From bugzilla at redhat.com Thu May 1 20:35:17 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 1 May 2014 20:35:17 +0000 Subject: [RHSA-2014:0462-01] Moderate: Red Hat JBoss Web Framework Kit 2.5.0 security update Message-ID: <201405012035.s41KZHTu015990@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Web Framework Kit 2.5.0 security update Advisory ID: RHSA-2014:0462-01 Product: Red Hat JBoss Web Framework Kit Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0462.html Issue date: 2014-05-01 CVE Names: CVE-2014-0149 ===================================================================== 1. Summary: An update for the seam-remoting component of Red Hat JBoss Web Framework Kit 2.5.0 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Description: Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. The JBoss Seam Remoting component provides a convenient method for remotely accessing Seam components from a web page, using AJAX (Asynchronous JavaScript and XML). It was found that JBoss Seam response envelopes included unsanitized parameter and ID names provided in the request. This allowed a request to inject arbitrary XML into the response. A remote attacker could use this flaw to perform reflected cross-site scripting (XSS) attacks, provided the JBoss Seam remoting application did not use any cross-site request forgery (CSRF) protection. (CVE-2014-0149) All users of Red Hat JBoss Web Framework Kit 2.5.0 as provided from the Red Hat Customer Portal are advised to apply this update. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying this update, back up your existing installation of Red Hat JBoss Web Framework Kit. The JBoss server process must be restarted for this update to take effect. 4. Bugs fixed (https://bugzilla.redhat.com/): 1078646 - CVE-2014-0149 JBoss Seam: XSS flaw in remoting 5. References: https://www.redhat.com/security/data/cve/CVE-2014-0149.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=web.framework.kit&downloadType=securityPatches&version=2.5.0 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTYq/bXlSAg2UNWIIRAu1TAJ9cldYrLDob0iXXwOFcCmXMzYuAuQCfWs9z 6kjy9uEIQ+l3HpsxD27mtrg= =ssUn -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 6 18:08:10 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 6 May 2014 18:08:10 +0000 Subject: [RHSA-2014:0473-01] Moderate: Red Hat JBoss Operations Network 3.2.1 update Message-ID: <201405061808.s46I8Amm028817@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Operations Network 3.2.1 update Advisory ID: RHSA-2014:0473-01 Product: Red Hat JBoss Operations Network Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0473.html Issue date: 2014-05-06 CVE Names: CVE-2013-4517 CVE-2014-0050 ===================================================================== 1. Summary: Red Hat JBoss Operations Network 3.2.1, which fixes two security issues and several bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Description: Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.2.1 release serves as a replacement for JBoss Operations Network 3.2.0, and includes several bug fixes. Refer to the release description, available from the Customer Portal for this update, for a list of these changes. The following security issues are also fixed with this release: It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions (DTDs) to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service. (CVE-2013-4517) A denial of service flaw was found in the way Apache Commons FileUpload, which is embedded in the JBoss Web component of JBoss Operations Network as well as provided as a standalone component, handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing JBoss Web or Apache Commons FileUpload itself to enter an infinite loop when processing such an incoming request. (CVE-2014-0050) All users of JBoss Operations Network 3.2.0 as provided from the Red Hat Customer Portal are advised to upgrade to JBoss Operations Network 3.2.1. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying this update, back up your existing JBoss Operations Network installation (including its databases, applications, configuration files, the JBoss Operations Network server's file system directory, and so on). Refer to the "Manual Instructions" section of the release description, available from the Customer Portal for this update, for installation information. 4. Bugs fixed (https://bugzilla.redhat.com/): 1045257 - CVE-2013-4517 Apache Santuario XML Security for Java: Java XML Signature DoS Attack 1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream 5. References: https://www.redhat.com/security/data/cve/CVE-2013-4517.html https://www.redhat.com/security/data/cve/CVE-2014-0050.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=em&downloadType=securityPatches&version=3.2.0 https://access.redhat.com/site/documentation/Red_Hat_JBoss_Operations_Network/ 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTaSTvXlSAg2UNWIIRAvwdAJ0XiafROehaRLCJiOTiTYvvgI5f4ACZAX1F y/yBMqec+swuBwU4tdAA5Gs= =8xvI -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 14 18:39:11 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 14 May 2014 18:39:11 +0000 Subject: [RHSA-2014:0497-01] Important: Red Hat JBoss Fuse 6.1.0 security update Message-ID: <201405141839.s4EIdBCk003757@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Fuse 6.1.0 security update Advisory ID: RHSA-2014:0497-01 Product: Red Hat JBoss Fuse Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0497.html Issue date: 2014-05-14 CVE Names: CVE-2014-0114 ===================================================================== 1. Summary: Red Hat JBoss Fuse 6.1.0 Patch 1, a security update that addresses one security issue, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Description: Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions. (CVE-2014-0114) Refer to the readme.txt file included with the patch files for installation instructions. All users of Red Hat JBoss Fuse 6.1.0 as provided from the Red Hat Customer Portal are advised to apply this security update. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1091938 - CVE-2014-0114 Apache Struts 1: Class Loader manipulation via request parameters 5. References: https://www.redhat.com/security/data/cve/CVE-2014-0114.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=securityPatches&version=6.1.0 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTc7gtXlSAg2UNWIIRAr7cAJ9zJ3uqGVLEEney+gk6nhCGJ50PIgCfa7iV 8U92NLXYlBTNpH4tE6VvPCA= =UW0c -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 14 18:41:28 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 14 May 2014 18:41:28 +0000 Subject: [RHSA-2014:0498-01] Important: Fuse ESB Enterprise 7.1.0 security update Message-ID: <201405141841.s4EIfSSX015907@int-mx01.