.redhat-1 1179831 - RHEL7 RPMs: Upgrade jboss-jsp-api_2.2_spec to 1.0.2.Final-redhat-1 1179838 - RHEL7 RPMs: Upgrade jboss-vfs2 to 3.2.9.Final-redhat-1 1179845 - RHEL7 RPMs: Upgrade picketlink-federation to 2.5.4.SP4-redhat-1 1179848 - RHEL7 RPMs: Upgrade jbossweb to 7.5.7.Final-redhat-1 1182591 - CVE-2014-8111 Tomcat mod_jk: information leak due to incorrect JkMount/JkUnmount directives processing 1182975 - RHEL7 RPMs: Upgrade atinject-eap6 to 1.0.0.redhat-5 1182981 - RHEL7 RPMs: Upgrade glassfish-jsf12-eap6 to 1.2.15.b01-redhat-12 1182985 - RHEL7 RPMs: Upgrade xml-commons-resolver-eap6 to 1.2.0.redhat-10 1182991 - RHEL7 RPMs: Upgrade sun-ws-metadata-2.0-api to 1.0.0.MR1-redhat-7 1182995 - RHEL7 RPMs: Upgrade jboss-weld-1.1-api to 1.1.0.Final-redhat-6 1182997 - RHEL7 RPMs: Upgrade weld-cdi-1.0-api to 1.0.0.SP4-redhat-5 1183000 - RHEL7 RPMs: Upgrade sun-xsom to 20110809.0.0.redhat-4 1188724 - RHEL7 RPMs: Upgrade hibernate4-search to 4.6.0.Final-redhat-2 1188727 - RHEL7 RPMs: Upgrade eap6-cal10n to 0.7.7.redhat-1 1188731 - RHEL7 RPMs: Upgrade jdom-eap6 to 1.1.3.redhat-2 1188736 - RHEL7 RPMs: Upgrade hibernate3-commons-annotations to 4.0.2.Final-redhat-1 1188939 - RHEL7 RPMs: Upgrade resteasy to 2.3.10.Final-redhat-1 1188946 - RHEL7 RPMs: Upgrade picketlink-bindings to 2.5.4.SP4-redhat-1 1188953 - RHEL7 RPMs: Upgrade picketbox to 4.1.1.Final-redhat-1 1188959 - RHEL7 RPMs: Upgrade jboss-xnio-base to 3.0.13.GA-redhat-1 1188967 - RHEL7 RPMs: Upgrade jboss-metadata to 7.2.1.Final-redhat-1 1188978 - RHEL7 RPMs: Upgrade jboss-logmanager to 1.5.4.Final-redhat-1 1188985 - RHEL7 RPMs: Upgrade jboss-hal to 2.5.5.Final-redhat-1 1188988 - RHEL7 RPMs: Upgrade jboss-genericjms to 1.0.7.Final-redhat-1 1188991 - RHEL7 RPMs: Upgrade jboss-as-console to 2.5.5.Final-redhat-1 1188994 - RHEL7 RPMs: Upgrade hornetq to 2.3.25.Final-redhat-1 1191446 - CVE-2015-0226 wss4j: Apache WSS4J is vulnerable to Bleichenbacher's attack (incomplete fix for CVE-2011-2487) 1191451 - CVE-2015-0227 wss4j: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property 1194832 - CVE-2015-0277 PicketLink: SP does not take Audience condition of a SAML assertion into account 1195910 - RHEL7 RPMs: Upgrade infinispan to 5.2.11.Final-redhat-2 1195914 - RHEL7 RPMs: Upgrade ecj-eap6 to 4.4.2.redhat-1 1195918 - RHEL7 RPMs: Upgrade httpserver to 1.0.4.Final-redhat-1 1195923 - RHEL7 RPMs: Upgrade jboss-dmr to 1.2.2.Final-redhat-1 1195926 - RHEL7 RPMs: Upgrade jboss-modules to 1.3.6.Final-redhat-1 1195929 - RHEL7 RPMs: Upgrade jboss-remote-naming to 1.0.10.Final-redhat-1 1195932 - RHEL7 RPMs: Upgrade jboss-sasl to 1.0.5.Final-redhat-1 1195935 - RHEL7 RPMs: Upgrade jboss-threads to 2.1.2.Final-redhat-1 1195938 - RHEL7 RPMs: Upgrade jbossts to 4.17.29.Final-redhat-1 1195943 - RHEL7 RPMs: Upgrade eap6-jandex to 1.2.2.Final-redhat-1 1195952 - RHEL7 RPMs: Upgrade log4j-jboss-logmanager to 1.1.1.Final-redhat-1 1198251 - RHEL7 RPMs: Upgrade jboss-ejb-client to 1.0.30.Final-redhat-1 6. Package List: Red Hat JBoss EAP 6.4 for RHEL 7: Source: apache-commons-daemon-eap6-1.0.15-8.redhat_1.ep6.el7.src.rpm apache-commons-io-eap6-2.1.0-1.redhat_4.1.ep6.el7.src.rpm apache-commons-lang-eap6-2.6.0-1.redhat_4.1.ep6.el7.src.rpm apache-commons-pool-eap6-1.6.0-1.redhat_7.1.ep6.el7.src.rpm apache-mime4j-0.6.0-1.redhat_4.1.ep6.el7.src.rpm atinject-eap6-1.0.0-1.redhat_5.1.ep6.el7.src.rpm codehaus-jackson-1.9.9-10.redhat_4.1.ep6.el7.src.rpm eap6-apache-commons-cli-1.2.0-1.redhat_8.1.ep6.el7.src.rpm eap6-apache-commons-codec-1.4.0-4.redhat_4.1.ep6.el7.src.rpm eap6-apache-commons-configuration-1.6.0-1.redhat_4.2.ep6.el7.src.rpm eap6-avro-1.7.5-2.redhat_2.1.ep6.el7.src.rpm eap6-cal10n-0.7.7-1.redhat_1.1.ep6.el7.src.rpm eap6-ecj-4.4.2-1.redhat_1.1.ep6.el7.src.rpm eap6-jandex-1.2.2-1.Final_redhat_1.1.ep6.el7.src.rpm eap6-jansi-1.9.0-1.redhat_5.1.ep6.el7.src.rpm eap6-joda-time-1.6.2-2.redhat_5.1.ep6.el7.src.rpm eap6-rngom-201103.0.0-1.redhat_4.1.ep6.el7.src.rpm eap6-snakeyaml-1.8.0-1.redhat_3.1.ep6.el7.src.rpm glassfish-jaf-1.1.1-17.redhat_4.1.ep6.el7.src.rpm glassfish-javamail-1.4.5-2.redhat_2.1.ep6.el7.src.rpm glassfish-jsf-eap6-2.1.28-7.redhat_8.1.ep6.el7.src.rpm glassfish-jsf12-eap6-1.2.15-8.b01_redhat_12.1.ep6.el7.src.rpm hibernate-beanvalidation-api-1.0.0-5.GA_redhat_3.1.ep6.el7.src.rpm hibernate-jpa-2.0-api-1.0.1-6.Final_redhat_3.1.ep6.el7.src.rpm hibernate3-commons-annotations-4.0.2-1.Final_redhat_1.1.ep6.el7.src.rpm hibernate4-eap6-4.2.18-2.Final_redhat_2.1.ep6.el7.src.rpm hibernate4-search-4.6.0-2.Final_redhat_2.1.ep6.el7.src.rpm hibernate4-validator-4.3.2-2.Final_redhat_2.1.ep6.el7.src.rpm hornetq-2.3.25-1.Final_redhat_1.1.ep6.el7.src.rpm hornetq-native-2.3.25-3.Final_redhat_1.ep6.el7.src.rpm httpcomponents-eap6-7.0.0-1.redhat_1.1.ep6.el7.src.rpm httpd22-2.2.26-38.ep6.el7.src.rpm httpserver-1.0.4-1.Final_redhat_1.1.ep6.el7.src.rpm infinispan-5.2.11-2.Final_redhat_2.1.ep6.el7.src.rpm ironjacamar-eap6-1.0.31-1.Final_redhat_1.1.ep6.el7.src.rpm javassist-eap6-3.18.1-6.GA_redhat_1.1.ep6.el7.src.rpm jbosgi-deployment-1.3.0-5.Final_redhat_2.1.ep6.el7.src.rpm jbosgi-framework-core-2.1.0-5.Final_redhat_2.1.ep6.el7.src.rpm jbosgi-metadata-2.2.0-4.Final_redhat_2.1.ep6.el7.src.rpm jbosgi-repository-2.1.0-2.Final_redhat_2.1.ep6.el7.src.rpm jbosgi-resolver-3.0.1-2.Final_redhat_2.1.ep6.el7.src.rpm jbosgi-spi-3.2.0-3.Final_redhat_2.1.ep6.el7.src.rpm jbosgi-vfs-1.2.1-5.Final_redhat_4.1.ep6.el7.src.rpm jboss-aesh-0.33.14-1.redhat_1.1.ep6.el7.src.rpm jboss-annotations-api_1.1_spec-1.0.1-5.Final_redhat_3.1.ep6.el7.src.rpm jboss-as-appclient-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-cli-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-client-all-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-clustering-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-cmp-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-configadmin-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-connector-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-console-2.5.5-1.Final_redhat_1.1.ep6.el7.src.rpm