From bugzilla at redhat.com Wed Dec 4 18:33:28 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 4 Dec 2013 18:33:28 +0000 Subject: [RHSA-2013:1784-01] Low: Red Hat JBoss Enterprise Application Platform 6.2.0 update Message-ID: <201312041833.rB4IXTiF009840@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat JBoss Enterprise Application Platform 6.2.0 update Advisory ID: RHSA-2013:1784-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1784.html Issue date: 2013-12-04 CVE Names: CVE-2013-2035 CVE-2013-2133 ===================================================================== 1. Summary: An update for Red Hat JBoss Enterprise Application Platform 6.2.0, which fixes two security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Description: Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. The HawtJNI Library class wrote native libraries to a predictable file name in /tmp/ when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed. (CVE-2013-2035) A flaw was found in the way method-level authorization for JAX-WS Service endpoints was performed by the EJB invocation handler implementation. Any restrictions declared on EJB methods were ignored when executing the JAX-WS handlers, and only class-level restrictions were applied. A remote attacker who is authorized to access the EJB class, could invoke a JAX-WS handler which they were not authorized to invoke. (CVE-2013-2133) The CVE-2013-2035 issue was discovered by Florian Weimer of the Red Hat Product Security Team, and the CVE-2013-2133 issue was discovered by Richard Opalka and Arun Neelicattu of Red Hat. This release serves as a replacement for JBoss Enterprise Application Platform 6.1.1, and includes bug fixes and enhancements. Documentation for these changes will be available shortly from the JBoss Enterprise Application Platform 6.2.0 Release Notes, linked to in the References. All users of Red Hat JBoss Enterprise Application Platform 6.2.0 as provided from the Red Hat Customer Portal are advised to apply this update. The JBoss server process must be restarted for the update to take effect. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. For more details, refer to the JBoss Enterprise Application Platform 6.2.0 Release Notes, linked to in the References. 4. Bugs fixed (https://bugzilla.redhat.com/): 958618 - CVE-2013-2035 HawtJNI: predictable temporary file name leading to local arbitrary code execution 969924 - CVE-2013-2133 JBoss WS: EJB3 role restrictions are not applied to jaxws handlers 5. References: https://www.redhat.com/security/data/cve/CVE-2013-2035.html https://www.redhat.com/security/data/cve/CVE-2013-2133.html https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=distributions https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/6.2/html/6.2.0_Release_Notes/index.html 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSn3VSXlSAg2UNWIIRAhmjAJ9jXgWDZMgadVk5EmNX/vFKpEkF8ACfU0j7 VxPsmI/8L4QmI6us9Xxkn9M= =p37K -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 4 18:35:01 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 4 Dec 2013 18:35:01 +0000 Subject: [RHSA-2013:1785-01] Low: Red Hat JBoss Enterprise Application Platform 6.2.0 update Message-ID: <201312041835.rB4IZ24A001272@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat JBoss Enterprise Application Platform 6.2.0 update Advisory ID: RHSA-2013:1785-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1785.html Issue date: 2013-12-04 CVE Names: CVE-2013-2035 CVE-2013-2133 ===================================================================== 1. Summary: Updated Red Hat JBoss Enterprise Application Platform 6.2.0 packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server - i386, noarch, x86_64 3. Description: Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. The HawtJNI Library class wrote native libraries to a predictable file name in /tmp/ when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed. (CVE-2013-2035) A flaw was found in the way method-level authorization for JAX-WS Service endpoints was performed by the EJB invocation handler implementation. Any restrictions declared on EJB methods were ignored when executing the JAX-WS handlers, and only class-level restrictions were applied. A remote attacker who is authorized to access the EJB class, could invoke a JAX-WS handler which they were not authorized to invoke. (CVE-2013-2133) The CVE-2013-2035 issue was discovered by Florian Weimer of the Red Hat Product Security Team, and the CVE-2013-2133 issue was discovered by Richard Opalka and Arun Neelicattu of Red Hat. This release serves as a replacement for JBoss Enterprise Application Platform 6.1.1, and includes bug fixes and enhancements. Documentation for these changes will be available shortly from the JBoss Enterprise Application Platform 6.2.0 Release Notes, linked to in the References. All users of JBoss Enterprise Application Platform 6.1.1 on Red Hat Enterprise Linux 5 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Also, back up any customized Red Hat JBoss Enterprise Application Platform 6 configuration files. On update, the configuration files that have been locally modified will not be updated. The updated version of such files will be stored as the rpmnew files. Make sure to locate any such files after the update and merge any changes manually. For more details, refer to the JBoss Enterprise Application Platform 6.2.0 Release Notes, linked to in the References. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 958618 - CVE-2013-2035 HawtJNI: predictable temporary file name leading to local arbitrary code execution 969924 - CVE-2013-2133 JBoss WS: EJB3 role restrictions are not applied to jaxws handlers 1025512 - RHEL 5 RPMs: Upgrade resteasy to 2.3.7.Final-redhat-2 1025514 - RHEL 5 RPMs: Upgrade jbossts to 4.17.15.Final-redhat-4 1025515 - RHEL 5 RPMs: Upgrade apache-cxf to 2.7.7.redhat-1 1025516 - RHEL 5 RPMs: Upgrade wss4j to 1.6.12.redhat-1 1025517 - RHEL 5 RPMs: Upgrade jboss-modules to 1.3.0.Final-redhat-1 1025518 - RHEL 5 RPMs: Upgrade jboss-remoting3-jmx to 1.1.2.Final-redhat-1 1025519 - RHEL 5 RPMs: Upgrade jbossws-cxf to 4.2.3.Final-redhat-1 1025520 - RHEL 5 RPMs: Upgrade jbossws-api to 1.0.2.Final-redhat-1 1025521 - RHEL5 RPMs: Upgrade jbossws-common to 2.2.3.Final-redhat-1 1025522 - RHEL 5 RPMs: Upgrade jbossws-common-tools to 1.2.0.Final-redhat-2 1025523 - RHEL5 RPMs: Upgrade jbossws-spi to 2.2.2.Final-redhat-1 1025524 - RHEL 5 RPMs: Upgrade jboss-dmr to 1.2.0.Final-redhat-1 1025525 - RHEL 5 RPMs: Upgrade opensaml to 2.5.3.redhat-1 1025526 - RHEL 5 RPMs: Upgrade xmltooling to 1.3.4.redhat-1 1025527 - RHEL 5 RPMs: Upgrade jgroups to 3.2.12.Final-redhat-1 1025528 - RHEL 5 RPMs: Upgrade jboss-threads to 2.1.1.Final-redhat-1 1025529 - RHEL 5 RPMs: Upgrade jboss-marshalling to 1.4.2.Final-redhat-1 1025530 - RHEL 5 RPMs: Upgrade jboss-logmanager to 1.5.1.Final-redhat-1 1025531 - RHEL 5 RPMs: Upgrade javassist-eap6 to 3.18.1.GA-redhat-1 1025532 - RHEL 5 RPMs: Upgrade jboss-aesh to 0.33.8.redhat-1 1025533 - RHEL 5 RPMs: Upgrade jboss-ejb3-ext-api to 2.1.0.redhat-1 1025534 - RHEL 5 RPMs: Upgrade hornetq to 2.3.12.Final-redhat-1 1025535 - RHEL 5 RPMs: Upgrade weld-core to 1.1.16.Final-redhat-1 1025536 - RHEL 5 RPMs: Upgrade jboss-vfs2 to 3.2.2.Final-redhat-1 1025537 - RHEL 5 RPMs: Upgrade mod_cluster to 1.2.6.Final-redhat-1 1025538 - RHEL 5 RPMs: Upgrade mod_cluster-native to 1.2.6.Final-redhat-1 1025539 - RHEL 5 RPMs: Upgrade jboss-as-console to 2.0.6.Final-redhat-1 1025540 - RHEL 5 RPMs: Upgrade jboss-hal to 2.0.6.Final-redhat-1 1025541 - RHEL 5 RPMs: Upgrade shrinkwrap to 1.1.2.redhat-1 1025542 - RHEL 5 RPMs: Upgrade openws to 1.4.4.redhat-2 1025543 - RHEL 5 RPMs: Upgrade hornetq-native to 2.3.8.Final-redhat-1 1025545 - RHEL 5 RPMs: Upgrade jboss-remoting3 to 3.2.18.GA-redhat-1 1025546 - RHEL5 RPMs: Upgrade picketlink-federation to 2.1.9.Final-redhat-1 1025547 - RHEL5 RPMs: Upgrade scannotation to 1.0.3.redhat-4 1025548 - RHEL5 RPMs: Upgrade jbossws-native to 4.1.2.Final-redhat-1 1025549 - RHEL5 RPMs: Upgrade jboss-jacc-api_1.4_spec to 1.0.3.Final-redhat-1 1025550 - RHEL5 RPMs: Upgrade hibernate4-eap6 to 4.2.7.SP1-redhat-3 1025551 - RHEL5 RPMs: Upgrade picketbox to 4.0.19.SP2-redhat-1 1025552 - RHEL5 RPMs: Upgrade jboss-security-negotiation to 2.2.6.Final-redhat-1 1032135 - RHEL5 RPMs: Upgrade jboss-ejb-client to 1.0.24.Final-redhat-1 1032155 - RHEL5 RPMs: Upgrade jboss-genericjms to 1.0.1.Final-redhat-1 1032858 - RHEL5 RPMs: Upgrade ironjacamar-eap6 to 1.0.23.Final-redhat-1 6. Package List: Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/antlr-eap6-2.7.7-17.redhat_4.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/apache-commons-beanutils-1.8.3-13.redhat_6.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/apache-commons-cli-1.2-8.redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/apache-commons-configuration-1.6-8.redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/apache-commons-daemon-eap6-1.0.15-5.redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/apache-commons-pool-eap6-1.6-7.redhat_6.