Red Hat Product Errata RHSA-2021:3468 - Security Advisory
Issued:
2021-09-08
Updated:
2021-09-08

RHSA-2021:3468 - Security Advisory

Synopsis

Important: Red Hat JBoss Enterprise Application Platform 7.3.9 security update on RHEL 8

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

This release of Red Hat JBoss Enterprise Application Platform 7.3.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

  • undertow: buffer leak on incoming websocket PONG message may lead to DoS (CVE-2021-3690)
  • undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS (CVE-2021-3597)
  • jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate (CVE-2021-28170)
  • apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 (CVE-2021-29425)
  • wildfly-core: Invalid Sensitivity Classification of Vault Expression (CVE-2021-3644)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • JBoss Enterprise Application Platform 7.3 for RHEL 8 x86_64

Fixes

  • BZ - 1948752 - CVE-2021-29425 apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6
  • BZ - 1965497 - CVE-2021-28170 jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate
  • BZ - 1970930 - CVE-2021-3597 undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS
  • BZ - 1976052 - CVE-2021-3644 wildfly-core: Invalid Sensitivity Classification of Vault Expression
  • BZ - 1991299 - CVE-2021-3690 undertow: buffer leak on incoming websocket PONG message may lead to DoS
  • JBEAP-21468 - Tracker bug for the EAP 7.3.9 release for RHEL-8
  • JBEAP-21466 - Tracker bug for the EAP 7.3.9 release for RHEL-6
  • JBEAP-21958 - [GSS](7.3.z) Upgrade HAL from 3.2.15.Final-redhat-00001 to 3.2.16.Final-redhat-00001
  • JBEAP-22003 - [GSS](7.3.z) HAL-1753 - The Locations table is not updated after changing the profile in breadcrumb navigation
  • JBEAP-22029 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.28.Final-redhat-00001 to 1.0.29.Final-redhat-00002
  • JBEAP-22079 - [GSS](7.3.z) Upgrade ironjacamar from 1.4.33.Final-redhat-00001 to 1.4.35.Final-redhat-00001
  • JBEAP-22085 - [GSS](7.3.z) Upgrade PicketBox from 5.0.3.Final-redhat-00007 to 5.0.3.Final-redhat-00008
  • JBEAP-22138 - (7.3.z) Upgrade Narayana from 5.9.11.Final-redhat-00001 to 5.9.12.Final-redhat-00001
  • JBEAP-22159 - (7.3.z) Upgrade jakarta.el from 3.0.3.redhat-00002 to 3.0.3.redhat-00006
  • JBEAP-22195 - (7.3.z) Upgrade commons-io from 2.5.0.redhat-3 to 2.10.0.redhat-00001
  • JBEAP-22198 - (7.3.z) Upgrade WildFly Core from 10.1.21.Final-redhat-00001 to 10.1.22.Final-redhat-00001
  • JBEAP-22200 - (7.3.z) Upgrade Undertow from 2.0.38.SP1-redhat-00001 to 2.0.39-SP1-redhat-00001
  • JBEAP-22204 - [GSS](7.3.z) Upgrade jberet from 1.3.8.Final-redhat-00001 to 1.3.9.Final-redhat-00001
  • JBEAP-22227 - [GSS](7.3.z) Upgrade remoting from 5.0.23.Final-redhat-00001 to 5.0.23.SP1-redhat-00001
  • JBEAP-22317 - (7.3.z) Upgrade Undertow from 2.0.39-SP1-redhat-00001 to 2.0.39-SP2-redhat-00001