jboss-as-controller-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-controller-client-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-core-security-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-deployment-repository-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-deployment-scanner-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-domain-http-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-domain-management-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-ee-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-ee-deployment-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-ejb3-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-embedded-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-host-controller-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-jacorb-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-jaxr-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-jaxrs-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-jdr-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-jmx-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-jpa-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-jsf-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-jsr77-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-logging-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-mail-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-management-client-content-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-messaging-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-modcluster-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-naming-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-network-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-osgi-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-osgi-configadmin-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-osgi-service-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-picketlink-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-platform-mbean-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-pojo-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-process-controller-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-protocol-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-remoting-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-sar-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-security-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-server-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-system-jmx-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-threads-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-transactions-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-version-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-web-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-webservices-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-weld-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-as-xts-7.5.0-8.Final_redhat_21.1.ep6.el7.src.rpm jboss-classfilewriter-1.0.3-3.Final_redhat_2.1.ep6.el7.src.rpm jboss-common-beans-1.1.0-2.Final_redhat_2.1.ep6.el7.src.rpm jboss-common-core-2.2.17-11.GA_redhat_3.1.ep6.el7.src.rpm jboss-connector-api_1.6_spec-1.0.1-5.Final_redhat_3.1.ep6.el7.src.rpm jboss-dmr-1.2.2-1.Final_redhat_1.1.ep6.el7.src.rpm jboss-ejb-api_3.1_spec-1.0.2-11.Final_redhat_3.1.ep6.el7.src.rpm jboss-ejb-client-1.0.30-1.Final_redhat_1.1.ep6.el7.src.rpm jboss-genericjms-1.0.7-1.Final_redhat_1.1.ep6.el7.src.rpm jboss-hal-2.5.5-1.Final_redhat_1.1.ep6.el7.src.rpm jboss-iiop-client-1.0.0-5.Final_redhat_3.1.ep6.el7.src.rpm jboss-interceptors-api_1.1_spec-1.0.1-6.Final_redhat_3.1.ep6.el7.src.rpm jboss-j2eemgmt-api_1.1_spec-1.0.1-6.Final_redhat_3.1.ep6.el7.src.rpm jboss-jad-api_1.2_spec-1.0.1-7.Final_redhat_3.1.ep6.el7.src.rpm jboss-jaspi-api_1.0_spec-1.0.1-7.Final_redhat_3.1.ep6.el7.src.rpm jboss-jaxb-api_2.2_spec-1.0.4-4.Final_redhat_3.1.ep6.el7.src.rpm jboss-jaxr-api_1.0_spec-1.0.2-6.Final_redhat_3.1.ep6.el7.src.rpm jboss-jaxrpc-api_1.1_spec-1.0.1-5.Final_redhat_4.1.ep6.el7.src.rpm jboss-jaxrs-api_1.1_spec-1.0.1-10.Final_redhat_3.1.ep6.el7.src.rpm jboss-jms-api_1.1_spec-1.0.1-13.Final_redhat_3.1.ep6.el7.src.rpm jboss-jsp-api_2.2_spec-1.0.2-1.Final_redhat_1.1.ep6.el7.src.rpm jboss-logging-3.1.4-2.GA_redhat_2.1.ep6.el7.src.rpm jboss-logmanager-1.5.4-1.Final_redhat_1.1.ep6.el7.src.rpm jboss-metadata-7.2.1-1.Final_redhat_1.1.ep6.el7.src.rpm jboss-modules-1.3.6-1.Final_redhat_1.1.ep6.el7.src.rpm jboss-osgi-logging-1.0.0-7.redhat_3.1.ep6.el7.src.rpm jboss-remote-naming-1.0.10-1.Final_redhat_1.1.ep6.el7.src.rpm jboss-rmi-api_1.0_spec-1.0.4-10.Final_redhat_3.1.ep6.el7.src.rpm jboss-sasl-1.0.5-1.Final_redhat_1.1.ep6.el7.src.rpm jboss-seam-int-6.0.0-10.GA_redhat_3.1.ep6.el7.src.rpm jboss-servlet-api_2.5_spec-1.0.1-10.Final_redhat_3.1.ep6.el7.src.rpm jboss-servlet-api_3.0_spec-1.0.2-4.Final_redhat_2.1.ep6.el7.src.rpm jboss-threads-2.1.2-1.Final_redhat_1.1.ep6.el7.src.rpm jboss-transaction-api_1.1_spec-1.0.1-13.Final_redhat_3.1.ep6.el7.src.rpm jboss-vfs2-3.2.9-1.Final_redhat_1.1.ep6.el7.src.rpm jboss-weld-1.1-api-1.1.0-1.Final_redhat_6.1.ep6.el7.src.rpm jboss-xnio-base-3.0.13-1.GA_redhat_1.1.ep6.el7.src.rpm jbossas-appclient-7.5.0-9.Final_redhat_21.1.ep6.el7.src.rpm jbossas-bundles-7.5.0-9.Final_redhat_21.1.ep6.el7.src.rpm jbossas-core-7.5.0-11.Final_redhat_21.1.ep6.el7.src.rpm jbossas-domain-7.5.0-9.Final_redhat_21.1.ep6.el7.src.rpm jbossas-javadocs-7.5.0-23.Final_redhat_21.1.ep6.el7.src.rpm jbossas-modules-eap-7.5.0-14.Final_redhat_21.1.ep6.el7.src.rpm jbossas-product-eap-7.5.0-9.Final_redhat_21.1.ep6.el7.src.rpm jbossas-standalone-7.5.0-9.Final_redhat_21.1.ep6.el7.src.rpm jbossas-welcome-content-eap-7.5.0-9.Final_redhat_21.1.ep6.el7.src.rpm jbossts-4.17.29-1.Final_redhat_1.1.ep6.el7.src.rpm jbossweb-7.5.7-1.Final_redhat_1.1.ep6.el7.src.rpm jbossxb2-2.0.3-15.GA_redhat_3.1.ep6.el7.src.rpm jcip-annotations-eap6-1.0.0-1.redhat_7.1.ep6.el7.src.rpm jdom-eap6-1.1.3-1.redhat_2.1.ep6.el7.src.rpm jul-to-slf4j-stub-1.0.1-2.Final_redhat_2.1.ep6.el7.src.rpm log4j-jboss-logmanager-1.1.1-1.Final_redhat_1.1.ep6.el7.src.rpm lucene-solr-3.6.2-5.redhat_8.1.ep6.el7.src.rpm mod_cluster-1.2.11-1.Final_redhat_1.1.ep6.el7.src.rpm mod_cluster-native-1.2.11-2.Final_redhat_2.ep6.el7.src.rpm mod_jk-1.2.40-3.redhat_2.ep6.el7.src.rpm mod_rt-2.4.1-6.GA.ep6.el7.src.rpm mod_snmp-2.4.1-13.GA.ep6.el7.src.rpm objectweb-asm-eap6-3.3.1-8.redhat_9.1.ep6.el7.src.rpm org.osgi.core-eap6-4.2.0-14.redhat_8.1.ep6.el7.src.rpm org.osgi.enterprise-eap6-4.2.0-15.redhat_10.1.ep6.el7.src.rpm picketbox-4.1.1-1.Final_redhat_1.1.ep6.el7.src.rpm picketbox-commons-1.0.0-1.final_redhat_3.1.ep6.el7.src.rpm picketlink-bindings-2.5.4-5.SP4_redhat_1.1.ep6.el7.src.rpm picketlink-federation-2.5.4-5.SP4_redhat_1.1.ep6.el7.src.rpm relaxngDatatype-eap6-2011.1.0-1.redhat_9.1.ep6.el7.src.rpm resteasy-2.3.10-1.Final_redhat_1.1.ep6.el7.src.rpm staxmapper-1.1.0-7.Final_redhat_3.1.ep6.el7.src.rpm sun-codemodel-2.6.0-1.redhat_3.1.ep6.el7.src.rpm sun-txw2-20110809.0.0-1.redhat_5.1.ep6.el7.src.rpm sun-ws-metadata-2.0-api-1.0.0-2.MR1_redhat_7.1.ep6.el7.src.rpm