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/apache-cxf-2.7.7-1.redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/apache-cxf-xjc-utils-2.6.1-4.redhat_2.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/apache-mime4j-0.6-8.redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/atinject-eap6-1-5.redhat_4.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/dom4j-eap6-1.6.1-20.redhat_6.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/glassfish-jaxb-eap6-2.2.5-17.redhat_7.2.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/glassfish-jsf-eap6-2.1.19-2.3.redhat_2.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/glassfish-jsf12-eap6-1.2_15-5.b01_redhat_8.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/gnu-getopt-1.0.13-3.redhat_4.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/hibernate4-eap6-4.2.7-3.3.SP1_redhat_3.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/hornetq-2.3.12-1.Final_redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/hornetq-native-2.3.8-1.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/httpserver-1.0.1-4.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/infinispan-5.2.7-2.Final_redhat_2.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/ironjacamar-eap6-1.0.23-1.3.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jacorb-jboss-2.3.2-12.redhat_5.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jansi-1.9-5.redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/javassist-eap6-3.18.1-1.GA_redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jaxen-1.1.3-9.redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbosgi-metadata-2.2.0-2.Final_redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-aesh-0.33.8-1.redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-appclient-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-cli-7.3.0-5.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-client-all-7.3.0-7.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-clustering-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-cmp-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-configadmin-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-connector-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-console-2.0.6-1.Final_redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-controller-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-controller-client-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-core-security-7.3.0-7.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-deployment-repository-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-deployment-scanner-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-domain-http-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-domain-management-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-ee-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-ee-deployment-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-ejb3-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-embedded-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-host-controller-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-jacorb-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-jaxr-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-jaxrs-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-jdr-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-jmx-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-jpa-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-jsf-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-jsr77-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-logging-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-mail-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-management-client-content-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-messaging-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-modcluster-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-naming-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-network-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-osgi-7.3.0-7.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-osgi-configadmin-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-osgi-service-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-platform-mbean-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-pojo-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-process-controller-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-protocol-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-remoting-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-sar-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-security-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-server-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-system-jmx-7.3.0-7.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-threads-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-transactions-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-version-7.3.0-7.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-web-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-webservices-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-weld-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-xts-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-dmr-1.2.0-1.Final_redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-ejb-client-1.0.24-1.Final_redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-ejb3-ext-api-2.1.0-1.redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-genericjms-1.0.1-1.Final_redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-hal-2.0.6-1.Final_redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-jacc-api_1.4_spec-1.0.3-1.Final_redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-logmanager-1.5.1-1.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-marshalling-1.4.2-1.Final_redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-modules-1.3.0-2.Final_redhat_2.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-remoting3-3.2.18-1.GA_redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-remoting3-jmx-1.1.2-1.Final_redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-security-negotiation-2.2.6-2.Final_redhat_1.2.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-security-xacml-2.0.8-10.Final_redhat_5.2.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-threads-2.1.1-1.Final_redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-vfs2-3.2.2-1.Final_redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-weld-1.1-api-1.1-8.Final_redhat_4.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossas-appclient-7.3.0-8.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossas-bundles-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossas-core-7.3.0-7.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossas-domain-7.3.0-22.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossas-javadocs-7.3.0-14.Final_redhat_14.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossas-modules-eap-7.3.0-21.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossas-product-eap-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossas-standalone-7.3.0-7.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossas-welcome-content-eap-7.3.0-6.Final_redhat_14.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossts-4.17.15-4.Final_redhat_4.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossws-api-1.0.2-1.Final_redhat_1.2.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossws-common-2.2.3-1.Final_redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossws-common-tools-1.2.0-2.Final_redhat_2.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossws-cxf-4.2.3-1.Final_redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossws-native-4.1.2-1.Final_redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossws-spi-2.2.2-1.Final_redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jcip-annotations-eap6-1.0-5.redhat_6.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jdom-eap6-1.1.2-5.redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jettison-1.3.1-8.redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jgroups-3.2.12-1.Final_redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/juddi-3.1.3-4.redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/mod_cluster-1.2.6-2.Final_redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/mod_cluster-native-1.2.6-1.Final.redhat_1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/mod_jk-1.2.37-4.redhat_3.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/objectweb-asm-eap6-3.3.1-6.3.redhat_5.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/opensaml-2.5.3-3.redhat_2.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/openws-1.4.4-2.redhat_2.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/org.apache.felix.configadmin-1.2.8-7.redhat_4.2.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/org.apache.felix.log-1.0.0-6.redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/org.osgi-eap6-4.2.0-11.10.redhat_4.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/picketbox-4.0.19-1.SP2_redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/picketlink-federation-2.1.9-3.SP2_redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/resteasy-2.3.7-2.Final_redhat_2.