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Fuse ESB Enterprise 7.1.0 security update Advisory ID: RHSA-2014:0498-01 Product: Fuse Enterprise Middleware Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0498.html Issue date: 2014-05-14 CVE Names: CVE-2014-0114 ===================================================================== 1. Summary: Fuse ESB Enterprise 7.1.0 R1 P4 (Patch 4 on Rollup Patch 1), a security update that addresses one security issue, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Description: Fuse ESB Enterprise is an integration platform based on Apache ServiceMix. It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions. (CVE-2014-0114) Refer to the readme.txt file included with the patch files for installation instructions. All users of Fuse ESB Enterprise 7.1.0 as provided from the Red Hat Customer Portal are advised to apply this security update. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1091938 - CVE-2014-0114 Apache Struts 1: Class Loader manipulation via request parameters 5. References: https://www.redhat.com/security/data/cve/CVE-2014-0114.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=fuse.esb.enterprise&downloadType=securityPatches&version=7.1.0 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTc7htXlSAg2UNWIIRAtEjAJ42Q72A3+z4BA2MCJI8i0qyTvdSrgCeJitA e2zBKDmixb/nax84cDhcYLo= =d5S2 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 15 17:27:02 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 15 May 2014 17:27:02 +0000 Subject: [RHSA-2014:0511-01] Important: Red Hat JBoss Operations Network 3.2.1 security update Message-ID: <201405151727.s4FHR21O002822@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Operations Network 3.2.1 security update Advisory ID: RHSA-2014:0511-01 Product: Red Hat JBoss Operations Network Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0511.html Issue date: 2014-05-15 CVE Names: CVE-2013-4286 CVE-2014-0114 ===================================================================== 1. Summary: An update for Red Hat JBoss Operations Network 3.2.1, which fixes two security issues, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Description: Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. Apache Struts is a framework for building web applications with Java. It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions. (CVE-2014-0114) It was found that when JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, JBoss Web would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting (XSS) attacks, or obtain sensitive information from other requests. (CVE-2013-4286) All users of JBoss Operations Network 3.2.1 as provided from the Red Hat Customer Portal are advised to apply this update. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying this update, back up your existing JBoss Operations Network installation (including its databases, applications, configuration files, the JBoss Operations Network server's file system directory, and so on). Refer to the "Manual Instructions" section of the release description, available from the Customer Portal for this update, for installation information. 4. Bugs fixed (https://bugzilla.redhat.com/): 1069921 - CVE-2013-4286 tomcat: multiple content-length header poisoning flaws 1091938 - CVE-2014-0114 Apache Struts 1: Class Loader manipulation via request parameters 5. References: https://www.redhat.com/security/data/cve/CVE-2013-4286.html https://www.redhat.com/security/data/cve/CVE-2014-0114.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=em&version=3.2.0 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTdPiJXlSAg2UNWIIRAm+fAKCd/qzvq+1/sytD+ZBrWziUmx6f0ACfS8Pk KBO8RCF4ogjaH3eldMgU18c= =rGlu -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 21 15:57:34 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 May 2014 15:57:34 +0000 Subject: [RHSA-2014:0527-01] Moderate: Red Hat JBoss Web Server 2.0.1 tomcat7 security update Message-ID: <201405211557.s4LFvZkP001933@int-mx02.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Web Server 2.0.1 tomcat7 security update Advisory ID: RHSA-2014:0527-01 Product: Red Hat JBoss Web Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0527.html Issue date: 2014-05-21 CVE Names: CVE-2013-4286 CVE-2013-4322 CVE-2014-0050 ===================================================================== 1. Summary: An update for the Apache Tomcat 7 component for Red Hat JBoss Web Server 2.0.1 that fixes three security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting (XSS) attacks, or obtain sensitive information from other requests. (CVE-2013-4286) It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by Tomcat, could consume network bandwidth, CPU, and memory on the Tomcat server. Note that chunked transfer encoding is enabled by default. (CVE-2013-4322) A denial of service flaw was found in the way Apache Commons FileUpload, which is embedded in Tomcat, handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing Tomcat to enter an infinite loop when processing such an incoming request. (CVE-2014-0050) All users of Red Hat JBoss Web Server 2.0.1 as provided from the Red Hat Customer Portal are advised to apply this update. The Red Hat JBoss Web Server process must be restarted for the update to take effect. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). 4. Bugs fixed (https://bugzilla.redhat.com/): 1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream 1069905 - CVE-2013-4322 tomcat: incomplete fix for CVE-2012-3544 1069921 - CVE-2013-4286 tomcat: multiple content-length header poisoning flaws 5. References: https://www.redhat.com/security/data/cve/CVE-2013-4286.html https://www.redhat.com/security/data/cve/CVE-2013-4322.html https://www.redhat.com/security/data/cve/CVE-2014-0050.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver&downloadType=securityPatches&version=2.0.1 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTfMy8XlSAg2UNWIIRAlwPAJ96C5VnKFsN7UA0Gydrs/N2LQYU7QCgn9cd cMwDpIsQmbDFohJKdNqEwjw= =mK7b -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 21 15:59:13 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 May 2014 15:59:13 +0000 Subject: [RHSA-2014:0528-01] Moderate: Red Hat JBoss Web Server 2.0.1 tomcat6 security update Message-ID: <201405211559.s4LFxERw011472@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Web Server 2.0.1 tomcat6 security update Advisory ID: RHSA-2014:0528-01 Product: Red Hat JBoss Web Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0528.html Issue date: 2014-05-21 CVE Names: CVE-2013-4286 CVE-2013-4322 CVE-2014-0033 CVE-2014-0050 ===================================================================== 1. Summary: An update for the Apache Tomcat 6 component for Red Hat JBoss Web Server 2.0.1 that fixes multiple security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting (XSS) attacks, or obtain sensitive information from other requests. (CVE-2013-4286) It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by Tomcat, could consume network bandwidth, CPU, and memory on the Tomcat server. Note that chunked transfer encoding is enabled by default. (CVE-2013-4322) It was found that previous fixes in Tomcat 6 to path parameter handling introduced a regression that caused Tomcat to not properly disable URL rewriting to track session IDs when the disableURLRewriting option was enabled. A man-in-the-middle attacker could potentially use this flaw to hijack a user's session. (CVE-2014-0033) A denial of service flaw was found in the way Apache Commons FileUpload, which is embedded in Tomcat, handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing Tomcat to enter an infinite loop when processing such an incoming request. (CVE-2014-0050) All users of Red Hat JBoss Web Server 2.0.1 as provided from the Red Hat Customer Portal are advised to apply this update. The Red Hat JBoss Web Server process must be restarted for the update to take effect. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). 4. Bugs fixed (https://bugzilla.redhat.com/): 1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream 1069905 - CVE-2013-4322 tomcat: incomplete fix for CVE-2012-3544 1069919 - CVE-2014-0033 tomcat: session fixation still possible with disableURLRewriting enabled 1069921 - CVE-2013-4286 tomcat: multiple content-length header poisoning flaws 5. References: https://www.redhat.com/security/data/cve/CVE-2013-4286.html https://www.redhat.com/security/data/cve/CVE-2013-4322.html https://www.redhat.com/security/data/cve/CVE-2014-0033.html https://www.redhat.com/security/data/cve/CVE-2014-0050.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver&downloadType=securityPatches&version=2.0.1 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTfM0KXlSAg2UNWIIRAoPWAKCgPhodiRsBNzqUEgeAqYNR23jJoQCdE9Pc yTAHdyMRz8MF178giWA/JOw= =1R72 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 21 16:00:40 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 May 2014 16:00:40 +0000 Subject: [RHSA-2014:0525-01] Moderate: Red Hat JBoss Web Server 2.0.1 tomcat6 security update Message-ID: <201405211600.s4LG0eZj007579@int-mx13.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Web Server 2.0.1 tomcat6 security update Advisory ID: RHSA-2014:0525-01 Product: Red Hat JBoss Web Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0525.html Issue date: 2014-05-21 CVE Names: CVE-2013-4286 CVE-2013-4322 CVE-2014-0033 CVE-2014-0050 ===================================================================== 1. Summary: Updated tomcat6 packages that fix multiple security issues are now available for Red Hat JBoss Web Server 2.0.1 on Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat JBoss Web Server 2 for RHEL 5 Server - noarch Red Hat JBoss Web Server 2 for RHEL 6 Server - noarch 3. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting (XSS) attacks, or obtain sensitive information from other requests. (CVE-2013-4286) It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by Tomcat, could consume network bandwidth, CPU, and memory on the Tomcat server. Note that chunked transfer encoding is enabled by default. (CVE-2013-4322) It was found that previous fixes in Tomcat 6 to path parameter handling introduced a regression that caused Tomcat to not properly disable URL rewriting to track session IDs when the disableURLRewriting option was enabled. A man-in-the-middle attacker could potentially use this flaw to hijack a user's session. (CVE-2014-0033) A denial of service flaw was found in the way Apache Commons FileUpload, which is embedded in Tomcat, handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing Tomcat to enter an infinite loop when processing such an incoming request. (CVE-2014-0050) All users of Red Hat JBoss Web Server 2.0.1 are advised to upgrade to these updated tomcat6 packages, which contain backported patches to correct these issues. The Red Hat JBoss Web Server process must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied, and back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream 1069905 - CVE-2013-4322 tomcat: incomplete fix for CVE-2012-3544 1069919 - CVE-2014-0033 tomcat: session fixation still possible with disableURLRewriting enabled 1069921 - CVE-2013-4286 tomcat: multiple content-length header poisoning flaws 6. Package List: Red Hat JBoss Web Server 2 for RHEL 5 Server: Source: tomcat6-6.0.37-19_patch_04.ep6.el5.src.rpm noarch: tomcat6-6.0.37-19_patch_04.ep6.el5.noarch.rpm tomcat6-admin-webapps-6.0.37-19_patch_04.ep6.el5.noarch.rpm tomcat6-docs-webapp-6.0.37-19_patch_04.ep6.el5.noarch.rpm tomcat6-el-2.1-api-6.0.37-19_patch_04.ep6.el5.noarch.rpm tomcat6-javadoc-6.0.37-19_patch_04.ep6.el5.noarch.rpm tomcat6-jsp-2.1-api-6.0.37-19_patch_04.ep6.el5.noarch.rpm tomcat6-lib-6.0.37-19_patch_04.ep6.el5.noarch.rpm tomcat6-log4j-6.0.37-19_patch_04.ep6.el5.noarch.rpm tomcat6-servlet-2.5-api-6.0.37-19_patch_04.ep6.el5.noarch.rpm tomcat6-webapps-6.0.37-19_patch_04.ep6.el5.noarch.rpm Red Hat JBoss Web Server 2 for RHEL 6 Server: Source: tomcat6-6.0.37-27_patch_04.ep6.el6.src.rpm noarch: tomcat6-6.0.37-27_patch_04.ep6.el6.noarch.rpm tomcat6-admin-webapps-6.0.37-27_patch_04.ep6.el6.noarch.rpm tomcat6-docs-webapp-6.0.37-27_patch_04.ep6.el6.noarch.rpm tomcat6-el-2.1-api-6.0.37-27_patch_04.ep6.el6.noarch.rpm tomcat6-javadoc-6.0.37-27_patch_04.ep6.el6.noarch.rpm tomcat6-jsp-2.1-api-6.0.37-27_patch_04.ep6.el6.noarch.rpm tomcat6-lib-6.0.37-27_patch_04.ep6.el6.noarch.rpm tomcat6-log4j-6.0.37-27_patch_04.ep6.el6.noarch.rpm tomcat6-servlet-2.5-api-6.0.37-27_patch_04.ep6.el6.noarch.rpm tomcat6-webapps-6.0.37-27_patch_04.ep6.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4286.html https://www.redhat.com/security/data/cve/CVE-2013-4322.html https://www.redhat.com/security/data/cve/CVE-2014-0033.html https://www.redhat.com/security/data/cve/CVE-2014-0050.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTfM11XlSAg2UNWIIRAu+wAJ0fzaiIR3ermpp3x4rg6aZdbHgPpQCgtcF0 VB8MW2xoMf2SnTa9ojXcRXs= =5SWT -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 21 16:07:14 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 May 2014 16:07:14 +0000 Subject: [RHSA-2014:0526-01] Moderate: Red Hat JBoss Web Server 2.0.1 tomcat7 security update Message-ID: <201405211607.s4LG7FfJ000328@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Web Server 2.0.1 tomcat7 security update Advisory ID: RHSA-2014:0526-01 Product: Red Hat JBoss Web Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0526.html Issue date: 2014-05-21 CVE Names: CVE-2013-4286 CVE-2013-4322 CVE-2014-0050 ===================================================================== 1. Summary: Updated tomcat7 packages that fix three security issues are now available for Red Hat JBoss Web Server 2.0.1 on Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat JBoss Web Server 2 for RHEL 5 Server - noarch Red Hat JBoss Web Server 2 for RHEL 6 Server - noarch 3. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting (XSS) attacks, or obtain sensitive information from other requests. (CVE-2013-4286) It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by Tomcat, could consume network bandwidth, CPU, and memory on the Tomcat server. Note that chunked transfer encoding is enabled by default. (CVE-2013-4322) A denial of service flaw was found in the way Apache Commons FileUpload, which is embedded in Tomcat, handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing Tomcat to enter an infinite loop when processing such an incoming request. (CVE-2014-0050) All users of Red Hat JBoss Web Server 2.0.1 are advised to upgrade to these updated tomcat7 packages, which contain backported patches to correct these issues. The Red Hat JBoss Web Server process must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied, and back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream 1069905 - CVE-2013-4322 tomcat: incomplete fix for CVE-2012-3544 1069921 - CVE-2013-4286 tomcat: multiple content-length header poisoning flaws 6. Package List: Red Hat JBoss Web Server 2 for RHEL 5 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEWS/SRPMS/tomcat7-7.0.40-13_patch_02.ep6.el5.src.rpm noarch: tomcat7-7.0.40-13_patch_02.ep6.el5.noarch.rpm tomcat7-admin-webapps-7.0.40-13_patch_02.ep6.el5.noarch.rpm tomcat7-docs-webapp-7.0.40-13_patch_02.ep6.el5.noarch.rpm tomcat7-el-2.2-api-7.0.40-13_patch_02.ep6.el5.noarch.rpm tomcat7-javadoc-7.0.40-13_patch_02.ep6.el5.noarch.rpm tomcat7-jsp-2.2-api-7.0.40-13_patch_02.ep6.el5.noarch.rpm tomcat7-lib-7.0.40-13_patch_02.ep6.el5.noarch.rpm tomcat7-log4j-7.0.40-13_patch_02.ep6.el5.noarch.rpm tomcat7-servlet-3.0-api-7.0.40-13_patch_02.ep6.el5.noarch.rpm tomcat7-webapps-7.0.40-13_patch_02.ep6.el5.noarch.rpm Red Hat JBoss Web Server 2 for RHEL 6 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEWS/SRPMS/tomcat7-7.0.40-9_patch_02.ep6.el6.src.rpm noarch: tomcat7-7.0.40-9_patch_02.ep6.el6.noarch.rpm tomcat7-admin-webapps-7.0.40-9_patch_02.ep6.el6.noarch.rpm tomcat7-docs-webapp-7.0.40-9_patch_02.ep6.el6.noarch.rpm tomcat7-el-2.2-api-7.0.40-9_patch_02.ep6.el6.noarch.rpm tomcat7-javadoc-7.0.40-9_patch_02.ep6.el6.noarch.rpm tomcat7-jsp-2.2-api-7.0.40-9_patch_02.ep6.el6.noarch.rpm tomcat7-lib-7.0.40-9_patch_02.ep6.el6.noarch.rpm tomcat7-log4j-7.0.40-9_patch_02.ep6.el6.noarch.rpm tomcat7-servlet-3.0-api-7.0.40-9_patch_02.ep6.el6.noarch.rpm tomcat7-webapps-7.0.40-9_patch_02.ep6.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4286.html https://www.redhat.com/security/data/cve/CVE-2013-4322.html https://www.redhat.com/security/data/cve/CVE-2014-0050.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTfM8oXlSAg2UNWIIRAkwzAJ9Ugd7MKnd6ZLC3+hK5NtBRg0292ACgkGL+ wSf9bL0naDEU48vQQ2RkWv0= =gOeb -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 27 23:52:38 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 27 May 2014 23:52:38 +0000 Subject: [RHSA-2014:0563-01] Low: Red Hat JBoss Enterprise Application Platform 6.2.3 update Message-ID: <201405272352.s4RNqe7O004794@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat JBoss Enterprise Application Platform 6.2.3 update Advisory ID: RHSA-2014:0563-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0563.html Issue date: 2014-05-27 CVE Names: CVE-2014-0059 ===================================================================== 1. Summary: Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.2.3 and fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6 Server - noarch 3. Description: Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in the audit.log file. (CVE-2014-0059) This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.2.2, and includes bug fixes and enhancements. Documentation for these changes will be available shortly from the Red Hat JBoss Enterprise Application Platform 6.2.3 Release Notes, linked to in the References. All users of Red Hat JBoss Enterprise Application Platform 6.2 on Red Hat Enterprise Linux 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Also, back up any customized Red Hat JBoss Enterprise Application Platform 6 configuration files. On update, the configuration files that have been locally modified will not be updated. The updated version of such files will be stored as the rpmnew files. Make sure to locate any such files after the update and merge any changes manually. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1063642 - CVE-2014-0059 JBossSX/PicketBox: World readable audit.log file 1079995 - Tracker bug for the EAP 6.2.3 release for RHEL-6. 1080087 - RHEL6 RPMs: Upgrade jboss-jstl-api_1.2_spec to 1.0.5.Final-redhat-2 1088633 - RHEL6 RPMs: Upgrade glassfish-jsf-eap6 to 2.1.28.redhat-3 1088635 - RHEL6 RPMs: Upgrade jboss-jsf-api_2.1_spec to 2.1.28.Final-redhat-1 1088638 - RHEL6 RPMs: Upgrade log4j-jboss-logmanager to 1.1.0.Final-redhat-2 1088643 - RHEL6 RPMs: Upgrade jboss-security-negotiation to 2.2.8.Final-redhat-1 1088991 - RHEL6 RPMs: Upgrade hibernate4-eap6 to 4.2.7.SP4-redhat-1 1090194 - RHEL6 RPMs: Upgrade hornetq to 2.3.14.1.Final-redhat-1 1090197 - RHEL6 RPMs: Upgrade weld-core to 1.1.17.SP2-redhat-1 1090199 - RHEL6 RPMs: Upgrade ironjacamar-eap6 to 1.0.23.1.Final-redhat-1 1090950 - RHEL6 RPMs: Upgrade resteasy to 2.3.7.1.Final_redhat_1 1091435 - RHEL6 RPMs: Upgrade jbossas-javadocs to 7.3.3.Final-redhat-3 6. Package List: Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/glassfish-jsf-eap6-2.1.28-2.redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/glassfish-jsf12-eap6-1.2_15-7.b01_redhat_11.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/hibernate4-eap6-4.2.7-8.SP4_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/hornetq-2.3.14.1-1.Final_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/ironjacamar-eap6-1.0.23.1-1.Final_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-appclient-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-cli-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-client-all-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-clustering-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-cmp-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-configadmin-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-connector-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-controller-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-controller-client-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-core-security-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-deployment-repository-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-deployment-scanner-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-domain-http-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-domain-management-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-ee-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-ee-deployment-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-ejb3-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-embedded-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-host-controller-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jacorb-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jaxr-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jaxrs-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jdr-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jmx-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