sun-xsom-20110809.0.0-1.redhat_4.1.ep6.el7.src.rpm tomcat-native-1.1.32-3.redhat_1.ep6.el7.src.rpm velocity-eap6-1.7.0-1.redhat_4.1.ep6.el7.src.rpm weld-cdi-1.0-api-1.0.0-1.SP4_redhat_5.1.ep6.el7.src.rpm xml-commons-resolver-eap6-1.2.0-1.redhat_10.2.ep6.el7.src.rpm noarch: apache-commons-daemon-eap6-1.0.15-8.redhat_1.ep6.el7.noarch.rpm apache-commons-io-eap6-2.1.0-1.redhat_4.1.ep6.el7.noarch.rpm apache-commons-lang-eap6-2.6.0-1.redhat_4.1.ep6.el7.noarch.rpm apache-commons-pool-eap6-1.6.0-1.redhat_7.1.ep6.el7.noarch.rpm apache-mime4j-0.6.0-1.redhat_4.1.ep6.el7.noarch.rpm atinject-eap6-1.0.0-1.redhat_5.1.ep6.el7.noarch.rpm codehaus-jackson-1.9.9-10.redhat_4.1.ep6.el7.noarch.rpm codehaus-jackson-core-asl-1.9.9-10.redhat_4.1.ep6.el7.noarch.rpm codehaus-jackson-jaxrs-1.9.9-10.redhat_4.1.ep6.el7.noarch.rpm codehaus-jackson-mapper-asl-1.9.9-10.redhat_4.1.ep6.el7.noarch.rpm codehaus-jackson-xc-1.9.9-10.redhat_4.1.ep6.el7.noarch.rpm eap6-apache-commons-cli-1.2.0-1.redhat_8.1.ep6.el7.noarch.rpm eap6-apache-commons-codec-1.4.0-4.redhat_4.1.ep6.el7.noarch.rpm eap6-apache-commons-configuration-1.6.0-1.redhat_4.2.ep6.el7.noarch.rpm eap6-avro-1.7.5-2.redhat_2.1.ep6.el7.noarch.rpm eap6-cal10n-0.7.7-1.redhat_1.1.ep6.el7.noarch.rpm eap6-ecj-4.4.2-1.redhat_1.1.ep6.el7.noarch.rpm eap6-jandex-1.2.2-1.Final_redhat_1.1.ep6.el7.noarch.rpm eap6-jansi-1.9.0-1.redhat_5.1.ep6.el7.noarch.rpm eap6-joda-time-1.6.2-2.redhat_5.1.ep6.el7.noarch.rpm eap6-rngom-201103.0.0-1.redhat_4.1.ep6.el7.noarch.rpm eap6-snakeyaml-1.8.0-1.redhat_3.1.ep6.el7.noarch.rpm glassfish-jaf-1.1.1-17.redhat_4.1.ep6.el7.noarch.rpm glassfish-javamail-1.4.5-2.redhat_2.1.ep6.el7.noarch.rpm glassfish-jsf-eap6-2.1.28-7.redhat_8.1.ep6.el7.noarch.rpm glassfish-jsf12-eap6-1.2.15-8.b01_redhat_12.1.ep6.el7.noarch.rpm hibernate-beanvalidation-api-1.0.0-5.GA_redhat_3.1.ep6.el7.noarch.rpm hibernate-jpa-2.0-api-1.0.1-6.Final_redhat_3.1.ep6.el7.noarch.rpm hibernate3-commons-annotations-4.0.2-1.Final_redhat_1.1.ep6.el7.noarch.rpm hibernate4-core-eap6-4.2.18-2.Final_redhat_2.1.ep6.el7.noarch.rpm hibernate4-eap6-4.2.18-2.Final_redhat_2.1.ep6.el7.noarch.rpm hibernate4-entitymanager-eap6-4.2.18-2.Final_redhat_2.1.ep6.el7.noarch.rpm hibernate4-envers-eap6-4.2.18-2.Final_redhat_2.1.ep6.el7.noarch.rpm hibernate4-infinispan-eap6-4.2.18-2.Final_redhat_2.1.ep6.el7.noarch.rpm hibernate4-search-4.6.0-2.Final_redhat_2.1.ep6.el7.noarch.rpm hibernate4-validator-4.3.2-2.Final_redhat_2.1.ep6.el7.noarch.rpm hornetq-2.3.25-1.Final_redhat_1.1.ep6.el7.noarch.rpm httpclient-eap6-4.3.6-1.redhat_1.1.ep6.el7.noarch.rpm httpcomponents-client-eap6-4.3.6-1.redhat_1.1.ep6.el7.noarch.rpm httpcomponents-core-eap6-4.3.3-1.redhat_1.1.ep6.el7.noarch.rpm httpcomponents-project-eap6-7.0.0-1.redhat_1.1.ep6.el7.noarch.rpm httpcore-eap6-4.3.3-1.redhat_1.1.ep6.el7.noarch.rpm httpmime-eap6-4.3.6-1.redhat_1.1.ep6.el7.noarch.rpm httpserver-1.0.4-1.Final_redhat_1.1.ep6.el7.noarch.rpm infinispan-5.2.11-2.Final_redhat_2.1.ep6.el7.noarch.rpm infinispan-cachestore-jdbc-5.2.11-2.Final_redhat_2.1.ep6.el7.noarch.rpm infinispan-cachestore-remote-5.2.11-2.Final_redhat_2.1.ep6.el7.noarch.rpm infinispan-client-hotrod-5.2.11-2.Final_redhat_2.1.ep6.el7.noarch.rpm infinispan-core-5.2.11-2.Final_redhat_2.1.ep6.el7.noarch.rpm ironjacamar-common-api-eap6-1.0.31-1.Final_redhat_1.1.ep6.el7.noarch.rpm ironjacamar-common-impl-eap6-1.0.31-1.Final_redhat_1.1.ep6.el7.noarch.rpm ironjacamar-common-spi-eap6-1.0.31-1.Final_redhat_1.1.ep6.el7.noarch.rpm ironjacamar-core-api-eap6-1.0.31-1.Final_redhat_1.1.ep6.el7.noarch.rpm ironjacamar-core-impl-eap6-1.0.31-1.Final_redhat_1.1.ep6.el7.noarch.rpm ironjacamar-deployers-common-eap6-1.0.31-1.Final_redhat_1.1.ep6.el7.noarch.rpm ironjacamar-eap6-1.0.31-1.Final_redhat_1.1.ep6.el7.noarch.rpm ironjacamar-jdbc-eap6-1.0.31-1.Final_redhat_1.1.ep6.el7.noarch.rpm ironjacamar-spec-api-eap6-1.0.31-1.Final_redhat_1.1.ep6.el7.noarch.rpm ironjacamar-validator-eap6-1.0.31-1.Final_redhat_1.1.ep6.el7.noarch.rpm javassist-eap6-3.18.1-6.GA_redhat_1.1.ep6.el7.noarch.rpm jbosgi-deployment-1.3.0-5.Final_redhat_2.1.ep6.el7.noarch.rpm jbosgi-framework-core-2.1.0-5.Final_redhat_2.1.ep6.el7.noarch.rpm jbosgi-metadata-2.2.0-4.Final_redhat_2.1.ep6.el7.noarch.rpm jbosgi-repository-2.1.0-2.Final_redhat_2.1.ep6.el7.noarch.rpm jbosgi-resolver-3.0.1-2.Final_redhat_2.1.ep6.el7.noarch.rpm jbosgi-spi-3.2.0-3.Final_redhat_2.1.ep6.el7.noarch.rpm jbosgi-vfs-1.2.1-5.Final_redhat_4.1.ep6.el7.noarch.rpm jboss-aesh-0.33.14-1.redhat_1.1.ep6.el7.noarch.rpm jboss-annotations-api_1.1_spec-1.0.1-5.Final_redhat_3.1.ep6.el7.noarch.rpm jboss-as-appclient-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-cli-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-client-all-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-clustering-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-cmp-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-configadmin-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-connector-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-console-2.5.5-1.Final_redhat_1.1.ep6.el7.noarch.rpm jboss-as-controller-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-controller-client-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-core-security-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-deployment-repository-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-deployment-scanner-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-domain-http-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-domain-management-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-ee-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-ee-deployment-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-ejb3-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-embedded-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-host-controller-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-jacorb-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-jaxr-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-jaxrs-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-jdr-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-jmx-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-jpa-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-jsf-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-jsr77-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-logging-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-mail-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-management-client-content-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-