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/scannotation-1.0.3-2.redhat_4.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/shrinkwrap-1.1.2-3.redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/slf4j-eap6-1.7.2-11.redhat_2.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/stilts-0.1.26-10.redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/sun-ws-metadata-2.0-api-1.0.MR1-16_MR1_redhat_6.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/velocity-eap6-1.7-4.redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/weld-cdi-1.0-api-1.0-9.SP4.redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/weld-core-1.1.16-3.Final_redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/ws-commons-XmlSchema-2.0.2-8.redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/ws-commons-neethi-3.0.2-6.redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/ws-scout-1.2.6-4.redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/wsdl4j-eap6-1.6.2-14.redhat_6.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/wss4j-1.6.12-1.redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/xerces-j2-eap6-2.9.1-16.redhat_5.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/xml-commons-resolver-eap6-1.2-16.redhat_9.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/xml-security-1.5.5-2.redhat_2.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/xmltooling-1.3.4-3.redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/xom-1.2.7-2.redhat_4.1.ep6.el5.src.rpm i386: hornetq-native-2.3.8-1.Final_redhat_1.ep6.el5.i386.rpm hornetq-native-debuginfo-2.3.8-1.Final_redhat_1.ep6.el5.i386.rpm jbossas-hornetq-native-2.3.8-1.Final_redhat_1.ep6.el5.i386.rpm mod_cluster-native-1.2.6-1.Final.redhat_1.ep6.el5.i386.rpm mod_cluster-native-debuginfo-1.2.6-1.Final.redhat_1.ep6.el5.i386.rpm mod_jk-ap22-1.2.37-4.redhat_3.ep6.el5.i386.rpm mod_jk-debuginfo-1.2.37-4.redhat_3.ep6.el5.i386.rpm noarch: antlr-eap6-2.7.7-17.redhat_4.1.ep6.el5.noarch.rpm apache-commons-beanutils-1.8.3-13.redhat_6.1.ep6.el5.noarch.rpm apache-commons-cli-1.2-8.redhat_3.1.ep6.el5.noarch.rpm apache-commons-configuration-1.6-8.redhat_3.1.ep6.el5.noarch.rpm apache-commons-daemon-eap6-1.0.15-5.redhat_1.ep6.el5.noarch.rpm apache-commons-pool-eap6-1.6-7.redhat_6.1.ep6.el5.noarch.rpm apache-cxf-2.7.7-1.redhat_1.1.ep6.el5.noarch.rpm apache-cxf-xjc-utils-2.6.1-4.redhat_2.1.ep6.el5.noarch.rpm apache-mime4j-0.6-8.redhat_3.1.ep6.el5.noarch.rpm atinject-eap6-1-5.redhat_4.1.ep6.el5.noarch.rpm cxf-xjc-boolean-2.6.1-4.redhat_2.1.ep6.el5.noarch.rpm cxf-xjc-dv-2.6.1-4.redhat_2.1.ep6.el5.noarch.rpm cxf-xjc-ts-2.6.1-4.redhat_2.1.ep6.el5.noarch.rpm dom4j-eap6-1.6.1-20.redhat_6.1.ep6.el5.noarch.rpm glassfish-jaxb-eap6-2.2.5-17.redhat_7.2.ep6.el5.noarch.rpm glassfish-jsf-eap6-2.1.19-2.3.redhat_2.ep6.el5.noarch.rpm glassfish-jsf12-eap6-1.2_15-5.b01_redhat_8.1.ep6.el5.noarch.rpm gnu-getopt-1.0.13-3.redhat_4.1.ep6.el5.noarch.rpm hibernate4-core-eap6-4.2.7-3.3.SP1_redhat_3.ep6.el5.noarch.rpm hibernate4-eap6-4.2.7-3.3.SP1_redhat_3.ep6.el5.noarch.rpm hibernate4-entitymanager-eap6-4.2.7-3.3.SP1_redhat_3.ep6.el5.noarch.rpm hibernate4-envers-eap6-4.2.7-3.3.SP1_redhat_3.ep6.el5.noarch.rpm hibernate4-infinispan-eap6-4.2.7-3.3.SP1_redhat_3.ep6.el5.noarch.rpm hornetq-2.3.12-1.Final_redhat_1.1.ep6.el5.noarch.rpm httpserver-1.0.1-4.Final_redhat_3.1.ep6.el5.noarch.rpm infinispan-5.2.7-2.Final_redhat_2.1.ep6.el5.noarch.rpm infinispan-cachestore-jdbc-5.2.7-2.Final_redhat_2.1.ep6.el5.noarch.rpm infinispan-cachestore-remote-5.2.7-2.Final_redhat_2.1.ep6.el5.noarch.rpm infinispan-client-hotrod-5.2.7-2.Final_redhat_2.1.ep6.el5.noarch.rpm infinispan-core-5.2.7-2.Final_redhat_2.1.ep6.el5.noarch.rpm ironjacamar-common-api-eap6-1.0.23-1.3.Final_redhat_1.ep6.el5.noarch.rpm ironjacamar-common-impl-eap6-1.0.23-1.3.Final_redhat_1.ep6.el5.noarch.rpm ironjacamar-common-spi-eap6-1.0.23-1.3.Final_redhat_1.ep6.el5.noarch.rpm ironjacamar-core-api-eap6-1.0.23-1.3.Final_redhat_1.ep6.el5.noarch.rpm ironjacamar-core-impl-eap6-1.0.23-1.3.Final_redhat_1.ep6.el5.noarch.rpm ironjacamar-deployers-common-eap6-1.0.23-1.3.Final_redhat_1.ep6.el5.noarch.rpm ironjacamar-eap6-1.0.23-1.3.Final_redhat_1.ep6.el5.noarch.rpm ironjacamar-jdbc-eap6-1.0.23-1.3.Final_redhat_1.ep6.el5.noarch.rpm ironjacamar-spec-api-eap6-1.0.23-1.3.Final_redhat_1.ep6.el5.noarch.rpm ironjacamar-validator-eap6-1.0.23-1.3.Final_redhat_1.ep6.el5.noarch.rpm jacorb-jboss-2.3.2-12.redhat_5.1.ep6.el5.noarch.rpm jansi-1.9-5.redhat_3.1.ep6.el5.noarch.rpm javassist-eap6-3.18.1-1.GA_redhat_1.1.ep6.el5.noarch.rpm jaxen-1.1.3-9.redhat_3.1.ep6.el5.noarch.rpm jbosgi-metadata-2.2.0-2.Final_redhat_1.1.ep6.el5.noarch.rpm jboss-aesh-0.33.8-1.redhat_1.1.ep6.el5.noarch.rpm jboss-as-appclient-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-cli-7.3.0-5.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-client-all-7.3.0-7.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-clustering-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-cmp-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-configadmin-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-connector-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-console-2.0.6-1.Final_redhat_1.1.ep6.el5.noarch.rpm jboss-as-controller-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-controller-client-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-core-security-7.3.0-7.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-deployment-repository-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-deployment-scanner-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-domain-http-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-domain-management-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-ee-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-ee-deployment-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-ejb3-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-embedded-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-host-controller-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-jacorb-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-jaxr-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-jaxrs-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-jdr-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-jmx-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-jpa-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-jsf-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-jsr77-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-logging-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-mail-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-management-client-content-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-messaging-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-modcluster-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-naming-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-network-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-osgi-7.3.0-7.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-osgi-configadmin-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-osgi-service-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-platform-mbean-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-pojo-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-process-controller-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-protocol-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-remoting-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-sar-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-security-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-server-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-system-jmx-7.3.0-7.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-threads-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-transactions-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-version-7.3.0-7.