jpa-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jsf-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jsr77-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-logging-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-mail-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-management-client-content-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-messaging-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-modcluster-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-naming-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-network-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-osgi-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-osgi-configadmin-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-osgi-service-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-platform-mbean-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-pojo-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-process-controller-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-protocol-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-remoting-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-sar-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-security-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-server-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-system-jmx-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-threads-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-transactions-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-version-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-web-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-webservices-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-weld-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-xts-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-jsf-api_2.1_spec-2.1.28-3.Final_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-jstl-api_1.2_spec-1.0.5-2.Final_redhat_2.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-security-negotiation-2.2.8-1.Final_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-weld-1.1-api-1.1-9.Final_redhat_5.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-appclient-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-bundles-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-core-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-domain-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-javadocs-7.3.3-3.Final_redhat_3.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-modules-eap-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-product-eap-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-standalone-7.3.3-3.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-welcome-content-eap-7.3.3-4.Final_redhat_3.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/log4j-jboss-logmanager-1.1.0-2.Final_redhat_2.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/picketbox-4.0.19-6.SP6_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/picketlink-federation-2.1.9-4.SP3_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/resteasy-2.3.7.1-1.Final_redhat_1.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/weld-cdi-1.0-api-1.0-10.SP4_redhat_4.1.ep6.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/weld-core-1.1.17-3.SP2_redhat_1.1.ep6.el6.src.rpm noarch: glassfish-jsf-eap6-2.1.28-2.redhat_3.1.ep6.el6.noarch.rpm glassfish-jsf12-eap6-1.2_15-7.b01_redhat_11.1.ep6.el6.noarch.rpm hibernate4-core-eap6-4.2.7-8.SP4_redhat_1.1.ep6.el6.noarch.rpm hibernate4-eap6-4.2.7-8.SP4_redhat_1.1.ep6.el6.noarch.rpm hibernate4-entitymanager-eap6-4.2.7-8.SP4_redhat_1.1.ep6.el6.noarch.rpm hibernate4-envers-eap6-4.2.7-8.SP4_redhat_1.1.ep6.el6.noarch.rpm hibernate4-infinispan-eap6-4.2.7-8.SP4_redhat_1.1.ep6.el6.noarch.rpm hornetq-2.3.14.1-1.Final_redhat_1.1.ep6.el6.noarch.rpm ironjacamar-common-api-eap6-1.0.23.1-1.Final_redhat_1.1.ep6.el6.noarch.rpm ironjacamar-common-impl-eap6-1.0.23.1-1.Final_redhat_1.1.ep6.el6.noarch.rpm ironjacamar-common-spi-eap6-1.0.23.1-1.Final_redhat_1.1.ep6.el6.noarch.rpm ironjacamar-core-api-eap6-1.0.23.1-1.Final_redhat_1.1.ep6.el6.noarch.rpm ironjacamar-core-impl-eap6-1.0.23.1-1.Final_redhat_1.1.ep6.el6.noarch.rpm ironjacamar-deployers-common-eap6-1.0.23.1-1.Final_redhat_1.1.ep6.el6.noarch.rpm ironjacamar-eap6-1.0.23.1-1.Final_redhat_1.1.ep6.el6.noarch.rpm ironjacamar-jdbc-eap6-1.0.23.1-1.Final_redhat_1.1.ep6.el6.noarch.rpm ironjacamar-spec-api-eap6-1.0.23.1-1.Final_redhat_1.1.ep6.el6.noarch.rpm ironjacamar-validator-eap6-1.0.23.1-1.Final_redhat_1.1.ep6.el6.noarch.rpm jboss-as-appclient-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-cli-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-client-all-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-clustering-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-cmp-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-configadmin-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-connector-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-controller-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-controller-client-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-core-security-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-deployment-repository-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-deployment-scanner-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-domain-http-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-domain-management-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-ee-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-ee-deployment-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-ejb3-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-embedded-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-host-controller-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-jacorb-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-jaxr-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-jaxrs-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-jdr-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-jmx-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-jpa-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-jsf-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-jsr77-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-logging-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-mail-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-management-client-content-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-messaging-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-modcluster-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-naming-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-network-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-osgi-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-osgi-configadmin-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-osgi-service-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-platform-mbean-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-pojo-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-process-controller-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-protocol-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-remoting-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-sar-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-security-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-server-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-system-jmx-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-threads-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-transactions-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-version-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-web-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-webservices-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-weld-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-as-xts-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jboss-jsf-api_2.1_spec-2.1.28-3.Final_redhat_1.1.ep6.el6.noarch.rpm