In order to better meet customer expectations, Service Pack releases for Red Hat JBoss Web Server are created whenever a set of critical bug fixes and/or security patches are made before a new full release of the server.
We expect that these Service Pack releases will reduce the number of individual patches that we produce, and that customers will manage to keep their installations up to date using these updates.
To install this Service Pack, perform the following steps:
- Download the JBoss Web Server 2.1.2 zip appropriate to your platform.
- Extract the downloaded zip to a directory.
- Download the appropriate 2.1.2.Bundle-1 zip.
- Extract the downloaded 2.1.2.Bundle-1 zip archive to the same directory.
This update includes fixes for the following security related issues:
|CVE-2016-6304||openssl||OCSP Status Request extension unbounded memory growth.|
|CVE-2016-8610||openssl||SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS.|
|CVE-2017-5647||tomcat6||Incorrect handling of pipelined requests when send file was used.|
|CVE-2017-5647||tomcat7||Incorrect handling of pipelined requests when send file was used.|
|CVE-2017-5664||tomcat6||Security constrained bypass in error page mechanism.|
|CVE-2017-5664||tomcat7||Security constrained bypass in error page mechanism.|