JBoss Enterprise Application Platform 7.3 for RHEL 8

SRPM
eap7-apache-commons-io-2.10.0-1.redhat_00001.1.el8eap.src.rpm SHA-256: b4625be1efc9a6d6b0e27fb2747717dc93f2e2ef0b12ea7ac8b865c831ef9395
eap7-hal-console-3.2.16-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: 3d8792781f20590f6e55bd026df8c9e76db849de73d8c5fa53957d3cc02c2697
eap7-hibernate-5.3.20-4.SP2_redhat_00001.1.el8eap.src.rpm SHA-256: cc7c19f3862549eda127609ec33d27cf08bc9ff55cef8c135ae23e069431b07c
eap7-ironjacamar-1.4.35-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: a0afa080b8418cb0fb12bcbda8896cba0696f80c146d03f0ddd422ddbedb05d4
eap7-jakarta-el-3.0.3-2.redhat_00006.1.el8eap.src.rpm SHA-256: 648c57ed9d045fb38fc39fa181490912e4780316941916f5745001996714f307
eap7-jberet-1.3.9-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: f59684edec5005af3b7dfd35dce5ea068ee1261588e83b3aa16de0b0f0faa62e
eap7-jboss-remoting-5.0.23-2.SP1_redhat_00001.1.el8eap.src.rpm SHA-256: 75482f52202f8d2ee5c69d02b1c30da7b0a17ead3b046e9c4689a7affee9dc08
eap7-jboss-server-migration-1.7.2-9.Final_redhat_00010.1.el8eap.src.rpm SHA-256: a0e439194c0254c164eb18b6e4d309138685ce66553e100a6e7dd12fbff23d1e
eap7-narayana-5.9.12-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: 2dd66e4d595b79b77d99505a654917e1e1b24ce4a17f9f61449a036a37228ad3
eap7-picketbox-5.0.3-9.Final_redhat_00008.1.el8eap.src.rpm SHA-256: e88616b58e89db13627fbc2bce8b48638a694f5434d5ed23d9010dfa1a899c49
eap7-undertow-2.0.39-1.SP2_redhat_00001.1.el8eap.src.rpm SHA-256: 2bacc2d06d8b3496aef6f3e8c11eb9259bafcec78f513c3cff7b5d6f0c8f8bbc
eap7-wildfly-7.3.9-2.GA_redhat_00002.1.el8eap.src.rpm SHA-256: 706a754cc4a4876f0fa798800622baf4daaaf00f257152791d00ee61d15b9cad
eap7-wildfly-http-client-1.0.29-1.Final_redhat_00002.1.el8eap.src.rpm SHA-256: 4f03a9ae0af3ff276237c9b861f511d9fd5722adafdd3a62e362d8e6c496975f
eap7-wildfly-transaction-client-1.1.14-2.Final_redhat_00001.1.el8eap.src.rpm SHA-256: 4fdcb7e6c85adc3c1dbc0913f90c3a14e394ba33799e7589ff98617dffb88eb8
x86_64
eap7-apache-commons-io-2.10.0-1.redhat_00001.1.el8eap.noarch.rpm SHA-256: 3df69ad932936f20a7c6f70d6d16d9888d8fbb2af556fb32443b229dc5e6af32
eap7-hal-console-3.2.16-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 7d44a5df3a4f0b7971dfdf98f7b827aacca536bbbf89d1366cd99f3db63b8df3
eap7-hibernate-5.3.20-4.SP2_redhat_00001.1.el8eap.noarch.rpm SHA-256: 2c158b305c2779085211c4a47f1a4700d9174113e8301b3501867105456fcc5f
eap7-hibernate-core-5.3.20-4.SP2_redhat_00001.1.el8eap.noarch.rpm SHA-256: 315d9a3bc1b4aaca3545f8f94ff339e5d3ba9b0ebd7d98d8817ef66dfcd96ac5
eap7-hibernate-entitymanager-5.3.20-4.SP2_redhat_00001.1.el8eap.noarch.rpm SHA-256: 825989605847c757f8a37697ef72400d31c294b1133c7c6cf6d7511397db5415
eap7-hibernate-envers-5.3.20-4.SP2_redhat_00001.1.el8eap.noarch.rpm SHA-256: d0d516b81cf7c1f023cffeb8e799deef6a7aa90fc62ba1cc79ecbb769af7ff95
eap7-hibernate-java8-5.3.20-4.SP2_redhat_00001.1.el8eap.noarch.rpm SHA-256: 3b7789963b0d012dc34f7b8b6c18a323b07aaec140902c0aebc790a757af62dd
eap7-ironjacamar-1.4.35-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: f22e9fb2699431fffdd280fb5c40ded7c6a7aee6274a90ec6a993fa90cb22bfd
eap7-ironjacamar-common-api-1.4.35-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: e3619672c7e615f1f2161e5935bb21fb8a4b660ba28313ae72e4361b9bcd5359
eap7-ironjacamar-common-impl-1.4.35-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: b09a55c1934e1b8a6e1604cbc63405fd067d4dbae0a8461c40395570154ddef4
eap7-ironjacamar-common-spi-1.4.35-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 98f9e5e591d2603e5020e43fc57a5691bef2b586a31edd1fc08cef224dbb13e9