jboss-jstl-api_1.2_spec-1.0.5-2.Final_redhat_2.1.ep6.el6.noarch.rpm jboss-security-negotiation-2.2.8-1.Final_redhat_1.1.ep6.el6.noarch.rpm jboss-weld-1.1-api-1.1-9.Final_redhat_5.1.ep6.el6.noarch.rpm jbossas-appclient-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jbossas-bundles-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jbossas-core-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jbossas-domain-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jbossas-javadocs-7.3.3-3.Final_redhat_3.ep6.el6.noarch.rpm jbossas-modules-eap-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jbossas-product-eap-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jbossas-standalone-7.3.3-3.Final_redhat_3.1.ep6.el6.noarch.rpm jbossas-welcome-content-eap-7.3.3-4.Final_redhat_3.1.ep6.el6.noarch.rpm log4j-jboss-logmanager-1.1.0-2.Final_redhat_2.1.ep6.el6.noarch.rpm picketbox-4.0.19-6.SP6_redhat_1.1.ep6.el6.noarch.rpm picketlink-federation-2.1.9-4.SP3_redhat_1.1.ep6.el6.noarch.rpm resteasy-2.3.7.1-1.Final_redhat_1.1.ep6.el6.noarch.rpm weld-cdi-1.0-api-1.0-10.SP4_redhat_4.1.ep6.el6.noarch.rpm weld-core-1.1.17-3.SP2_redhat_1.1.ep6.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0059.html https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/6.2/html-single/6.2.3_Release_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFThSUcXlSAg2UNWIIRAnTIAJ0bAoraPRXp5MKIuIEJbaSUbyEiQwCgtWuq p0cEni3rEiCe1iLT2VLl8mE= =qL9T -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 28 00:03:17 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 28 May 2014 00:03:17 +0000 Subject: [RHSA-2014:0564-01] Low: Red Hat JBoss Enterprise Application Platform 6.2.3 update Message-ID: <201405280003.s4S03IMj020730@int-mx10.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat JBoss Enterprise Application Platform 6.2.3 update Advisory ID: RHSA-2014:0564-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0564.html Issue date: 2014-05-27 CVE Names: CVE-2014-0059 ===================================================================== 1. Summary: Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.2.3 and fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5 Server - noarch 3. Description: Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in the audit.log file. (CVE-2014-0059) This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.2.2, and includes bug fixes and enhancements. Documentation for these changes will be available shortly from the Red Hat JBoss Enterprise Application Platform 6.2.3 Release Notes, linked to in the References. All users of Red Hat JBoss Enterprise Application Platform 6.2 on Red Hat Enterprise Linux 5 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Also, back up any customized Red Hat JBoss Enterprise Application Platform 6 configuration files. On update, the configuration files that have been locally modified will not be updated. The updated version of such files will be stored as the rpmnew files. Make sure to locate any such files after the update and merge any changes manually. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1063642 - CVE-2014-0059 JBossSX/PicketBox: World readable audit.log file 1079997 - Tracker bug for the EAP 6.2.3 release for RHEL-5. 1080088 - RHEL5 RPMs: Upgrade jboss-jstl-api_1.2_spec to 1.0.5.Final-redhat-2 1088634 - RHEL5 RPMs: Upgrade glassfish-jsf-eap6 to 2.1.28.redhat-3 1088636 - RHEL5 RPMs: Upgrade jboss-jsf-api_2.1_spec to 2.1.28.Final-redhat-1 1088639 - RHEL5 RPMs: Upgrade log4j-jboss-logmanager to 1.1.0.Final-redhat-2 1088644 - RHEL5 RPMs: Upgrade jboss-security-negotiation to 2.2.8.Final-redhat-1 1088992 - RHEL5 RPMs: Upgrade hibernate4-eap6 to 4.2.7.SP4-redhat-1 1090195 - RHEL5 RPMs: Upgrade hornetq to 2.3.14.1.Final-redhat-1 1090198 - RHEL5 RPMs: Upgrade weld-core to 1.1.17.SP2-redhat-1 1090200 - RHEL5 RPMs: Upgrade ironjacamar-eap6 to 1.0.23.1.Final-redhat-1 1090951 - RHEL5 RPMs: Upgrade resteasy to 2.3.7.1.Final_redhat_1 1091436 - RHEL5 RPMs: Upgrade jbossas-javadocs to 7.3.3.Final-redhat-3 6. Package List: Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/glassfish-jsf-eap6-2.1.28-2.redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/glassfish-jsf12-eap6-1.2_15-7.b01_redhat_11.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/hibernate4-eap6-4.2.7-8.SP4_redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/hornetq-2.3.14.1-1.Final_redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/ironjacamar-eap6-1.0.23.1-1.Final_redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-appclient-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-cli-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-client-all-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-clustering-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-cmp-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-configadmin-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-connector-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-controller-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-controller-client-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-core-security-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-deployment-repository-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-deployment-scanner-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-domain-http-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-domain-management-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-ee-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-ee-deployment-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-ejb3-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-embedded-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-host-controller-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-jacorb-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-jaxr-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-jaxrs-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-jdr-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