messaging-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-modcluster-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-naming-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-network-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-osgi-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-osgi-configadmin-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-osgi-service-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-picketlink-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-platform-mbean-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-pojo-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-process-controller-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-protocol-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-remoting-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-sar-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-security-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-server-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-system-jmx-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-threads-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-transactions-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-version-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-web-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-webservices-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-weld-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-as-xts-7.5.0-8.Final_redhat_21.1.ep6.el7.noarch.rpm jboss-classfilewriter-1.0.3-3.Final_redhat_2.1.ep6.el7.noarch.rpm jboss-common-beans-1.1.0-2.Final_redhat_2.1.ep6.el7.noarch.rpm jboss-common-core-2.2.17-11.GA_redhat_3.1.ep6.el7.noarch.rpm jboss-connector-api_1.6_spec-1.0.1-5.Final_redhat_3.1.ep6.el7.noarch.rpm jboss-dmr-1.2.2-1.Final_redhat_1.1.ep6.el7.noarch.rpm jboss-ejb-api_3.1_spec-1.0.2-11.Final_redhat_3.1.ep6.el7.noarch.rpm jboss-ejb-client-1.0.30-1.Final_redhat_1.1.ep6.el7.noarch.rpm jboss-genericjms-1.0.7-1.Final_redhat_1.1.ep6.el7.noarch.rpm jboss-hal-2.5.5-1.Final_redhat_1.1.ep6.el7.noarch.rpm jboss-iiop-client-1.0.0-5.Final_redhat_3.1.ep6.el7.noarch.rpm jboss-interceptors-api_1.1_spec-1.0.1-6.Final_redhat_3.1.ep6.el7.noarch.rpm jboss-j2eemgmt-api_1.1_spec-1.0.1-6.Final_redhat_3.1.ep6.el7.noarch.rpm jboss-jad-api_1.2_spec-1.0.1-7.Final_redhat_3.1.ep6.el7.noarch.rpm jboss-jaspi-api_1.0_spec-1.0.1-7.Final_redhat_3.1.ep6.el7.noarch.rpm jboss-jaxb-api_2.2_spec-1.0.4-4.Final_redhat_3.1.ep6.el7.noarch.rpm jboss-jaxr-api_1.0_spec-1.0.2-6.Final_redhat_3.1.ep6.el7.noarch.rpm jboss-jaxrpc-api_1.1_spec-1.0.1-5.Final_redhat_4.1.ep6.el7.noarch.rpm jboss-jaxrs-api_1.1_spec-1.0.1-10.Final_redhat_3.1.ep6.el7.noarch.rpm jboss-jms-api_1.1_spec-1.0.1-13.Final_redhat_3.1.ep6.el7.noarch.rpm jboss-jsp-api_2.2_spec-1.0.2-1.Final_redhat_1.1.ep6.el7.noarch.rpm jboss-logging-3.1.4-2.GA_redhat_2.1.ep6.el7.noarch.rpm jboss-logmanager-1.5.4-1.Final_redhat_1.1.ep6.el7.noarch.rpm jboss-metadata-7.2.1-1.Final_redhat_1.1.ep6.el7.noarch.rpm jboss-metadata-appclient-7.2.1-1.Final_redhat_1.1.ep6.el7.noarch.rpm jboss-metadata-common-7.2.1-1.Final_redhat_1.1.ep6.el7.noarch.rpm jboss-metadata-ear-7.2.1-1.Final_redhat_1.1.ep6.el7.noarch.rpm jboss-metadata-ejb-7.2.1-1.Final_redhat_1.1.ep6.el7.noarch.rpm jboss-metadata-web-7.2.1-1.Final_redhat_1.1.ep6.el7.noarch.rpm jboss-modules-1.3.6-1.Final_redhat_1.1.ep6.el7.noarch.rpm jboss-osgi-logging-1.0.0-7.redhat_3.1.ep6.el7.noarch.rpm jboss-remote-naming-1.0.10-1.Final_redhat_1.1.ep6.el7.noarch.rpm jboss-rmi-api_1.0_spec-1.0.4-10.Final_redhat_3.1.ep6.el7.noarch.rpm jboss-sasl-1.0.5-1.Final_redhat_1.1.ep6.el7.noarch.rpm jboss-seam-int-6.0.0-10.GA_redhat_3.1.ep6.el7.noarch.rpm jboss-servlet-api_2.5_spec-1.0.1-10.Final_redhat_3.1.ep6.el7.noarch.rpm jboss-servlet-api_3.0_spec-1.0.2-4.Final_redhat_2.1.ep6.el7.noarch.rpm jboss-threads-2.1.2-1.Final_redhat_1.1.ep6.el7.noarch.rpm jboss-transaction-api_1.1_spec-1.0.1-13.Final_redhat_3.1.ep6.el7.noarch.rpm jboss-vfs2-3.2.9-1.Final_redhat_1.1.ep6.el7.noarch.rpm jboss-weld-1.1-api-1.1.0-1.Final_redhat_6.1.ep6.el7.noarch.rpm jboss-xnio-base-3.0.13-1.GA_redhat_1.1.ep6.el7.noarch.rpm jbossas-appclient-7.5.0-9.Final_redhat_21.1.ep6.el7.noarch.rpm jbossas-bundles-7.5.0-9.Final_redhat_21.1.ep6.el7.noarch.rpm jbossas-core-7.5.0-11.Final_redhat_21.1.ep6.el7.noarch.rpm jbossas-domain-7.5.0-9.Final_redhat_21.1.ep6.el7.noarch.rpm jbossas-javadocs-7.5.0-23.Final_redhat_21.1.ep6.el7.noarch.rpm jbossas-modules-eap-7.5.0-14.Final_redhat_21.1.ep6.el7.noarch.rpm jbossas-product-eap-7.5.0-9.Final_redhat_21.1.ep6.el7.noarch.rpm jbossas-standalone-7.5.0-9.Final_redhat_21.1.ep6.el7.noarch.rpm jbossas-welcome-content-eap-7.5.0-9.Final_redhat_21.1.ep6.el7.noarch.rpm jbossts-4.17.29-1.Final_redhat_1.1.ep6.el7.noarch.rpm jbossweb-7.5.7-1.Final_redhat_1.1.ep6.el7.noarch.rpm jbossxb2-2.0.3-15.GA_redhat_3.1.ep6.el7.noarch.rpm jcip-annotations-eap6-1.0.0-1.redhat_7.1.ep6.el7.noarch.rpm jdom-eap6-1.1.3-1.redhat_2.1.ep6.el7.noarch.rpm jul-to-slf4j-stub-1.0.1-2.Final_redhat_2.1.ep6.el7.noarch.rpm log4j-jboss-logmanager-1.1.1-1.Final_redhat_1.1.ep6.el7.noarch.rpm lucene-solr-3.6.2-5.redhat_8.1.ep6.el7.noarch.rpm mod_cluster-1.2.11-1.Final_redhat_1.1.ep6.el7.noarch.rpm mod_cluster-demo-1.2.11-1.Final_redhat_1.1.ep6.el7.noarch.rpm objectweb-asm-eap6-3.3.1-8.redhat_9.1.ep6.el7.noarch.rpm org.osgi.core-eap6-4.2.0-14.redhat_8.1.ep6.el7.noarch.rpm org.osgi.enterprise-eap6-4.2.0-15.redhat_10.1.ep6.el7.noarch.rpm picketbox-4.1.1-1.Final_redhat_1.1.ep6.el7.noarch.rpm picketbox-commons-1.0.0-1.final_redhat_3.1.ep6.el7.noarch.rpm picketlink-bindings-2.5.4-5.SP4_redhat_1.1.ep6.el7.noarch.rpm picketlink-federation-2.5.4-5.SP4_redhat_1.1.ep6.el7.noarch.rpm relaxngDatatype-eap6-2011.1.0-1.redhat_9.1.ep6.el7.noarch.rpm resteasy-2.3.10-1.Final_redhat_1.1.ep6.el7.noarch.rpm staxmapper-1.1.0-7.Final_redhat_3.1.ep6.el7.noarch.rpm sun-codemodel-2.6.0-1.redhat_3.1.ep6.el7.noarch.rpm sun-txw2-20110809.0.0-1.redhat_5.1.ep6.el7.noarch.rpm sun-ws-metadata-2.0-api-1.0.0-2.MR1_redhat_7.1.ep6.el7.noarch.rpm sun-xsom-20110809.0.0-1.redhat_4.1.ep6.el7.noarch.rpm velocity-eap6-1.7.0-1.redhat_4.1.ep6.el7.noarch.rpm weld-cdi-1.0-api-1.0.0-1.SP4_redhat_5.1.ep6.el7.noarch.rpm xml-commons-resolver-eap6-1.2.0-1.redhat_10.2.ep6.el7.noarch.rpm ppc64: hornetq-native-2.3.25-3.Final_redhat_1.ep6.el7.ppc64.rpm hornetq-native-debuginfo-2.3.25-3.Final_redhat_1.ep6.el7.ppc64.rpm httpd22-2.2.26-38.ep6.el7.ppc64.rpm httpd22-debuginfo-2.2.26-38.ep6.el7.ppc64.rpm httpd22-devel-2.2.26-38.ep6.el7.ppc64.rpm httpd22-manual-2.2.26-38.ep6.el7.ppc64.rpm