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-web-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-webservices-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-weld-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-as-xts-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jboss-dmr-1.2.0-1.Final_redhat_1.1.ep6.el5.noarch.rpm jboss-ejb-client-1.0.24-1.Final_redhat_1.1.ep6.el5.noarch.rpm jboss-ejb3-ext-api-2.1.0-1.redhat_1.1.ep6.el5.noarch.rpm jboss-genericjms-1.0.1-1.Final_redhat_1.1.ep6.el5.noarch.rpm jboss-hal-2.0.6-1.Final_redhat_1.1.ep6.el5.noarch.rpm jboss-jacc-api_1.4_spec-1.0.3-1.Final_redhat_1.1.ep6.el5.noarch.rpm jboss-logmanager-1.5.1-1.Final_redhat_1.ep6.el5.noarch.rpm jboss-marshalling-1.4.2-1.Final_redhat_1.1.ep6.el5.noarch.rpm jboss-modules-1.3.0-2.Final_redhat_2.1.ep6.el5.noarch.rpm jboss-remoting3-3.2.18-1.GA_redhat_1.1.ep6.el5.noarch.rpm jboss-remoting3-jmx-1.1.2-1.Final_redhat_1.1.ep6.el5.noarch.rpm jboss-security-negotiation-2.2.6-2.Final_redhat_1.2.ep6.el5.noarch.rpm jboss-security-xacml-2.0.8-10.Final_redhat_5.2.ep6.el5.noarch.rpm jboss-threads-2.1.1-1.Final_redhat_1.ep6.el5.noarch.rpm jboss-vfs2-3.2.2-1.Final_redhat_1.1.ep6.el5.noarch.rpm jboss-weld-1.1-api-1.1-8.Final_redhat_4.1.ep6.el5.noarch.rpm jbossas-appclient-7.3.0-8.Final_redhat_14.1.ep6.el5.noarch.rpm jbossas-bundles-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jbossas-core-7.3.0-7.Final_redhat_14.1.ep6.el5.noarch.rpm jbossas-domain-7.3.0-22.Final_redhat_14.1.ep6.el5.noarch.rpm jbossas-javadocs-7.3.0-14.Final_redhat_14.ep6.el5.noarch.rpm jbossas-modules-eap-7.3.0-21.Final_redhat_14.1.ep6.el5.noarch.rpm jbossas-product-eap-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jbossas-standalone-7.3.0-7.Final_redhat_14.1.ep6.el5.noarch.rpm jbossas-welcome-content-eap-7.3.0-6.Final_redhat_14.1.ep6.el5.noarch.rpm jbossts-4.17.15-4.Final_redhat_4.1.ep6.el5.noarch.rpm jbossws-api-1.0.2-1.Final_redhat_1.2.ep6.el5.noarch.rpm jbossws-common-2.2.3-1.Final_redhat_1.1.ep6.el5.noarch.rpm jbossws-common-tools-1.2.0-2.Final_redhat_2.1.ep6.el5.noarch.rpm jbossws-cxf-4.2.3-1.Final_redhat_1.1.ep6.el5.noarch.rpm jbossws-native-4.1.2-1.Final_redhat_1.1.ep6.el5.noarch.rpm jbossws-spi-2.2.2-1.Final_redhat_1.1.ep6.el5.noarch.rpm jcip-annotations-eap6-1.0-5.redhat_6.1.ep6.el5.noarch.rpm jdom-eap6-1.1.2-5.redhat_3.1.ep6.el5.noarch.rpm jettison-1.3.1-8.redhat_3.1.ep6.el5.noarch.rpm jgroups-3.2.12-1.Final_redhat_1.1.ep6.el5.noarch.rpm juddi-3.1.3-4.redhat_3.1.ep6.el5.noarch.rpm mod_cluster-1.2.6-2.Final_redhat_1.1.ep6.el5.noarch.rpm mod_cluster-demo-1.2.6-2.Final_redhat_1.1.ep6.el5.noarch.rpm objectweb-asm-eap6-3.3.1-6.3.redhat_5.ep6.el5.noarch.rpm opensaml-2.5.3-3.redhat_2.1.ep6.el5.noarch.rpm openws-1.4.4-2.redhat_2.1.ep6.el5.noarch.rpm org.apache.felix.configadmin-1.2.8-7.redhat_4.2.ep6.el5.noarch.rpm org.apache.felix.log-1.0.0-6.redhat_3.1.ep6.el5.noarch.rpm org.osgi.core-eap6-4.2.0-11.10.redhat_4.ep6.el5.noarch.rpm org.osgi.enterprise-eap6-4.2.0-11.10.redhat_4.ep6.el5.noarch.rpm picketbox-4.0.19-1.SP2_redhat_1.1.ep6.el5.noarch.rpm picketlink-federation-2.1.9-3.SP2_redhat_1.1.ep6.el5.noarch.rpm resteasy-2.3.7-2.Final_redhat_2.ep6.el5.noarch.rpm scannotation-1.0.3-2.redhat_4.ep6.el5.noarch.rpm shrinkwrap-api-1.1.2-3.redhat_1.1.ep6.el5.noarch.rpm shrinkwrap-impl-base-1.1.2-3.redhat_1.1.ep6.el5.noarch.rpm shrinkwrap-parent-1.1.2-3.redhat_1.1.ep6.el5.noarch.rpm shrinkwrap-spi-1.1.2-3.redhat_1.1.ep6.el5.noarch.rpm slf4j-1.7.2-11.redhat_2.1.ep6.el5.noarch.rpm slf4j-eap6-1.7.2-11.redhat_2.1.ep6.el5.noarch.rpm stilts-0.1.26-10.redhat_3.1.ep6.el5.noarch.rpm sun-ws-metadata-2.0-api-1.0.MR1-16_MR1_redhat_6.1.ep6.el5.noarch.rpm velocity-eap6-1.7-4.redhat_3.1.ep6.el5.noarch.rpm weld-cdi-1.0-api-1.0-9.SP4.redhat_3.1.ep6.el5.noarch.rpm weld-core-1.1.16-3.Final_redhat_1.1.ep6.el5.noarch.rpm ws-commons-XmlSchema-2.0.2-8.redhat_3.1.ep6.el5.noarch.rpm ws-commons-neethi-3.0.2-6.redhat_3.1.ep6.el5.noarch.rpm ws-scout-1.2.6-4.redhat_3.1.ep6.el5.noarch.rpm wsdl4j-eap6-1.6.2-14.redhat_6.1.ep6.el5.noarch.rpm wss4j-1.6.12-1.redhat_1.1.ep6.el5.noarch.rpm xerces-j2-eap6-2.9.1-16.redhat_5.1.ep6.el5.noarch.rpm xjc-utils-2.6.1-4.redhat_2.1.ep6.el5.noarch.rpm xml-commons-resolver-eap6-1.2-16.redhat_9.1.ep6.el5.noarch.rpm xml-security-1.5.5-2.redhat_2.1.ep6.el5.noarch.rpm xmltooling-1.3.4-3.redhat_1.1.ep6.el5.noarch.rpm xom-1.2.7-2.redhat_4.1.ep6.el5.noarch.rpm x86_64: hornetq-native-2.3.8-1.Final_redhat_1.ep6.el5.x86_64.rpm hornetq-native-debuginfo-2.3.8-1.Final_redhat_1.ep6.el5.x86_64.rpm jbossas-hornetq-native-2.3.8-1.Final_redhat_1.ep6.el5.x86_64.rpm mod_cluster-native-1.2.6-1.Final.redhat_1.ep6.el5.x86_64.rpm mod_cluster-native-debuginfo-1.2.6-1.Final.redhat_1.ep6.el5.x86_64.rpm mod_jk-ap22-1.2.37-4.redhat_3.ep6.el5.x86_64.rpm mod_jk-debuginfo-1.2.37-4.redhat_3.ep6.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-2035.html https://www.redhat.com/security/data/cve/CVE-2013-2133.html https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/6.2/html/6.2.0_Release_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSn3WmXlSAg2UNWIIRApMIAKCODktsIkKYjsQ/pKKqZjuHttBMWACgu32R vEHJBvgxAQloAvqiKP0tbRE= =tjNE -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 4 18:35:58 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 4 Dec 2013 18:35:58 +0000 Subject: [RHSA-2013:1786-01] Low: Red Hat JBoss Enterprise Application Platform 6.2.0 update Message-ID: <201312041835.rB4IZxr0023589@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat JBoss Enterprise Application Platform 6.2.0 update Advisory ID: RHSA-2013:1786-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1786.html Issue date: 2013-12-04 CVE Names: CVE-2013-2035 CVE-2013-2133 ===================================================================== 1. Summary: Updated Red Hat JBoss Enterprise Application Platform 6.2.0 packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server - i386, noarch, x86_64 3. Description: Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. The HawtJNI Library class wrote native libraries to a predictable file name in /tmp/ when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed. (CVE-2013-2035) A flaw was found in the way method-level authorization for JAX-WS Service endpoints was performed by the EJB invocation handler implementation. Any restrictions declared on EJB methods were ignored when executing the JAX-WS handlers, and only class-level restrictions were applied. A remote attacker who is authorized to access the EJB class, could invoke a JAX-WS handler which they were not authorized to invoke. (CVE-2013-2133) The CVE-2013-2035 issue was discovered by Florian Weimer of the Red Hat Product Security Team, and the CVE-2013-2133 issue was discovered by Richard Opalka and Arun Neelicattu of Red Hat. This release serves as a replacement for JBoss Enterprise Application Platform 6.1.1, and includes bug fixes and enhancements. Documentation for these changes will be available shortly from the JBoss Enterprise Application Platform 6.2.0 Release Notes, linked to in the References. All users of JBoss Enterprise Application Platform 6.1.1 on Red Hat Enterprise Linux 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Also, back up any customized Red Hat JBoss Enterprise Application Platform 6 configuration files. On update, the configuration files that have been locally modified will not be updated. The updated version of such files will be stored as the rpmnew files. Make sure to locate any such files after the update and merge any changes manually. For more details, refer to the JBoss Enterprise Application Platform 6.2.0 Release Notes, linked to in the References. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 958618 - CVE-2013-2035 HawtJNI: predictable temporary file name leading to local arbitrary code execution 969924 - CVE-2013-2133 JBoss WS: EJB3 role restrictions are not applied to jaxws handlers 996918 - RHEL 6 RPMs: Upgrade resteasy to 2.3.7.Final-redhat-2 1004035 - Upgrade jbossts to 4.17.15.Final-redhat-4 1004055 - RHEL 6 RPMs: Upgrade apache-cxf to 2.7.7.redhat-1 1004058 - RHEL 6 RPMs: Upgrade wss4j to 1.6.12.redhat-1 1004063 - RHEL 6 RPMs: Upgrade jboss-modules to 1.3.0.Final-redhat-1 1004067 - RHEL 6 RPMs: Upgrade jboss-remoting3-jmx to 1.1.2.Final-redhat-1 1004069 - RHEL 6 RPMs: Upgrade jbossws-cxf to 4.2.3.Final-redhat-1 1004071 - RHEL 6 RPMs: Upgrade jbossws-api to 1.0.2.Final-redhat-1 1004074 - RHEL6 RPMs: Upgrade jbossws-common to 2.2.3.Final-redhat-1 1004076 - RHEL 6 RPMs: Upgrade jbossws-common-tools to 1.2.0.Final-redhat-2 1004077 - RHEL6 RPMs: Upgrade jbossws-spi to 2.2.2.Final-redhat-1 1004078 - RHEL 6 RPMs: Upgrade jboss-dmr to 1.2.0.Final-redhat-1 1004079 - RHEL 6 RPMs: Upgrade opensaml to 2.5.3.redhat-1 1004082 - RHEL 6 RPMs: Upgrade xmltooling to 1.3.4.redhat-1 1004769 - RHEL 6 RPMs: Upgrade jgroups to 3.2.12.Final-redhat-1 1004772 - RHEL 6 RPMs: Upgrade jboss-threads to 2.1.1.Final-redhat-1 1004774 - RHEL 6 RPMs: Upgrade jboss-marshalling to 1.4.2.Final-redhat-1 1004776 - RHEL 6 RPMs: Upgrade jboss-logmanager to 1.5.1.Final-redhat-1 1004779 - RHEL 6 RPMs: Upgrade javassist-eap6 to 3.18.1.GA-redhat-1 1005859 - RHEL 6 RPMs: Upgrade jboss-aesh to 0.33.8.redhat-1 1005861 - RHEL 6 RPMs: Upgrade jboss-ejb3-ext-api to 2.1.0.redhat-1 1006489 - RHEL 6 RPMs: Upgrade hornetq to 2.3.12.Final-redhat-1 1009913 - RHEL 6 RPMs: Upgrade weld-core to 1.1.16.Final-redhat-1 1010051 - RHEL 6 RPMs: Upgrade jboss-vfs2 to 3.2.2.Final-redhat-1 1010052 - RHEL 6 RPMs: Upgrade mod_cluster to 1.2.6.Final-redhat-1 1010073 - RHEL 6 RPMs: Upgrade mod_cluster-native to 1.2.6.Final-redhat-1 1010808 - Upgrade jboss-as-console to 2.0.6.Final-redhat-1 1010809 - Upgrade jboss-hal to 2.0.6.Final-redhat-1 1011556 - RHEL 6 RPMs: Upgrade shrinkwrap to 1.1.2.redhat-1 1011589 - RHEL 6 RPMs: Upgrade openws to 1.4.4.redhat-2 1011666 - RHEL 6 RPMs: Upgrade hornetq-native to 2.3.8.Final-redhat-1 1018553 - Upgrade jboss-remoting3 to 3.2.18.GA-redhat-1 1019912 - RHEL6 RPMs: Upgrade picketlink-federation to 2.1.9.Final-redhat-1 1021668 - RHEL6 RPMs: Upgrade scannotation to 1.0.3.redhat-4 1022848 - RHEL6 RPMs: Upgrade jbossws-native to 4.1.2.Final-redhat-1 1023181 - RHEL6 RPMs: Upgrade jboss-jacc-api_1.4_spec to 1.0.3.Final-redhat-1 1023219 - RHEL6 RPMs: Upgrade hibernate4-eap6 to 4.2.7.SP1-redhat-3 1023464 - RHEL6 RPMs: Upgrade picketbox to 4.0.19.SP2-redhat-1 1023475 - RHEL6 RPMs: Upgrade jboss-security-negotiation to 2.2.6.Final-redhat-1 1025282 - RHEL6 RPMs: Upgrade jbossas-javadocs to 7.3.0-3.Final_redhat_14 1026393 - RHEL6 RPMs: Upgrade jboss-ejb-client to 1.0.24.Final-redhat-1 1032152 - RHEL6 RPMs: Upgrade jboss-genericjms to 1.0.1.Final-redhat-1 1032816 - RHEL6 RPMs: Upgrade ironjacamar-eap6 to 1.0.23.Final-redhat-1 6. Package List: Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/antlr-eap6-2.7.7-17.redhat_4.