-jmx-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-jpa-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-jsf-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-jsr77-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-logging-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-mail-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-management-client-content-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-messaging-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-modcluster-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-naming-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-network-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-osgi-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-osgi-configadmin-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-osgi-service-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-platform-mbean-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-pojo-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-process-controller-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-protocol-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-remoting-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-sar-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-security-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-server-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-system-jmx-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-threads-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-transactions-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-version-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-web-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-webservices-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-weld-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-as-xts-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-jsf-api_2.1_spec-2.1.28-3.Final_redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-jstl-api_1.2_spec-1.0.5-2.Final_redhat_2.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-security-negotiation-2.2.8-1.Final_redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jboss-weld-1.1-api-1.1-9.Final_redhat_5.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossas-appclient-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossas-bundles-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossas-core-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossas-domain-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossas-javadocs-7.3.3-3.Final_redhat_3.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossas-modules-eap-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossas-product-eap-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossas-standalone-7.3.3-3.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossas-welcome-content-eap-7.3.3-4.Final_redhat_3.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/log4j-jboss-logmanager-1.1.0-2.Final_redhat_2.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/picketbox-4.0.19-6.SP6_redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/picketlink-federation-2.1.9-4.SP3_redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/resteasy-2.3.7.1-1.Final_redhat_1.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/weld-cdi-1.0-api-1.0-10.SP4_redhat_4.1.ep6.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/weld-core-1.1.17-3.SP2_redhat_1.1.ep6.el5.src.rpm noarch: glassfish-jsf-eap6-2.1.28-2.redhat_3.1.ep6.el5.noarch.rpm glassfish-jsf12-eap6-1.2_15-7.b01_redhat_11.1.ep6.el5.noarch.rpm hibernate4-core-eap6-4.2.7-8.SP4_redhat_1.1.ep6.el5.noarch.rpm hibernate4-eap6-4.2.7-8.SP4_redhat_1.1.ep6.el5.noarch.rpm hibernate4-entitymanager-eap6-4.2.7-8.SP4_redhat_1.1.ep6.el5.noarch.rpm hibernate4-envers-eap6-4.2.7-8.SP4_redhat_1.1.ep6.el5.noarch.rpm hibernate4-infinispan-eap6-4.2.7-8.SP4_redhat_1.1.ep6.el5.noarch.rpm hornetq-2.3.14.1-1.Final_redhat_1.1.ep6.el5.noarch.rpm ironjacamar-common-api-eap6-1.0.23.1-1.Final_redhat_1.1.ep6.el5.noarch.rpm ironjacamar-common-impl-eap6-1.0.23.1-1.Final_redhat_1.1.ep6.el5.noarch.rpm ironjacamar-common-spi-eap6-1.0.23.1-1.Final_redhat_1.1.ep6.el5.noarch.rpm ironjacamar-core-api-eap6-1.0.23.1-1.Final_redhat_1.1.ep6.el5.noarch.rpm ironjacamar-core-impl-eap6-1.0.23.1-1.Final_redhat_1.1.ep6.el5.noarch.rpm ironjacamar-deployers-common-eap6-1.0.23.1-1.Final_redhat_1.1.ep6.el5.noarch.rpm ironjacamar-eap6-1.0.23.1-1.Final_redhat_1.1.ep6.el5.noarch.rpm ironjacamar-jdbc-eap6-1.0.23.1-1.Final_redhat_1.1.ep6.el5.noarch.rpm ironjacamar-spec-api-eap6-1.0.23.1-1.Final_redhat_1.1.ep6.el5.noarch.rpm ironjacamar-validator-eap6-1.0.23.1-1.Final_redhat_1.1.ep6.el5.noarch.rpm jboss-as-appclient-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-cli-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-client-all-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-clustering-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-cmp-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-configadmin-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-connector-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-controller-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-controller-client-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-core-security-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-deployment-repository-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-deployment-scanner-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-domain-http-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-domain-management-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-ee-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-ee-deployment-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-ejb3-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-embedded-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-host-controller-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-jacorb-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-jaxr-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-jaxrs-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-jdr-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-jmx-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-jpa-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-jsf-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-jsr77-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-logging-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-mail-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-management-client-content-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-messaging-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-modcluster-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-naming-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-network-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-osgi-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-osgi-configadmin-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-osgi-service-