httpd22-tools-2.2.26-38.ep6.el7.ppc64.rpm jbossas-hornetq-native-2.3.25-3.Final_redhat_1.ep6.el7.ppc64.rpm jbossas-jbossweb-native-1.1.32-3.redhat_1.ep6.el7.ppc64.rpm mod_cluster-native-1.2.11-2.Final_redhat_2.ep6.el7.ppc64.rpm mod_cluster-native-debuginfo-1.2.11-2.Final_redhat_2.ep6.el7.ppc64.rpm mod_jk-ap22-1.2.40-3.redhat_2.ep6.el7.ppc64.rpm mod_jk-debuginfo-1.2.40-3.redhat_2.ep6.el7.ppc64.rpm mod_rt-2.4.1-6.GA.ep6.el7.ppc64.rpm mod_rt-debuginfo-2.4.1-6.GA.ep6.el7.ppc64.rpm mod_snmp-2.4.1-13.GA.ep6.el7.ppc64.rpm mod_snmp-debuginfo-2.4.1-13.GA.ep6.el7.ppc64.rpm mod_ssl22-2.2.26-38.ep6.el7.ppc64.rpm tomcat-native-1.1.32-3.redhat_1.ep6.el7.ppc64.rpm tomcat-native-debuginfo-1.1.32-3.redhat_1.ep6.el7.ppc64.rpm x86_64: hornetq-native-2.3.25-3.Final_redhat_1.ep6.el7.x86_64.rpm hornetq-native-debuginfo-2.3.25-3.Final_redhat_1.ep6.el7.x86_64.rpm httpd22-2.2.26-38.ep6.el7.x86_64.rpm httpd22-debuginfo-2.2.26-38.ep6.el7.x86_64.rpm httpd22-devel-2.2.26-38.ep6.el7.x86_64.rpm httpd22-manual-2.2.26-38.ep6.el7.x86_64.rpm httpd22-tools-2.2.26-38.ep6.el7.x86_64.rpm jbossas-hornetq-native-2.3.25-3.Final_redhat_1.ep6.el7.x86_64.rpm jbossas-jbossweb-native-1.1.32-3.redhat_1.ep6.el7.x86_64.rpm mod_cluster-native-1.2.11-2.Final_redhat_2.ep6.el7.x86_64.rpm mod_cluster-native-debuginfo-1.2.11-2.Final_redhat_2.ep6.el7.x86_64.rpm mod_jk-ap22-1.2.40-3.redhat_2.ep6.el7.x86_64.rpm mod_jk-debuginfo-1.2.40-3.redhat_2.ep6.el7.x86_64.rpm mod_rt-2.4.1-6.GA.ep6.el7.x86_64.rpm mod_rt-debuginfo-2.4.1-6.GA.ep6.el7.x86_64.rpm mod_snmp-2.4.1-13.GA.ep6.el7.x86_64.rpm mod_snmp-debuginfo-2.4.1-13.GA.ep6.el7.x86_64.rpm mod_ssl22-2.2.26-38.ep6.el7.x86_64.rpm tomcat-native-1.1.32-3.redhat_1.ep6.el7.x86_64.rpm tomcat-native-debuginfo-1.1.32-3.redhat_1.ep6.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3586 https://access.redhat.com/security/cve/CVE-2014-8111 https://access.redhat.com/security/cve/CVE-2015-0226 https://access.redhat.com/security/cve/CVE-2015-0227 https://access.redhat.com/security/cve/CVE-2015-0277 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVL+bsXlSAg2UNWIIRAosAAJ9Zu7wlViMJQj8Dpmk/srQc3QovrwCdH/a3 wwnJ15u1VAUgkfd0fVUe+04= =hRAN -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 16 16:46:11 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 16 Apr 2015 16:46:11 +0000 Subject: [RHSA-2015:0849-01] Important: Red Hat JBoss Enterprise Application Platform 6.4.0 update Message-ID: <201504161646.t3GGkCxk007000@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 6.4.0 update Advisory ID: RHSA-2015:0849-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0849.html Issue date: 2015-04-16 CVE Names: CVE-2014-3570 CVE-2014-3586 CVE-2014-8111 CVE-2015-0204 CVE-2015-0226 CVE-2015-0227 CVE-2015-0277 ===================================================================== 1. Summary: Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.0, and fix multiple security issues, several bugs, and add various enhancements, are now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Description: Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption (CVE-2011-2487) threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote attacker to recover the entire plain text form of a symmetric key. (CVE-2015-0226) A flaw was found in the way PicketLink's Service Provider and Identity Provider handled certain requests. A remote attacker could use this flaw to log to a victim's account via PicketLink. (CVE-2015-0277) It was discovered that a JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them. (CVE-2014-8111) It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method. (CVE-2015-0204) It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request. (CVE-2015-0227) It was found that OpenSSL's BigNumber Squaring implementation could produce incorrect results under certain special conditions. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it. (CVE-2014-3570) It was found that the Command Line Interface, as provided by Red Hat Enterprise Application Platform, created a history file named .jboss-cli-history in the user's home directory with insecure default file permissions. This could allow a malicious local user to gain information otherwise not accessible to them. (CVE-2014-3586) The CVE-2015-0277 issue was discovered by Ondrej Kotek of Red Hat. This release of JBoss Enterprise Application Platform also includes bug fixes and enhancements. Documentation for these changes will be available shortly from the JBoss Enterprise Application Platform 6.4.0 Release Notes, linked to in the References. All users of Red Hat JBoss Enterprise Application Platform 6.3 as provided from the Red Hat Customer Portal are advised to apply this update. The JBoss server process must be restarted for the update to take effect. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. 4. Bugs fixed (https://bugzilla.redhat.com/): 1126687 - CVE-2014-3586 JBoss AS CLI: Insecure default permissions on history file 1180184 - CVE-2015-0204 openssl: only allow ephemeral RSA keys in export ciphersuites (FREAK) 1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results 1182591 - CVE-2014-8111 Tomcat mod_jk: information leak due to incorrect JkMount/JkUnmount directives processing 1191446 - CVE-2015-0226 wss4j: Apache WSS4J is vulnerable to Bleichenbacher's attack (incomplete fix for CVE-2011-2487) 1191451 - CVE-2015-0227 wss4j: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property 1194832 - CVE-2015-0277 PicketLink: SP does not take Audience condition of a SAML assertion into account 5. References: https://access.redhat.com/security/cve/CVE-2014-3570 https://access.redhat.com/security/cve/CVE-2014-3586 https://access.redhat.com/security/cve/CVE-2014-8111 https://access.redhat.com/security/cve/CVE-2015-0204 https://access.redhat.com/security/cve/CVE-2015-0226 https://access.redhat.com/security/cve/CVE-2015-0227 https://access.redhat.com/security/cve/CVE-2015-0277 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=appplatform&version=6.4 https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/ 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVL+cgXlSAg2UNWIIRAgReAKCmbue7AHS0JviRhZ3Lf94SFWGFnwCeP1XZ 4LYefBygVEs7IHM2Q1P/dtg= =lhOf -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 16 16:46:53 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 16 Apr 2015 16:46:53 +0000 Subject: [RHSA-2015:0850-01] Important: Red Hat JBoss BRMS 6.1.0 update Message-ID: <201504161646.t3GGkr0s024710@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss BRMS 6.1.0 update Advisory ID: RHSA-2015:0850-01 