eap7-ironjacamar-core-api-1.4.35-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 7cccbfe45a81f63ad4fcaa5ed32e1698637e160f70bcc578c89e4fce0b5d96a3
eap7-ironjacamar-core-impl-1.4.35-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 2320386b1378b6c9d59ea24001e2b2537006d31fc60a0a7508626f305ad2565d
eap7-ironjacamar-deployers-common-1.4.35-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 4164f1c72d59f0c4128b0687dda598a23f7cc18cc68b363ca6d62a66cb7a796d
eap7-ironjacamar-jdbc-1.4.35-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 4ce3f0422cd17cdd19969a86d2248b249d380f480ee0a343564031bfa762974f
eap7-ironjacamar-validator-1.4.35-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 31a7f706acf1d63c8c218ed2fc0e19ffafd7f04e70fc4c4b5a7bc9166984b75b
eap7-jakarta-el-3.0.3-2.redhat_00006.1.el8eap.noarch.rpm SHA-256: e58e9c87443b48d17d9103ce4c1bac435dbb09c01ad76110ed414cc7b70d1593
eap7-jberet-1.3.9-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 1285144620527c7563ac41510edaa5de9ddeae3a07b07c0d9d372ae7adcb18a1
eap7-jberet-core-1.3.9-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 1252d748a055b6715d30eb44244dec5db99f558afd2a6fef3c4fb5f64431cda7
eap7-jboss-remoting-5.0.23-2.SP1_redhat_00001.1.el8eap.noarch.rpm SHA-256: 36f14c1bb28a28456b11e22654c8f955ec0d4d6790bac04e06ac5ef616f48676
eap7-jboss-server-migration-1.7.2-9.Final_redhat_00010.1.el8eap.noarch.rpm SHA-256: 48be0f78f5d20581649a388dd058c1c23b831e3af2627196386da75b0047bc3d
eap7-jboss-server-migration-cli-1.7.2-9.Final_redhat_00010.1.el8eap.noarch.rpm SHA-256: 3cda834183b827f8037c119daf6ff5368766f37dbfb4830ebe2c9da24485f24d
eap7-jboss-server-migration-core-1.7.2-9.Final_redhat_00010.1.el8eap.noarch.rpm SHA-256: 09c4a68ea890d1f9b8a582fb78f739f7f71fde4852ba613c57be8d6af49353bb
eap7-jboss-server-migration-eap6.4-1.7.2-9.Final_redhat_00010.1.el8eap.noarch.rpm SHA-256: 8f99ed30dd44a76b23f73400cc2177b7f5b406136126d4e1101a33c26cbd49e3
eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.2-9.Final_redhat_00010.1.el8eap.noarch.rpm SHA-256: 75c7594329a7644e9f8238184a4b40c428af3eeb13ebf222b3ccce5be477641a
eap7-jboss-server-migration-eap7.0-1.7.2-9.Final_redhat_00010.1.el8eap.noarch.rpm SHA-256: 9589d36a7e1b90dbb7d691c0118681b6a0f7bfc0abfea75b4601b363388579f2
eap7-jboss-server-migration-eap7.1-1.7.2-9.Final_redhat_00010.1.el8eap.noarch.rpm SHA-256: ed26388b3830d072f2f0a23db3b7b867add8a6b8d30c24f1bd6d401fd9d78d94
eap7-jboss-server-migration-eap7.2-1.7.2-9.Final_redhat_00010.1.el8eap.noarch.rpm SHA-256: 3d5b104f8b39c5464bffe28a084c06c401c689dc02b5d218067c8cd82e53eff3
eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.2-9.Final_redhat_00010.1.el8eap.noarch.rpm SHA-256: 3e478c57f8848979fb5e4909eb75e737304c91d3354b126003e872b649941642
eap7-jboss-server-migration-eap7.3-server-1.7.2-9.Final_redhat_00010.1.el8eap.noarch.rpm SHA-256: cdb2db8cc9f775be9d5f51c8a9ac125b25109b4f5d9627face4a0b30e022f466
eap7-jboss-server-migration-wildfly10.0-1.7.2-9.Final_redhat_00010.1.el8eap.noarch.rpm SHA-256: 350b02e8a4bdec27d7b075a50ba199a2b555d24427e04e77f96c0e7c6e5df3b7
eap7-jboss-server-migration-wildfly10.1-1.7.2-9.Final_redhat_00010.1.el8eap.noarch.rpm SHA-256: 82343545672be5c3b98fbae3dd8c09f57df668030c0c107e08a658e8b411469e
eap7-jboss-server-migration-wildfly11.0-1.7.2-9.Final_redhat_00010.1.el8eap.noarch.rpm SHA-256: ffeaf9f7ff45e2ba49db11a469d86872186ac25cab6f9de48eb1cc3994aed435
eap7-jboss-server-migration-wildfly12.0-1.7.2-9.Final_redhat_00010.1.el8eap.noarch.rpm SHA-256: e22ef3198267736e79b9bdaec65baf947b950c0c564c1db07e518fd9b81e2d50
eap7-jboss-server-migration-wildfly13.0-server-1.7.2-9.Final_redhat_00010.1.el8eap.noarch.rpm SHA-256: d7b3814fd30b9541a533140a5d9b461fe8232b1674e4f953ddf23d2fecc50768