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/apache-commons-beanutils-1.8.3-13.redhat_6.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/apache-commons-cli-1.2-8.redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/apache-commons-configuration-1.6-8.redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/apache-commons-daemon-eap6-1.0.15-5.redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/apache-commons-pool-eap6-1.6-7.redhat_6.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/apache-cxf-2.7.7-1.redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/apache-cxf-xjc-utils-2.6.1-4.redhat_2.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/apache-mime4j-0.6-8.redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/atinject-eap6-1-5.redhat_4.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/dom4j-eap6-1.6.1-20.redhat_6.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/glassfish-jaxb-eap6-2.2.5-17.redhat_7.2.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/glassfish-jsf-eap6-2.1.19-2.3.redhat_2.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/glassfish-jsf12-eap6-1.2_15-5.b01_redhat_8.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/gnu-getopt-1.0.13-3.redhat_4.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/hibernate4-eap6-4.2.7-3.3.SP1_redhat_3.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/hornetq-2.3.12-1.Final_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/hornetq-native-2.3.8-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/httpserver-1.0.1-4.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/infinispan-5.2.7-2.Final_redhat_2.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/ironjacamar-eap6-1.0.23-1.3.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jacorb-jboss-2.3.2-12.redhat_5.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jansi-1.9-5.redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/javassist-eap6-3.18.1-1.GA_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jaxen-1.1.3-9.redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbosgi-metadata-2.2.0-2.Final_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-aesh-0.33.8-1.redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-appclient-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-cli-7.3.0-5.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-client-all-7.3.0-7.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-clustering-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-cmp-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-configadmin-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-connector-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-console-2.0.6-1.Final_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-controller-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-controller-client-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-core-security-7.3.0-7.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-deployment-repository-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-deployment-scanner-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-domain-http-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-domain-management-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-ee-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-ee-deployment-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-ejb3-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-embedded-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-host-controller-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jacorb-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jaxr-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jaxrs-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jdr-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jmx-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jpa-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jsf-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jsr77-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-logging-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-mail-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-management-client-content-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-messaging-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-modcluster-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-naming-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-network-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-osgi-7.3.0-7.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-osgi-configadmin-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-osgi-service-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-platform-mbean-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-pojo-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-process-controller-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-protocol-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-remoting-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-sar-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-security-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-server-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-system-jmx-7.3.0-7.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-threads-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-transactions-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-version-7.3.0-7.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-web-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-webservices-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-weld-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-xts-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-dmr-1.2.0-1.Final_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-ejb-client-1.0.24-1.Final_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-ejb3-ext-api-2.1.0-1.redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-genericjms-1.0.1-1.Final_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-hal-2.0.6-1.Final_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-jacc-api_1.4_spec-1.0.3-1.Final_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-logmanager-1.5.1-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-marshalling-1.4.2-1.Final_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-modules-1.3.0-2.Final_redhat_2.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-remoting3-3.2.18-1.GA_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-remoting3-jmx-1.1.2-1.Final_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-security-negotiation-2.2.6-2.Final_redhat_1.2.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-threads-2.1.1-1.Final_redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-vfs2-3.2.2-1.Final_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-weld-1.1-api-1.1-8.Final_redhat_4.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-appclient-7.3.0-8.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-bundles-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-core-7.3.0-7.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-domain-7.3.0-22.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-modules-eap-7.3.0-21.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-product-eap-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-standalone-7.3.0-7.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-welcome-content-eap-7.3.0-6.Final_redhat_14.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossts-4.17.15-4.Final_redhat_4.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossws-api-1.0.2-1.Final_redhat_1.2.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossws-common-2.2.3-1.Final_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossws-common-tools-1.2.0-2.Final_redhat_2.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossws-cxf-4.2.3-1.Final_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossws-native-4.1.2-1.Final_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossws-spi-2.2.2-1.Final_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jcip-annotations-eap6-1.0-5.redhat_6.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jdom-eap6-1.1.2-5.redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jettison-1.3.1-8.redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jgroups-3.2.12-1.Final_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/juddi-3.1.3-4.redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/mod_cluster-1.2.6-2.Final_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/mod_cluster-native-1.2.6-1.Final.redhat_1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/mod_jk-1.2.37-4.redhat_3.