Product: Red Hat JBoss BRMS Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0850.html Issue date: 2015-04-16 CVE Names: CVE-2012-6153 CVE-2013-2133 CVE-2013-4517 CVE-2013-7397 CVE-2013-7398 CVE-2014-0034 CVE-2014-0035 CVE-2014-0059 CVE-2014-0109 CVE-2014-0110 CVE-2014-3577 CVE-2014-3623 CVE-2014-7827 CVE-2014-7839 CVE-2014-8122 CVE-2014-8125 ===================================================================== 1. Summary: Red Hat JBoss BRMS 6.1.0, which fixes multiple security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Description: Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.1.0 serves as a replacement for Red Hat JBoss BRMS 6.0.3, and includes bug fixes and enhancements. Refer to the Red Hat JBoss BRMS 6.1.0 Release Notes for information on the most significant of these changes. The Release Notes are available at https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_BRMS/ The following security issues are also fixed with this release, descriptions of which can be found on the respective CVE pages linked in the References section. CVE-2012-6153 Jakarta Commons httpclient / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-5783 fix CVE-2013-2133 JBoss WS: EJB3 role restrictions are not applied to jaxws handlers CVE-2013-4517 Apache Santuario XML Security for Java: Java XML Signature DoS Attack CVE-2013-7397 async-http-client: SSL/TLS certificate verification is disabled under certain conditions CVE-2013-7398 async-http-client: missing hostname verification for SSL certificates CVE-2014-0034 Apache CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid CVE-2014-0035 Apache CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy CVE-2014-0059 JBossSX/PicketBox: World readable audit.log file CVE-2014-0109 Apache CXF: HTML content posted to SOAP endpoint could cause OOM errors CVE-2014-0110 Apache CXF: Large invalid content could cause temporary space to fill CVE-2014-3577 Jakarta Commons httpclient / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix CVE-2014-3623 Apache WSS4J / Apache CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods CVE-2014-7827 JBoss Security: Wrong security context loaded when using SAML2 STS Login Module CVE-2014-7839 RESTeasy: External entities expanded by DocumentProvider CVE-2014-8122 JBoss Weld: Limited information disclosure via stale thread state CVE-2014-8125 jBPM: BPMN2 file processing XXE in Process Execution Red Hat would like to thank Rune Steinseth of JProfessionals for reporting the CVE-2014-8122 issue. The CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat Product Security; the CVE-2014-8125 was discovered by Jeremy Lindop of Red Hat; the CVE-2014-7827 issue was discovered by Ondra Lukas of the Red Hat Quality Engineering Team; the CVE-2013-2133 issue was discovered by Richard Opalka and Arun Neelicattu of Red Hat. All users of Red Hat JBoss BRMS 6.0.3 as provided from the Red Hat Customer Portal are advised to upgrade to Red Hat JBoss BRMS 6.1.0. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update, and then after installing the update, restart the server by starting the JBoss Application Server process. 4. Bugs fixed (https://bugzilla.redhat.com/): 969924 - CVE-2013-2133 JBoss WS: EJB3 role restrictions are not applied to jaxws handlers 1045257 - CVE-2013-4517 Apache Santuario XML Security for Java: Java XML Signature DoS Attack 1063642 - CVE-2014-0059 JBossSX/PicketBox: World readable audit.log file 1093526 - CVE-2014-0109 Apache CXF: HTML content posted to SOAP endpoint could cause OOM errors 1093527 - CVE-2014-0110 Apache CXF: Large invalid content could cause temporary space to fill 1093529 - CVE-2014-0034 Apache CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid 1093530 - CVE-2014-0035 Apache CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy 1129074 - CVE-2014-3577 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix 1129916 - CVE-2012-6153 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-5783 fix 1133769 - CVE-2013-7397 async-http-client: SSL/TLS certificate verification is disabled under certain conditions 1133773 - CVE-2013-7398 async-http-client: missing hostname verification for SSL certificates 1157304 - CVE-2014-3623 Apache WSS4J / Apache CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods 1160574 - CVE-2014-7827 JBoss Security: Wrong security context loaded when using SAML2 STS Login Module 1165328 - CVE-2014-7839 RESTeasy: External entities expanded by DocumentProvider 1169237 - CVE-2014-8122 JBoss Weld: Limited information disclosure via stale thread state 1169553 - CVE-2014-8125 jBPM: BPMN2 file processing XXE in Process Execution 5. References: https://access.redhat.com/security/cve/CVE-2012-6153 https://access.redhat.com/security/cve/CVE-2013-2133 https://access.redhat.com/security/cve/CVE-2013-4517 https://access.redhat.com/security/cve/CVE-2013-7397 https://access.redhat.com/security/cve/CVE-2013-7398 https://access.redhat.com/security/cve/CVE-2014-0034 https://access.redhat.com/security/cve/CVE-2014-0035 https://access.redhat.com/security/cve/CVE-2014-0059 https://access.redhat.com/security/cve/CVE-2014-0109 https://access.redhat.com/security/cve/CVE-2014-0110 https://access.redhat.com/security/cve/CVE-2014-3577 https://access.redhat.com/security/cve/CVE-2014-3623 https://access.redhat.com/security/cve/CVE-2014-7827 https://access.redhat.com/security/cve/CVE-2014-7839 https://access.redhat.com/security/cve/CVE-2014-8122 https://access.redhat.com/security/cve/CVE-2014-8125 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=brms&downloadType=distributions&version=6.1.0 https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_BRMS/ 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVL+ddXlSAg2UNWIIRAslAAKCAmqCpayfw+1cRFBbDTjNJCHNw7QCZAbuA EJewQkbCg4U6tZ8N7oLztaw= =ZeK0 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 16 16:47:23 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 16 Apr 2015 16:47:23 +0000 Subject: [RHSA-2015:0851-01] Important: Red Hat JBoss BPM Suite 6.1.0 update Message-ID: <201504161647.t3GGlNqE007719@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss BPM Suite 6.1.0 update Advisory ID: RHSA-2015:0851-01 Product: Red Hat JBoss BPM Suite Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0851.html Issue date: 2015-04-16 CVE Names: CVE-2012-6153 CVE-2013-2133 CVE-2013-4517 CVE-2013-7397 CVE-2013-7398 CVE-2014-0034 CVE-2014-0035 CVE-2014-0059 CVE-2014-0109 CVE-2014-0110 CVE-2014-3577 CVE-2014-3623 CVE-2014-7827 CVE-2014-7839 CVE-2014-8122 CVE-2014-8125 ===================================================================== 1. Summary: Red Hat JBoss BPM Suite 6.1.0, which fixes multiple security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Description: Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.1.0 serves as a replacement for Red Hat JBoss BPM Suite 6.0.3, and includes bug fixes and enhancements. Refer to the Red Hat JBoss BPM Suite 6.1.0 Release Notes for information on the most significant of these changes. The Release Notes are available at https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_BPM_Suite/ The following security issues are also fixed with this release, descriptions of which can be found on the respective CVE pages linked in the References section. CVE-2012-6153 Jakarta Commons httpclient / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-5783 fix CVE-2013-2133 JBoss WS: EJB3 role restrictions are not applied to jaxws handlers CVE-2013-4517 Apache Santuario XML Security for Java: Java XML Signature DoS Attack CVE-2013-7397 async-http-client: SSL/TLS certificate verification is disabled under certain conditions CVE-2013-7398 async-http-client: missing hostname verification for SSL certificates CVE-2014-0034 Apache CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid CVE-2014-0035 Apache CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy CVE-2014-0059 JBossSX/PicketBox: World readable audit.log file CVE-2014-0109 Apache CXF: HTML content posted to SOAP endpoint could cause OOM errors CVE-2014-0110 Apache CXF: Large invalid content could cause temporary space to fill CVE-2014-3577 Jakarta Commons httpclient / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix CVE-2014-3623 Apache WSS4J / Apache CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods CVE-2014-7827 JBoss Security: Wrong security context loaded when using SAML2 STS Login Module CVE-2014-7839 RESTeasy: External entities expanded by DocumentProvider CVE-2014-8122 JBoss Weld: Limited information disclosure via stale thread state CVE-2014-8125 jBPM: BPMN2 file processing XXE in Process Execution Red Hat would like to thank Rune Steinseth of JProfessionals for reporting the CVE-2014-8122 issue. The CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat Product Security; the CVE-2014-8125 was discovered by Jeremy Lindop of Red Hat; the CVE-2014-7827 issue was discovered by Ondra Lukas of the Red Hat Quality Engineering Team; the CVE-2013-2133 issue was discovered by Richard Opalka and Arun Neelicattu of Red Hat. All users of Red Hat JBoss BPM Suite 6.0.3 as provided from the Red Hat Customer Portal are advised to upgrade to Red Hat JBoss BPM Suite 6.1.0. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update, and then after installing the update, restart the server by starting the JBoss Application Server process. 4. Bugs fixed (https://bugzilla.redhat.com/): 969924 - CVE-2013-2133 JBoss WS: EJB3 role restrictions are not applied to jaxws handlers 1045257 - CVE-2013-4517 Apache Santuario XML Security for Java: Java XML Signature DoS Attack 1063642 - CVE-2014-0059 JBossSX/PicketBox: World readable audit.log file 1093526 - CVE-2014-0109 Apache CXF: HTML content posted to SOAP endpoint could cause OOM errors 1093527 - CVE-2014-0110 Apache CXF: Large invalid content could cause temporary space to fill 1093529 - CVE-2014-0034 Apache CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid 1093530 - CVE-2014-0035 Apache CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy 1129074 - CVE-2014-3577 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix 1129916 - CVE-2012-6153 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-5783 fix 1133769 - CVE-2013-7397 async-http-client: SSL/TLS certificate verification is disabled under certain conditions 1133773 - CVE-2013-7398 async-http-client: missing hostname verification for SSL certificates 1157304 - CVE-2014-3623 Apache WSS4J / Apache CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods 1160574 - CVE-2014-7827 JBoss Security: Wrong security context loaded when using SAML2 STS Login Module 1165328 - CVE-2014-7839 RESTeasy: External entities expanded by DocumentProvider 1169237 - CVE-2014-8122 JBoss Weld: Limited information disclosure via stale thread state 1169553 - CVE-2014-8125 jBPM: BPMN2 file processing XXE in Process Execution 5. References: https://access.redhat.com/security/cve/CVE-2012-6153 https://access.redhat.com/security/cve/CVE-2013-2133 https://access.redhat.com/security/cve/CVE-2013-4517 https://access.redhat.com/security/cve/CVE-2013-7397 https://access.redhat.com/security/cve/CVE-2013-7398 https://access.redhat.com/security/cve/CVE-2014-0034 https://access.redhat.com/security/cve/CVE-2014-0035 https://access.redhat.com/security/cve/CVE-2014-0059 https://access.redhat.com/security/cve/CVE-2014-0109 https://access.redhat.com/security/cve/CVE-2014-0110 https://access.redhat.com/security/cve/CVE-2014-3577 https://access.redhat.com/security/cve/CVE-2014-3623 https://access.redhat.com/security/cve/CVE-2014-7827 https://access.redhat.com/security/cve/CVE-2014-7839 https://access.redhat.com/security/cve/CVE-2014-8122 https://access.redhat.com/security/cve/CVE-2014-8125 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=bpm.suite&downloadType=distributions&version=6.1.0 https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_BPM_Suite/ 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVL+eHXlSAg2UNWIIRAh4eAJ4lg7lUuCX8weAkC3Re1YuH6/JxNQCeLE74 g4F92re1SgeTLhJhLA3FC/4= =oxsz -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 21 10:53:21 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 21 Apr 2015 10:53:21 +0000 Subject: [RHSA-2015:0862-01] Critical: Red Hat JBoss Operations Network 3.3.1 security update Message-ID: <201504211053.t3LArMb0000472@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: Red Hat JBoss Operations Network 3.3.1 security update Advisory ID: RHSA-2015:0862-01 Product: Red Hat JBoss Operations Network Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0862.html Issue date: 2015-04-21 CVE Names: CVE-2015-0297 ===================================================================== 1. Summary: An update for Red Hat JBoss Operations Network 3.3 update 1, which fixes one security issue is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Description: Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. It was discovered that the JBoss Operations Network server did not correctly restrict access to certain remote APIs. A remote, unauthenticated attacker could use this flaw to execute arbitrary Java methods via ServerInvokerServlet or SchedulerService, and possibly exhaust all available disk space via ContentManager. (CVE-2015-0297) Red Hat would like to thank Alessandro Cavaliere for reporting this issue. All users of JBoss Operations Network 3.3.1 as provided from the Red Hat Customer Portal are advised to apply this update. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying this update, back up your existing JBoss Operations Network installation (including its databases, applications, configuration files, the JBoss Operations Network server's file system directory, and so on). Refer to the JBoss Operations Network 3.3 Installation Guide for detailed upgrade instructions. 4. Bugs fixed (https://bugzilla.redhat.com/): 1198008 - CVE-2015-0297 RHQ: ServerInvokerServlet remote code exec 5. References: https://access.redhat.com/security/cve/CVE-2015-0297 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=em&downloadType=securityPatches&version=3.3 https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Operations_Network/3.3/html/Installation_Guide/index.html 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVNiwVXlSAg2UNWIIRAvDdAJ0UbAzCFN+B0ejeHnGBilyN6WDb1gCfevbN MDQwrWLHRn+Bk5m847eQnVw= =wbWt -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 30 16:22:01 2015 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 30 Apr 2015 16:22:01 +0000 Subject: [RHSA-2015:0920-01] Moderate: Red Hat JBoss Operations Network 3.3.2 update Message-ID: <201504301622.t3UGM1Bn018014@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Operations Network 3.3.2 update Advisory ID: RHSA-2015:0920-01 Product: Red Hat JBoss Operations Network Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0920.html Issue date: 2015-04-30 CVE Names: CVE-2014-7849 CVE-2014-7853 CVE-2014-8122 ===================================================================== 1. Summary: Red Hat JBoss Operations Network 3.3 update 2, which fixes three security issues and several bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Description: Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.3.2 release serves as a replacement for JBoss Operations Network 3.3.1, and includes several bug fixes. Refer to the Customer Portal page linked in the References section for information on the most significant of these changes. The following security issue is also fixed with this release: It was discovered that the Role Based Access Control (RBAC) implementation did not sufficiently verify all authorization conditions that are required by the Maintainer role to perform certain administrative actions. An authenticated user with the Maintainer role could use this flaw to add, modify, or undefine a limited set of attributes and their values, which otherwise cannot be written to. (CVE-2014-7849) It was discovered that the JBoss Application Server (WildFly) JacORB subsystem incorrectly assigned socket-binding-ref sensitivity classification for the security-domain attribute. An authenticated user with a role that has access to attributes with socket-binding-ref and not security-domain-ref sensitivity classification could use this flaw to access sensitive information present in the security-domain attribute. (CVE-2014-7853) It was discovered that under specific conditions the conversation state information stored in a thread-local variable in JBoss Weld was not sanitized correctly when the conversation ended. This could lead to a race condition that could potentially expose sensitive information from a previous conversation to the current conversation. (CVE-2014-8122) Red Hat would like to thank Rune Steinseth of JProfessionals for reporting CVE-2014-8122. The CVE-2014-7849 and CVE-2014-7853 issues were discovered by Darran Lofthouse of the Red Hat JBoss Enterprise Application Platform Team. All users of JBoss Operations Network 3.3.1 as provided from the Red Hat Customer Portal are advised to upgrade to JBoss Operations Network 3.3.2. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying this update, back up your existing JBoss Operations Network installation (including its databases, applications, configuration files, the JBoss Operations Network server's file system directory, and so on). Refer to the JBoss Operations Network 3.3.2 Release Notes for installation information. 4. Bugs fixed (https://bugzilla.redhat.com/): 1089495 - Add support for Java 8 with JBoss ON 3.3.2 components 1147098 - The server needs to handle failures inserting raw data 1165170 - CVE-2014-7849 JBoss AS/WildFly Domain Management: Limited RBAC authorization bypass 1165522 - CVE-2014-7853 JBoss AS/WildFly JacORB Subsystem: Information disclosure via incorrect sensitivity classification of attribute 1169237 - CVE-2014-8122 JBoss Weld: Limited information disclosure via stale thread state 1176162 - rhqctl console does not handle signals correctly 1185375 - Upgrade from 3.2 to 3.3 fails at upgrade --storage-schema due to MigrateAggregateMetrics taking too long 1187645 - UnsupportedOperationException on mergeInventoryReport() 1188743 - Packages in a repository, that have an identical name to the deployment it's subscribed to, disappear in the Content->New screen. 1194690 - CLI doesn't work when agent-server communication uses sslsocket 1198034 - Incorrect link in the readme.txt file of the JBoss ON 3.3.0 distribution package 1198086 - Error loading global condition cache: ORA-01427: single-row subquery returns more than one row 1200493 - The output of rhq:audit is changed - Date is added to the "info" 1200579 - Unable to delete/remove agent plug-ins that define a bundle type target 1202327 - Relax the 1h minimum Session timeout validation 1206387 - apply-updates creates rhq-storage directory even if storage node is not installed causing rhqctl to fail install/start 1206641 - Fix for BZ-1088046 is lost when storage node is installed from 3.3 Update-01 patched server 1206671 - Aggregation timeslices not properly computed due to DST changes 1207393 - Add support for configuration options to rhq-server.properites for RequestLimit, RequestLimitTopologyChange, Warmup period, Warmup Counter Maximum 5. References: https://access.redhat.com/security/cve/CVE-2014-7849 https://access.redhat.com/security/cve/CVE-2014-7853 https://access.redhat.com/security/cve/CVE-2014-8122 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=em&downloadType=securityPatches&version=3.3 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVQlZ2XlSAg2UNWIIRAjDxAJ91SGMq9NdN4a6hU1xfBK4lHkCLiQCfe5Re 5bXj6Z4W4tnVPrYzVD0yGU0= =8BYc -----END PGP SIGNATURE-----