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-platform-mbean-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-pojo-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-process-controller-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-protocol-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-remoting-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-sar-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-security-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-server-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-system-jmx-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-threads-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-transactions-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-version-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-web-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-webservices-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-weld-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-as-xts-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jboss-jsf-api_2.1_spec-2.1.28-3.Final_redhat_1.1.ep6.el5.noarch.rpm jboss-jstl-api_1.2_spec-1.0.5-2.Final_redhat_2.1.ep6.el5.noarch.rpm jboss-security-negotiation-2.2.8-1.Final_redhat_1.1.ep6.el5.noarch.rpm jboss-weld-1.1-api-1.1-9.Final_redhat_5.1.ep6.el5.noarch.rpm jbossas-appclient-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jbossas-bundles-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jbossas-core-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jbossas-domain-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jbossas-javadocs-7.3.3-3.Final_redhat_3.ep6.el5.noarch.rpm jbossas-modules-eap-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jbossas-product-eap-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jbossas-standalone-7.3.3-3.Final_redhat_3.1.ep6.el5.noarch.rpm jbossas-welcome-content-eap-7.3.3-4.Final_redhat_3.1.ep6.el5.noarch.rpm log4j-jboss-logmanager-1.1.0-2.Final_redhat_2.1.ep6.el5.noarch.rpm picketbox-4.0.19-6.SP6_redhat_1.1.ep6.el5.noarch.rpm picketlink-federation-2.1.9-4.SP3_redhat_1.1.ep6.el5.noarch.rpm resteasy-2.3.7.1-1.Final_redhat_1.1.ep6.el5.noarch.rpm weld-cdi-1.0-api-1.0-10.SP4_redhat_4.1.ep6.el5.noarch.rpm weld-core-1.1.17-3.SP2_redhat_1.1.ep6.el5.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0059.html https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/6.2/html-single/6.2.3_Release_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFThSezXlSAg2UNWIIRAmHXAKCd9eZ8hSoz1R/wPSTuMwMyUqsuNgCeMolc /bziuLiDOZW7eZCw5ia4t9I= =bRl+ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue May 27 23:56:16 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 27 May 2014 23:56:16 +0000 Subject: [RHSA-2014:0565-01] Low: Red Hat JBoss Enterprise Application Platform 6.2.3 update Message-ID: <201405272356.s4RNuHpb005660@int-mx09.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat JBoss Enterprise Application Platform 6.2.3 update Advisory ID: RHSA-2014:0565-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0565.html Issue date: 2014-05-27 CVE Names: CVE-2014-0059 ===================================================================== 1. Summary: Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.2.3 and fix one security issue, several bugs, and add various enhancements are now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Description: Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in the audit.log file. (CVE-2014-0059) This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.2.2, and includes bug fixes and enhancements. Documentation for these changes will be available shortly from the Red Hat JBoss Enterprise Application Platform 6.2.3 Release Notes, linked to in the References. All users of Red Hat JBoss Enterprise Application Platform 6.2 as provided from the Red Hat Customer Portal are advised to apply this update. The JBoss server process must be restarted for the update to take effect. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. 4. Bugs fixed (https://bugzilla.redhat.com/): 1063642 - CVE-2014-0059 JBossSX/PicketBox: World readable audit.log file 5. References: https://www.redhat.com/security/data/cve/CVE-2014-0059.html https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=6.2.0 https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/6.2/html-single/6.2.3_Release_Notes/index.html 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFThSXjXlSAg2UNWIIRAglnAKDEYnMB2s97oL9YkRQxodoPWZKixgCeP+YO W0K32fb5BH+mMOFOn8xKdZs= =+p6H -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu May 29 21:23:12 2014 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 29 May 2014 21:23:12 +0000 Subject: [RHSA-2014:0582-01] Moderate: Red Hat JBoss SOA Platform 5.3.1 update Message-ID: <201405292123.s4TLNCvq005991@int-mx11.intmail.prod.int.phx2.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss SOA Platform 5.3.1 update Advisory ID: RHSA-2014:0582-01 Product: Red Hat JBoss SOA Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0582.html Issue date: 2014-05-29 CVE Names: CVE-2013-4517 ===================================================================== 1. Summary: Red Hat JBoss SOA Platform 5.3.1 2014 roll up patch 1, which fixes one security issue and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Description: Red Hat JBoss SOA Platform is the next-generation ESB and business process automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage existing (MoM and EAI), modern (SOA and BPM-Rules), and future (EDA and CEP) integration methodologies to dramatically improve business process execution speed and quality. This roll up patch serves as a cumulative upgrade for Red Hat JBoss SOA Platform 5.3.1. It includes various bug fixes. The following security issue is also fixed with this release: It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions (DTDs) to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service. (CVE-2013-4517) All users of Red Hat JBoss SOA Platform 5.3.1 as provided from the Red Hat Customer Portal are advised to apply this roll up patch. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss SOA Platform installation (including its databases, applications, configuration files, and so on). Note that it is recommended to halt the Red Hat JBoss SOA Platform server by stopping the JBoss Application Server process before installing this update, and then after installing the update, restart the Red Hat JBoss SOA Platform server by starting the JBoss Application Server process. 4. Bugs fixed (https://bugzilla.redhat.com/): 1045257 - CVE-2013-4517 Apache Santuario XML Security for Java: Java XML Signature DoS Attack 5. References: https://www.redhat.com/security/data/cve/CVE-2013-4517.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform&downloadType=securityPatches&version=5.3.1+GA 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTh6UpXlSAg2UNWIIRAjjeAKC3N+vwe7ZhpsYmzW3MYPWPPFpzzwCgg3cA 8TV3tS8lNsFrOhHjz9y7hGc= =LEAd -----END PGP SIGNATURE-----