Issued:: 2020-11-23
Updated:: 2020-11-23

RHSA-2020:5175 - Security Advisory

Overview
Updated Packages

Synopsis

Important: Red Hat JBoss Enterprise Application Platform 7.3 security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6, 7, and 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.

This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6, 7, and 8.

Security Fix(es):

hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used (CVE-2020-25638)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.

Solution

Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.

You must restart the JBoss server process for the update to take effect.

For details about how to apply this update, see:
https://access.redhat.com/articles/11258

Affected Products

JBoss Enterprise Application Platform 7.4 for RHEL 8 x86_64
JBoss Enterprise Application Platform 7.4 for RHEL 7 x86_64
JBoss Enterprise Application Platform 7.3 for RHEL 8 x86_64
JBoss Enterprise Application Platform 7.3 for RHEL 7 x86_64
JBoss Enterprise Application Platform 7.3 for RHEL 6 x86_64

Fixes

BZ - 1881353 - CVE-2020-25638 hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used

CVEs

CVE-2020-25638

References

Note: More recent versions of these packages may be available. Click a package name for more details.

JBoss Enterprise Application Platform 7.4 for RHEL 8

SRPM
eap7-hibernate-5.3.18-2.Final_redhat_00002.1.el8eap.src.rpm	SHA-256: 6af81bbb23b535ee781fac94a49102ce1f935d3e7589e11713138dfdc1556fb8
x86_64
eap7-hibernate-5.3.18-2.Final_redhat_00002.1.el8eap.noarch.rpm	SHA-256: abfc8dacaad90a2438be9eb3e072723a643e9c8b25b3f38cce3a9a1998e861d5
eap7-hibernate-core-5.3.18-2.Final_redhat_00002.1.el8eap.noarch.rpm	SHA-256: fd4e490427814d2412852fe607ddc16495f6f44d5640779706ac38b6677789ab
eap7-hibernate-entitymanager-5.3.18-2.Final_redhat_00002.1.el8eap.noarch.rpm	SHA-256: 559dd59098b6b6d221f59ea292992339daf5a6e068f7cc259ddcc6e47da3bdf4
eap7-hibernate-envers-5.3.18-2.Final_redhat_00002.1.el8eap.noarch.rpm	SHA-256: 10fb487652accb76a2873a14461de0741f0a0a2dec228ebd58d81d5381645191
eap7-hibernate-java8-5.3.18-2.Final_redhat_00002.1.el8eap.noarch.rpm	SHA-256: 27f1a1c03e4a4e58e4e3f7a2b1b5e7e9783603943b127fc9d2793cdc56e51c11

JBoss Enterprise Application Platform 7.4 for RHEL 7

SRPM
eap7-hibernate-5.3.18-2.Final_redhat_00002.1.el7eap.src.rpm	SHA-256: c7cb12a79476334e9acf94e659f237e0722900ed6f3d498a0936995f4cb78176
x86_64
eap7-hibernate-5.3.18-2.Final_redhat_00002.1.el7eap.noarch.rpm	SHA-256: b5ce08ef08ba8970e2b5c6d49431b8b2927bb9922f6ab90328deb1dd8720cf6a
eap7-hibernate-core-5.3.18-2.Final_redhat_00002.1.el7eap.noarch.rpm	SHA-256: 8fe092eb7a993fb2202ca409fe34781afec6befdf194cb2a27fd6b02fff4b98c
eap7-hibernate-entitymanager-5.3.18-2.Final_redhat_00002.1.el7eap.noarch.rpm	SHA-256: bb0a5a08e2da92ee8ec458f22dcb48a27591d20384466e9f62d8fffbb32d1acd
eap7-hibernate-envers-5.3.18-2.Final_redhat_00002.1.el7eap.noarch.rpm	SHA-256: 24b56a03adf83a0fd8c27a5cf28f00ac03f207f577f8d64ae6a456618a9ef6a9
eap7-hibernate-java8-5.3.18-2.Final_redhat_00002.1.el7eap.noarch.rpm	SHA-256: c47ae6b92818ec63aad54b2c922833b42b4c27904e83db2bb7f024c5b73ad30f

