-
Language:
English
-
Language:
English
Red Hat Training
A Red Hat training course is available for Red Hat JBoss Core Services
Red Hat JBoss Core Services 2.4.29 Service Pack 1 Release Notes
For Use with the Red Hat JBoss Core Services 2.4.29
Abstract
Chapter 1. Red Hat JBoss Core Services 2.4.29 Service Pack 1
Red Hat JBoss Core Services Apache HTTP Server 2.4.29 Service Pack 1 for RHEL 7 x86_64
Service packs for Red Hat JBoss Core Services are produced when a set of critical bug fixes and/or security patches are required before a new full release.
These service pack releases reduce the number of individual patches that we produce and enable customers to keep up to date.
Chapter 2. New Installation of Red Hat JBoss Core Services 2.4.29
You may install the Red Hat JBoss Core Services 2.4.29 version using the instructions provided below:
Make sure you upgrade to the latest service pack after installing.
Chapter 3. Upgrading Red Hat JBoss Core Services using this Service Pack
Download the Red Hat JBoss Core Services 2.4.29 Service Pack 1 file (.zip
format) appropriate to your platform using the download link here (subscription required). Extract the .zip
file to the Red Hat JBoss Core Services installation directory.
Chapter 4. Security Fixes
This update includes fixes for the following security related issues:
ID | Impact | Summary |
---|---|---|
Moderate | libdb: Reads DB_CONFIG from the current working directory | |
Low | httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values | |
Low | httpd: bypass with a trailing newline in the file name | |
Moderate | openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service | |
Moderate | httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications | |
Low | httpd: Out of bounds access after failure in reading the HTTP request | |
Low | httpd: Use-after-free on HTTP/2 stream shutdown | |
Moderate | httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS | |
Low | httpd: Weak Digest auth nonce generation in mod_auth_digest | |
Moderate | httpd: mod_http2: Too much time allocated to workers, possibly leading to DoS | |
Important | mod_jk: connector path traversal due to mishandled HTTP requests in httpd | |
Moderate | httpd: DoS for HTTP/2 connections by continuous SETTINGS frames | |
Moderate | nghttp2: Null pointer dereference when too large ALTSVC frame is received |
Chapter 5. Resolved Issues
See the JBoss Developer bug tracking software for a list of the Resolved issues for Red Hat JBoss Core Services 2.4.29 Service Pack 1.
Chapter 6. Known Issues
See the JBoss Developer bug tracking software for a list of the Resolved issues for Red Hat JBoss Core Services 2.4.29 Service Pack 1.
Chapter 7. Upgraded Components
Component | Version | Comment |
---|---|---|
Mod_jk | 1.2.46 | Previously 1.2.43 |