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/objectweb-asm-eap6-3.3.1-6.3.redhat_5.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/opensaml-2.5.3-3.redhat_2.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/openws-1.4.4-2.redhat_2.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/org.apache.felix.configadmin-1.2.8-7.redhat_4.2.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/org.apache.felix.log-1.0.0-6.redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/org.osgi-eap6-4.2.0-11.10.redhat_4.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/picketbox-4.0.19-1.SP2_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/picketlink-federation-2.1.9-3.SP2_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/resteasy-2.3.7-2.Final_redhat_2.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/scannotation-1.0.3-2.redhat_4.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/shrinkwrap-1.1.2-3.redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/slf4j-eap6-1.7.2-11.redhat_2.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/stilts-0.1.26-10.redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/sun-ws-metadata-2.0-api-1.0.MR1-16_MR1_redhat_6.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/velocity-eap6-1.7-4.redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/weld-cdi-1.0-api-1.0-9.SP4.redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/weld-core-1.1.16-3.Final_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/ws-commons-XmlSchema-2.0.2-8.redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/ws-commons-neethi-3.0.2-6.redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/ws-scout-1.2.6-4.redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/wsdl4j-eap6-1.6.2-14.redhat_6.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/wss4j-1.6.12-1.redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/xerces-j2-eap6-2.9.1-16.redhat_5.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/xml-commons-resolver-eap6-1.2-16.redhat_9.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/xml-security-1.5.5-2.redhat_2.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/xmltooling-1.3.4-3.redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/xom-1.2.7-2.redhat_4.1.ep6.el6.src.rpm i386: hornetq-native-2.3.8-1.Final_redhat_1.ep6.el6.i386.rpm hornetq-native-debuginfo-2.3.8-1.Final_redhat_1.ep6.el6.i386.rpm jbossas-hornetq-native-2.3.8-1.Final_redhat_1.ep6.el6.i386.rpm mod_cluster-native-1.2.6-1.Final.redhat_1.ep6.el6.i386.rpm mod_cluster-native-debuginfo-1.2.6-1.Final.redhat_1.ep6.el6.i386.rpm mod_jk-ap22-1.2.37-4.redhat_3.ep6.el6.i386.rpm mod_jk-debuginfo-1.2.37-4.redhat_3.ep6.el6.i386.rpm noarch: antlr-eap6-2.7.7-17.redhat_4.1.ep6.el6.noarch.rpm apache-commons-beanutils-1.8.3-13.redhat_6.1.ep6.el6.noarch.rpm apache-commons-cli-1.2-8.redhat_3.1.ep6.el6.noarch.rpm apache-commons-configuration-1.6-8.redhat_3.1.ep6.el6.noarch.rpm apache-commons-daemon-eap6-1.0.15-5.redhat_1.ep6.el6.noarch.rpm apache-commons-pool-eap6-1.6-7.redhat_6.1.ep6.el6.noarch.rpm apache-cxf-2.7.7-1.redhat_1.1.ep6.el6.noarch.rpm apache-cxf-xjc-utils-2.6.1-4.redhat_2.1.ep6.el6.noarch.rpm apache-mime4j-0.6-8.redhat_3.1.ep6.el6.noarch.rpm atinject-eap6-1-5.redhat_4.1.ep6.el6.noarch.rpm cxf-xjc-boolean-2.6.1-4.redhat_2.1.ep6.el6.noarch.rpm cxf-xjc-dv-2.6.1-4.redhat_2.1.ep6.el6.noarch.rpm cxf-xjc-ts-2.6.1-4.redhat_2.1.ep6.el6.noarch.rpm dom4j-eap6-1.6.1-20.redhat_6.1.ep6.el6.noarch.rpm glassfish-jaxb-eap6-2.2.5-17.redhat_7.2.ep6.el6.noarch.rpm glassfish-jsf-eap6-2.1.19-2.3.redhat_2.ep6.el6.noarch.rpm glassfish-jsf12-eap6-1.2_15-5.b01_redhat_8.1.ep6.el6.noarch.rpm gnu-getopt-1.0.13-3.redhat_4.1.ep6.el6.noarch.rpm hibernate4-core-eap6-4.2.7-3.3.SP1_redhat_3.ep6.el6.noarch.rpm hibernate4-eap6-4.2.7-3.3.SP1_redhat_3.ep6.el6.noarch.rpm hibernate4-entitymanager-eap6-4.2.7-3.3.SP1_redhat_3.ep6.el6.noarch.rpm hibernate4-envers-eap6-4.2.7-3.3.SP1_redhat_3.ep6.el6.noarch.rpm hibernate4-infinispan-eap6-4.2.7-3.3.SP1_redhat_3.ep6.el6.noarch.rpm hornetq-2.3.12-1.Final_redhat_1.1.ep6.el6.noarch.rpm httpserver-1.0.1-4.Final_redhat_3.1.ep6.el6.noarch.rpm infinispan-5.2.7-2.Final_redhat_2.1.ep6.el6.noarch.rpm infinispan-cachestore-jdbc-5.2.7-2.Final_redhat_2.1.ep6.el6.noarch.rpm infinispan-cachestore-remote-5.2.7-2.Final_redhat_2.1.ep6.el6.noarch.rpm infinispan-client-hotrod-5.2.7-2.Final_redhat_2.1.ep6.el6.noarch.rpm infinispan-core-5.2.7-2.Final_redhat_2.1.ep6.el6.noarch.rpm ironjacamar-common-api-eap6-1.0.23-1.3.Final_redhat_1.ep6.el6.noarch.rpm ironjacamar-common-impl-eap6-1.0.23-1.3.Final_redhat_1.ep6.el6.noarch.rpm ironjacamar-common-spi-eap6-1.0.23-1.3.Final_redhat_1.ep6.el6.noarch.rpm ironjacamar-core-api-eap6-1.0.23-1.3.Final_redhat_1.ep6.el6.noarch.rpm ironjacamar-core-impl-eap6-1.0.23-1.3.Final_redhat_1.ep6.el6.noarch.rpm ironjacamar-deployers-common-eap6-1.0.23-1.3.Final_redhat_1.ep6.el6.noarch.rpm ironjacamar-eap6-1.0.23-1.3.Final_redhat_1.ep6.el6.noarch.rpm ironjacamar-jdbc-eap6-1.0.23-1.3.Final_redhat_1.ep6.el6.noarch.rpm ironjacamar-spec-api-eap6-1.0.23-1.3.Final_redhat_1.ep6.el6.noarch.rpm ironjacamar-validator-eap6-1.0.23-1.3.Final_redhat_1.ep6.el6.noarch.rpm jacorb-jboss-2.3.2-12.redhat_5.1.ep6.el6.noarch.rpm jansi-1.9-5.redhat_3.1.ep6.el6.noarch.rpm javassist-eap6-3.18.1-1.GA_redhat_1.1.ep6.el6.noarch.rpm jaxen-1.1.3-9.redhat_3.1.ep6.el6.noarch.rpm jbosgi-metadata-2.2.0-2.Final_redhat_1.1.ep6.el6.noarch.rpm jboss-aesh-0.33.8-1.redhat_1.1.ep6.el6.noarch.rpm jboss-as-appclient-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-cli-7.3.0-5.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-client-all-7.3.0-7.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-clustering-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-cmp-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-configadmin-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-connector-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-console-2.0.6-1.Final_redhat_1.1.ep6.el6.noarch.rpm jboss-as-controller-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-controller-client-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-core-security-7.3.0-7.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-deployment-repository-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-deployment-scanner-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-domain-http-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-domain-management-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-ee-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-ee-deployment-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-ejb3-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-embedded-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-host-controller-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-jacorb-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-jaxr-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-jaxrs-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-jdr-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-jmx-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-jpa-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-jsf-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-jsr77-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-logging-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-mail-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-management-client-content-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-messaging-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-modcluster-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-naming-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-network-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-osgi-7.3.0-7.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-osgi-configadmin-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-osgi-service-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-platform-mbean-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-pojo-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-process-controller-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-protocol-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-remoting-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-sar-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-security-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-server-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-system-jmx-7.3.0-7.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-threads-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-transactions-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-version-7.3.0-7.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-web-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-webservices-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-weld-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-as-xts-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jboss-dmr-1.2.0-1.Final_redhat_1.1.ep6.el6.noarch.rpm jboss-ejb-client-1.0.24-1.Final_redhat_1.1.ep6.el6.noarch.rpm jboss-ejb3-ext-api-2.1.0-1.redhat_1.1.ep6.el6.noarch.rpm jboss-genericjms-1.0.1-1.Final_redhat_1.1.ep6.el6.noarch.rpm jboss-hal-2.0.6-1.Final_redhat_1.1.ep6.el6.noarch.rpm jboss-jacc-api_1.4_spec-1.0.3-1.Final_redhat_1.1.ep6.el6.noarch.rpm jboss-logmanager-1.5.1-1.Final_redhat_1.ep6.el6.noarch.rpm jboss-marshalling-1.4.2-1.Final_redhat_1.1.ep6.el6.noarch.rpm jboss-modules-1.3.0-2.Final_redhat_2.1.ep6.el6.noarch.rpm jboss-remoting3-3.2.18-1.GA_redhat_1.1.ep6.el6.noarch.rpm jboss-remoting3-jmx-1.1.2-1.Final_redhat_1.1.ep6.el6.noarch.rpm jboss-security-negotiation-2.2.6-2.Final_redhat_1.2.ep6.el6.noarch.rpm jboss-threads-2.1.1-1.Final_redhat_1.ep6.el6.noarch.rpm jboss-vfs2-3.2.2-1.Final_redhat_1.1.ep6.el6.noarch.rpm jboss-weld-1.1-api-1.1-8.Final_redhat_4.1.ep6.el6.noarch.rpm jbossas-appclient-7.3.0-8.Final_redhat_14.1.ep6.el6.noarch.rpm jbossas-bundles-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jbossas-core-7.3.0-7.Final_redhat_14.1.ep6.el6.noarch.rpm jbossas-domain-7.3.0-22.Final_redhat_14.1.ep6.el6.noarch.rpm jbossas-modules-eap-7.3.0-21.Final_redhat_14.1.ep6.el6.noarch.rpm jbossas-product-eap-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jbossas-standalone-7.3.0-7.Final_redhat_14.1.ep6.el6.noarch.rpm jbossas-welcome-content-eap-7.3.0-6.Final_redhat_14.1.ep6.el6.noarch.rpm jbossts-4.17.15-4.Final_redhat_4.1.ep6.el6.noarch.rpm jbossws-api-1.0.2-1.Final_redhat_1.2.ep6.el6.noarch.rpm jbossws-common-2.2.3-1.Final_redhat_1.1.ep6.el6.noarch.rpm jbossws-common-tools-1.2.0-2.Final_redhat_2.1.ep6.el6.noarch.rpm jbossws-cxf-4.2.3-1.Final_redhat_1.1.ep6.el6.noarch.rpm jbossws-native-4.1.2-1.Final_redhat_1.1.ep6.el6.noarch.rpm jbossws-spi-2.2.2-1.Final_redhat_1.1.ep6.el6.noarch.rpm jcip-annotations-eap6-1.0-5.redhat_6.1.ep6.el6.noarch.rpm jdom-eap6-1.1.2-5.redhat_3.1.ep6.el6.noarch.rpm jettison-1.3.1-8.redhat_3.1.ep6.el6.noarch.rpm jgroups-3.2.12-1.Final_redhat_1.1.ep6.el6.noarch.rpm juddi-3.1.3-4.redhat_3.1.ep6.el6.noarch.rpm mod_cluster-1.2.6-2.Final_redhat_1.1.ep6.el6.noarch.rpm mod_cluster-demo-1.2.6-2.Final_redhat_1.1.ep6.el6.noarch.rpm objectweb-asm-eap6-3.3.1-6.3.redhat_5.ep6.el6.noarch.rpm opensaml-2.5.3-3.redhat_2.1.ep6.el6.noarch.rpm openws-1.4.4-2.redhat_2.1.ep6.el6.noarch.rpm org.apache.felix.configadmin-1.2.8-7.redhat_4.2.ep6.el6.noarch.rpm org.apache.felix.log-1.0.0-6.redhat_3.1.ep6.el6.noarch.rpm org.osgi.core-eap6-4.2.0-11.10.redhat_4.ep6.el6.noarch.rpm org.osgi.enterprise-eap6-4.2.0-11.10.redhat_4.ep6.el6.noarch.rpm picketbox-4.0.19-1.SP2_redhat_1.1.ep6.el6.noarch.rpm picketlink-federation-2.1.9-3.SP2_redhat_1.1.ep6.el6.noarch.rpm resteasy-2.3.7-2.Final_redhat_2.ep6.el6.noarch.rpm scannotation-1.0.3-2.redhat_4.ep6.el6.noarch.rpm shrinkwrap-api-1.1.2-3.redhat_1.1.ep6.el6.noarch.rpm shrinkwrap-impl-base-1.1.2-3.redhat_1.1.ep6.el6.noarch.rpm shrinkwrap-parent-1.1.2-3.redhat_1.1.ep6.el6.noarch.rpm shrinkwrap-spi-1.1.2-3.redhat_1.1.ep6.el6.noarch.rpm slf4j-eap6-1.7.2-11.redhat_2.1.ep6.el6.noarch.rpm stilts-0.1.26-10.redhat_3.1.ep6.el6.noarch.rpm sun-ws-metadata-2.0-api-1.0.MR1-16_MR1_redhat_6.1.ep6.el6.noarch.rpm velocity-eap6-1.7-4.redhat_3.1.ep6.el6.noarch.rpm weld-cdi-1.0-api-1.0-9.SP4.redhat_3.1.ep6.el6.noarch.rpm weld-core-1.1.16-3.Final_redhat_1.1.ep6.el6.noarch.rpm ws-commons-XmlSchema-2.0.2-8.redhat_3.1.ep6.el6.noarch.rpm ws-commons-neethi-3.0.2-6.redhat_3.1.ep6.el6.noarch.rpm ws-scout-1.2.6-4.redhat_3.1.ep6.el6.noarch.rpm wsdl4j-eap6-1.6.2-14.redhat_6.1.ep6.el6.noarch.rpm wss4j-1.6.12-1.redhat_1.1.ep6.el6.noarch.rpm xerces-j2-eap6-2.9.1-16.redhat_5.1.ep6.el6.noarch.rpm xjc-utils-2.6.1-4.redhat_2.1.ep6.el6.noarch.rpm xml-commons-resolver-eap6-1.2-16.redhat_9.1.ep6.el6.noarch.rpm xml-security-1.5.5-2.redhat_2.1.ep6.el6.noarch.rpm xmltooling-1.3.4-3.redhat_1.1.ep6.el6.noarch.rpm xom-1.2.7-2.redhat_4.1.ep6.el6.noarch.rpm x86_64: hornetq-native-2.3.8-1.Final_redhat_1.ep6.el6.x86_64.rpm hornetq-native-debuginfo-2.3.8-1.Final_redhat_1.ep6.el6.x86_64.rpm jbossas-hornetq-native-2.3.8-1.Final_redhat_1.ep6.el6.x86_64.rpm mod_cluster-native-1.2.6-1.Final.redhat_1.ep6.el6.x86_64.rpm mod_cluster-native-debuginfo-1.2.6-1.Final.redhat_1.ep6.el6.x86_64.rpm mod_jk-ap22-1.2.37-4.redhat_3.ep6.el6.x86_64.rpm mod_jk-debuginfo-1.2.37-4.redhat_3.ep6.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-2035.html https://www.redhat.com/security/data/cve/CVE-2013-2133.html https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/6.2/html/6.2.0_Release_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSn3X3XlSAg2UNWIIRAqcJAJ474XQsP+z1K92YmQkx1QcIu9yhQgCfXbii s7HetNPDR7VLHUgW44zjFE8= =GnLD -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Dec 16 18:48:12 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 16 Dec 2013 18:48:12 +0000 Subject: [RHSA-2013:1843-01] Moderate: Red Hat JBoss Portal 6.1.0 security update Message-ID: <201312161848.rBGImDnv003372@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Portal 6.1.0 security update Advisory ID: RHSA-2013:1843-01 Product: Red Hat JBoss Portal Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1843.html Issue date: 2013-12-16 CVE Names: CVE-2013-4424 ===================================================================== 1. Summary: An update for the GateIn Portal component in Red Hat JBoss Portal 6.1.0 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Description: Red Hat JBoss Portal is the open source implementation of the Java EE suite of services and Portal services running atop Red Hat JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Middleware components that have been tested and certified together to provide an integrated experience. Multiple cross-site scripting (XSS) flaws were found in the GateIn Portal component. If a remote attacker could trick a user, who was logged into the GateIn Portal interface, into visiting a specially crafted URL, it would lead to arbitrary web script execution in the context of the user's GateIn Portal session. (CVE-2013-4424) Red Hat would like to thank Cloud Technology Development Department, Ricoh Company, Ltd. for reporting this issue. All users of Red Hat JBoss Portal 6.1.0 as provided from the Red Hat Customer Portal are advised to install this update. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up all applications deployed on Red Hat JBoss Portal, along with all customized configuration files, and any databases and database settings. Note that it is recommended to halt the JBoss Portal server by stopping the JBoss Application Server process before installing this update, and then after installing the update, restart the JBoss Portal server by starting the JBoss Application Server process. 4. Bugs fixed (https://bugzilla.redhat.com/): 1019052 - CVE-2013-4424 GateIn: XSS due to improper url escaping 5. References: https://www.redhat.com/security/data/cve/CVE-2013-4424.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jbportal&downloadType=securityPatches&version=6.1.0 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSr0rdXlSAg2UNWIIRAi7WAJ4/iWjuTIeLU+itHM20BGDSFte2yACgm/FN 4nY49zBG25qBD319obxFy60= =Ib3Z -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Dec 16 18:49:02 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 16 Dec 2013 18:49:02 +0000 Subject: [RHSA-2013:1844-01] Important: Red Hat JBoss Web Framework Kit 2.4.0 update Message-ID: <201312161849.rBGIn3FS019422@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Web Framework Kit 2.4.0 update Advisory ID: RHSA-2013:1844-01 Product: Red Hat JBoss Web Framework Kit Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1844.html Issue date: 2013-12-16 CVE Names: CVE-2012-6612 CVE-2013-6397 CVE-2013-6407 CVE-2013-6408 ===================================================================== 1. Summary: An update for the solr-core component of Red Hat JBoss Web Framework Kit 2.4.0 that fixes multiple security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Description: Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. The Apache Solr component is an open-source search server based on the Lucene Java search library. It was found that the SolrResourceLoader class in Apache Solr allowed loading of resources via absolute paths, or relative paths which were not sanitized for directory traversal. Some Solr components expose REST interfaces which load resources (XSL style sheets and Velocity templates) via SolrResourceLoader, using paths identified by REST parameters. A remote attacker could use this flaw to load arbitrary local files on the server via SolrResourceLoader, potentially resulting in information disclosure or remote code execution. (CVE-2013-6397) It was found that the XML and XSLT UpdateRequestHandler classes in Apache Solr would resolve external entities, allowing an attacker to conduct XML External Entity (XXE) attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. (CVE-2012-6612, CVE-2013-6407) It was found that the DocumentAnalysisRequestHandler class in Apache Solr would resolve external entities, allowing an attacker to conduct XXE attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. (CVE-2013-6408) All users of Red Hat JBoss Web Framework Kit 2.4.0 as provided from the Red Hat Customer Portal are advised to apply this update. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying this update, back up your existing installation of Red Hat JBoss Web Framework Kit. The JBoss server process must be restarted for this update to take effect. 4. Bugs fixed (https://bugzilla.redhat.com/): 1035062 - CVE-2013-6397 Apache Solr: directory traversal when loading XSL stylesheets and Velocity templates 1035981 - CVE-2012-6612 CVE-2013-6407 Apache Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler 1035985 - CVE-2013-6408 Apache Solr: XML eXternal Entity (XXE) flaw in DocumentAnalysisRequestHandler 5. References: https://www.redhat.com/security/data/cve/CVE-2012-6612.html https://www.redhat.com/security/data/cve/CVE-2013-6397.html https://www.redhat.com/security/data/cve/CVE-2013-6407.html https://www.redhat.com/security/data/cve/CVE-2013-6408.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=web.framework.kit&downloadType=securityPatches&version=2.4.0 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSr0sCXlSAg2UNWIIRAm81AJwOh+KZhUtBmUUD+Zr0G0DMB3eIngCglEtY /l1L3Y/WsCgx4bWB4x4CZmc= =0m1B -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 17 18:44:43 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 17 Dec 2013 18:44:43 +0000 Subject: [RHSA-2013:1853-01] Moderate: Red Hat JBoss Operations Network 3.2.0 update Message-ID: <201312171844.rBHIihZr012760@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Operations Network 3.2.0 update Advisory ID: RHSA-2013:1853-01 Product: Red Hat JBoss Operations Network Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1853.html Issue date: 2013-12-17 CVE Names: CVE-2012-4431 CVE-2012-5783 CVE-2013-2172 ===================================================================== 1. Summary: Red Hat JBoss Operations Network 3.2.0, which fixes multiple security issues and several bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Description: Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.2.0 release serves as a replacement for JBoss Operations Network 3.1.2, and includes several bug fixes. Refer to the JBoss Operations Network 3.2.0 Release Notes for information on the most significant of these changes. The Release Notes will be available shortly from https://access.redhat.com/site/documentation/ The following security issues are also fixed with this release: It was found that sending a request without a session identifier to a protected resource could bypass the Cross-Site Request Forgery (CSRF) prevention filter. A remote attacker could use this flaw to perform CSRF attacks against applications that rely on the CSRF prevention filter and do not contain internal mitigation for CSRF. (CVE-2012-4431) The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name (CN) or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. (CVE-2012-5783) A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially crafted XML signature block. (CVE-2013-2172) Warning: Before applying the update, back up your existing JBoss Operations Network installation (including its databases, applications, configuration files, the JBoss Operations Network server's file system directory, and so on). All users of JBoss Operations Network 3.1.2 as provided from the Red Hat Customer Portal are advised to upgrade to JBoss Operations Network 3.2.0. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying this update, back up your existing JBoss Operations Network installation (including its databases, applications, configuration files, the JBoss Operations Network server's file system directory, and so on). Refer to the JBoss Operations Network 3.2.0 Release Notes for installation information. 4. Bugs fixed (https://bugzilla.redhat.com/): 873317 - CVE-2012-5783 jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name 883636 - CVE-2012-4431 Tomcat/JBoss Web - Bypass of CSRF prevention filter 999263 - CVE-2013-2172 Apache Santuario XML Security for Java: XML signature spoofing 5. References: https://www.redhat.com/security/data/cve/CVE-2012-4431.html https://www.redhat.com/security/data/cve/CVE-2012-5783.html https://www.redhat.com/security/data/cve/CVE-2013-2172.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=em&version=3.2.0 https://access.redhat.com/site/documentation/Red_Hat_JBoss_Operations_Network/ 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSsJt6XlSAg2UNWIIRAgT4AJsEssf6ZUKsoj2006wnCK31fy62mACgsA8C PrhMTDKgCdKC8ox+FoNoesM= =e2Tr -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Dec 19 23:41:02 2013 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 Dec 2013 23:41:02 +0000 Subject: [RHSA-2013:1862-01] Important: Fuse ESB Enterprise/Fuse MQ Enterprise 7.1.0 update Message-ID: <201312192341.rBJNf3hQ007602@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Fuse ESB Enterprise/Fuse MQ Enterprise 7.1.0 update Advisory ID: RHSA-2013:1862-01 Product: Fuse Enterprise Middleware Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1862.html Issue date: 2013-12-19 CVE Names: CVE-2013-1768 CVE-2013-4221 CVE-2013-4271 CVE-2013-4330 CVE-2013-4372 ===================================================================== 1. Summary: Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P1 (Patch 1 on Rollup Patch 1), which contains several bug fixes and addresses several security issues, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Description: Fuse ESB Enterprise is an integration platform based on Apache ServiceMix. Fuse MQ Enterprise, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This release of Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P1 is an update to Fuse ESB Enterprise 7.1.0 and Fuse MQ Enterprise 7.1.0. It includes bug fixes. Refer to the readme file included with the patch files for information about the bug fixes. The following security issues are also fixed with this release: A flaw was found in the logging performed during deserialization of the BrokerFactory class in Apache OpenJPA. A remote attacker able to supply a serialized instance of the BrokerFactory class, which will be deserialized on a server, could use this flaw to write an executable file to the server's file system. (CVE-2013-1768) Restlet applications, which used ObjectRepresentation to map HTTP request data directly to an object, deserialized arbitrary user-provided XML using XMLDecoder. XMLDecoder deserialized an attacker-provided definition of a class and executed its methods. A remote attacker could use this flaw to perform remote code execution in the context of the server running the Restlet application. (CVE-2013-4221) A flaw was found in the way Restlet handled deserialization. Restlet applications, which used ObjectRepresentation to map HTTP request data directly to an object, deserialized arbitrary user-provided serialized data. A remote attacker could use this flaw to trigger the execution of the deserialization methods in any serializable class deployed on the server. This could lead to a variety of security impacts depending on the deserialization logic of these classes. (CVE-2013-4271) A flaw was found in Apache Camel's parsing of the FILE_NAME header. A remote attacker able to submit messages to a Camel route, which would write the provided message to a file, could provide expression language (EL) expressions in the FILE_NAME header, which would be evaluated on the server. This could lead to arbitrary remote code execution in the context of the Camel server process. (CVE-2013-4330) Multiple stored cross-site scripting (XSS) flaws were found in the Fuse Management Console. A remote attacker could use this flaw to perform an XSS attack against other users of the Fuse Management Console. (CVE-2013-4372) The CVE-2013-4271 issue was discovered by David Jorm of the Red Hat Security Response Team. All users of Fuse ESB Enterprise/MQ Enterprise 7.1.0 as provided from the Red Hat Customer Portal are advised to upgrade to Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P1. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 984034 - CVE-2013-1768 openjpa: Remote arbitrary code execution by creating a serialized object and leveraging improperly secured server programs 995275 - CVE-2013-4221 Restlet: remote code execution due to insecure XML deserialization 999735 - CVE-2013-4271 Restlet: remote code execution due to insecure deserialization 1011726 - CVE-2013-4330 Camel: remote code execution via header field manipulation 1011736 - CVE-2013-4372 Fuse Management Console: Stored cross-site scripting (XSS) 5. References: https://www.redhat.com/security/data/cve/CVE-2013-1768.html https://www.redhat.com/security/data/cve/CVE-2013-4221.html https://www.redhat.com/security/data/cve/CVE-2013-4271.html https://www.redhat.com/security/data/cve/CVE-2013-4330.html https://www.redhat.com/security/data/cve/CVE-2013-4372.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=fuse.esb.enterprise&downloadType=securityPatches&version=7.1.0 https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=fuse.mq.enterprise&downloadType=securityPatches&version=7.1.0 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSs4OAXlSAg2UNWIIRAo8jAJ9UPehPbrPh9Rwta5l8FAWxOR6qfwCeKd+H VvNFcXWzlgfzq8KyZq9SvuY= =VQ4p -----END PGP SIGNATURE-----