JBoss Enterprise Application Platform 7.3 for RHEL 8

SRPM
eap7-hibernate-5.3.18-2.Final_redhat_00002.1.el8eap.src.rpm	SHA-256: 6af81bbb23b535ee781fac94a49102ce1f935d3e7589e11713138dfdc1556fb8
x86_64
eap7-hibernate-5.3.18-2.Final_redhat_00002.1.el8eap.noarch.rpm	SHA-256: abfc8dacaad90a2438be9eb3e072723a643e9c8b25b3f38cce3a9a1998e861d5
eap7-hibernate-core-5.3.18-2.Final_redhat_00002.1.el8eap.noarch.rpm	SHA-256: fd4e490427814d2412852fe607ddc16495f6f44d5640779706ac38b6677789ab
eap7-hibernate-entitymanager-5.3.18-2.Final_redhat_00002.1.el8eap.noarch.rpm	SHA-256: 559dd59098b6b6d221f59ea292992339daf5a6e068f7cc259ddcc6e47da3bdf4
eap7-hibernate-envers-5.3.18-2.Final_redhat_00002.1.el8eap.noarch.rpm	SHA-256: 10fb487652accb76a2873a14461de0741f0a0a2dec228ebd58d81d5381645191
eap7-hibernate-java8-5.3.18-2.Final_redhat_00002.1.el8eap.noarch.rpm	SHA-256: 27f1a1c03e4a4e58e4e3f7a2b1b5e7e9783603943b127fc9d2793cdc56e51c11

JBoss Enterprise Application Platform 7.3 for RHEL 7

SRPM
eap7-hibernate-5.3.18-2.Final_redhat_00002.1.el7eap.src.rpm	SHA-256: c7cb12a79476334e9acf94e659f237e0722900ed6f3d498a0936995f4cb78176
x86_64
eap7-hibernate-5.3.18-2.Final_redhat_00002.1.el7eap.noarch.rpm	SHA-256: b5ce08ef08ba8970e2b5c6d49431b8b2927bb9922f6ab90328deb1dd8720cf6a
eap7-hibernate-core-5.3.18-2.Final_redhat_00002.1.el7eap.noarch.rpm	SHA-256: 8fe092eb7a993fb2202ca409fe34781afec6befdf194cb2a27fd6b02fff4b98c
eap7-hibernate-entitymanager-5.3.18-2.Final_redhat_00002.1.el7eap.noarch.rpm	SHA-256: bb0a5a08e2da92ee8ec458f22dcb48a27591d20384466e9f62d8fffbb32d1acd
eap7-hibernate-envers-5.3.18-2.Final_redhat_00002.1.el7eap.noarch.rpm	SHA-256: 24b56a03adf83a0fd8c27a5cf28f00ac03f207f577f8d64ae6a456618a9ef6a9
eap7-hibernate-java8-5.3.18-2.Final_redhat_00002.1.el7eap.noarch.rpm	SHA-256: c47ae6b92818ec63aad54b2c922833b42b4c27904e83db2bb7f024c5b73ad30f

JBoss Enterprise Application Platform 7.3 for RHEL 6

SRPM
eap7-hibernate-5.3.18-2.Final_redhat_00002.1.el6eap.src.rpm	SHA-256: 6326cff5227d7d327496bd03f8e4408ff7b87a98ac17295d0a2b14fb9125d68c
x86_64
eap7-hibernate-5.3.18-2.Final_redhat_00002.1.el6eap.noarch.rpm	SHA-256: f20b6bce756c1b4c6ae346e8cac51823c7f6b2b194c8109b3f080ba9d25b4746
eap7-hibernate-core-5.3.18-2.Final_redhat_00002.1.el6eap.noarch.rpm	SHA-256: af8fe8981d60126ea20ce760cd4640fab3a6e39f35781c48aaf30f98d4cc075a
eap7-hibernate-entitymanager-5.3.18-2.Final_redhat_00002.1.el6eap.noarch.rpm	SHA-256: a673a40b4d4da0506bc6bf7582122856d9246ffee57e6d8a6faa5039ae90a19a
eap7-hibernate-envers-5.3.18-2.Final_redhat_00002.1.el6eap.noarch.rpm	SHA-256: eba9a1ae8108cbb435c49f105456e686604b12b95454741b5552441051d9f275
eap7-hibernate-java8-5.3.18-2.Final_redhat_00002.1.el6eap.noarch.rpm	SHA-256: b83882dad262463d9b5ba6ee9396a5107a68ee2ab8ea77b41534c9cef8421d89

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation