Red Hat JBoss Web Server 2.1.2 Update 1 Release Notes

Updated -

In order to better meet customer expectations, Service Pack releases for Red Hat JBoss Web Server are created whenever a set of critical bug fixes and/or security patches are made before a new full release of the server.

We expect that these Service Pack releases will reduce the number of individual patches that we produce, and that customers will manage to keep their installations up to date using these updates.

Installation

To install this Service Pack, perform the following steps:

  1. Download the JBoss Web Server 2.1.2 zip appropriate to your platform.
  2. Extract the downloaded zip to a directory.
  3. Download the appropriate 2.1.2.Bundle-1 zip.
  4. Extract the downloaded 2.1.2.Bundle-1 zip archive to the same directory.

Security Fixes

This update includes fixes for the following security related issues:

ID Component Summary
CVE-2016-6304 openssl OCSP Status Request extension unbounded memory growth.
CVE-2016-8610 openssl SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS.
CVE-2017-5647 tomcat6 Incorrect handling of pipelined requests when send file was used.
CVE-2017-5647 tomcat7 Incorrect handling of pipelined requests when send file was used.
CVE-2017-5664 tomcat6 Security constrained bypass in error page mechanism.
CVE-2017-5664 tomcat7 Security constrained bypass in error page mechanism.