eap7-jboss-server-migration-wildfly14.0-server-1.7.2-9.Final_redhat_00010.1.el8eap.noarch.rpm SHA-256: b9633430dd2ae2bc057e1b72365f051162f62729c785aa1e55ca21adf48bff71
eap7-jboss-server-migration-wildfly15.0-server-1.7.2-9.Final_redhat_00010.1.el8eap.noarch.rpm SHA-256: ffea916fb7cd2222c82ea9f3910aa3bc0e0a56d4a71b70eb48ae0c3d582104db
eap7-jboss-server-migration-wildfly16.0-server-1.7.2-9.Final_redhat_00010.1.el8eap.noarch.rpm SHA-256: 7d60d96159f0fd4ff8eab0806385e00843315d7e1da9febad3140128d85ab98e
eap7-jboss-server-migration-wildfly17.0-server-1.7.2-9.Final_redhat_00010.1.el8eap.noarch.rpm SHA-256: 2bbedbcb6105e5a4280c9b0c190851d79799ea8108ee8029c43c83b4770cd708
eap7-jboss-server-migration-wildfly18.0-server-1.7.2-9.Final_redhat_00010.1.el8eap.noarch.rpm SHA-256: 54914724e6a98a1cce712cc00a8803899ceaed899199855ff4d44989ba89c8ee
eap7-jboss-server-migration-wildfly8.2-1.7.2-9.Final_redhat_00010.1.el8eap.noarch.rpm SHA-256: 29eaf3c663eb2d5faba3f70a9f2d827f65c19c4f961232bf0438263e243ee175
eap7-jboss-server-migration-wildfly9.0-1.7.2-9.Final_redhat_00010.1.el8eap.noarch.rpm SHA-256: 6c1ef2a174b779f0ccea235d7e4ef4dca572d67bd5ccfe8bfec881c1ea232dff
eap7-narayana-5.9.12-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 7d7d73b231b32fe4cf266cffcee783e4f49e0ea7fd9a62e1f5273f208121d1b9
eap7-narayana-compensations-5.9.12-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: a999a89c32b533d1626bf1092bacc84e0133431951d3be1e4bf4d6c58ce0555f
eap7-narayana-jbosstxbridge-5.9.12-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 272bede7dc99a41896efb71b39f771d466de2d04fd945a58f2aa5b76c306595c
eap7-narayana-jbossxts-5.9.12-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: e02d064f592108ee7986bcd7dc1bdb22cc0d5ac28ba75d821be0b5e79cd27d20
eap7-narayana-jts-idlj-5.9.12-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 446243bb7bd76feca00674ecf1cb38956b9596bf798940f1bc3db7e9fa37b631
eap7-narayana-jts-integration-5.9.12-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 8a949051d2cb39b09ee9b07e83438cc86a7cee75daf7e2d1f2e6dd38db0d5e80
eap7-narayana-restat-api-5.9.12-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 60c615f328e16cfc34547d532a5ec323b4302944d9d5b557dde1f7fc13413074
eap7-narayana-restat-bridge-5.9.12-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 7e79421cff4e375d7fe71f66e7db6cb3e955991dd9e4faec47da3a113dd0e5c0
eap7-narayana-restat-integration-5.9.12-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: ec218baab3490ca7c322e30f8f61c4935cb2a56093dbdcabe6696ea84fda0656
eap7-narayana-restat-util-5.9.12-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: bc09c516c1f8f64d68b58fb34414f25bf8e177668299e419049f3e8208437d49
eap7-narayana-txframework-5.9.12-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: fa5f8b01a3bde042ec8007cd637a653461b537c95381507aade1b0e9e67ab391
eap7-picketbox-5.0.3-9.Final_redhat_00008.1.el8eap.noarch.rpm SHA-256: a7ec7b5455031a85ec6dfb16c32f07a7a418244b93c5d23c6dcd1bfc6b631e1d
eap7-picketbox-infinispan-5.0.3-9.Final_redhat_00008.1.el8eap.noarch.rpm SHA-256: 6b920899542ab69a547a6328f7e6630ccd18ddd564426ca9000be71eba59faf2
eap7-undertow-2.0.39-1.SP2_redhat_00001.1.el8eap.noarch.rpm SHA-256: 99bc382dcbf93b7e27e9267ad6bfc4e9f3a8ec74714ad0c4f0f67ed5b5d948eb
eap7-wildfly-7.3.9-2.GA_redhat_00002.1.el8eap.noarch.rpm SHA-256: 720e421ee6104158438ecd00660a704ffd99992b751239e3323265f62475cba2
eap7-wildfly-http-client-common-1.0.29-1.Final_redhat_00002.1.el8eap.noarch.rpm SHA-256: 2f1ffc934ce2724d1472dd0764111cc9b003cb1a8db1a06ea395772251274f61
eap7-wildfly-http-ejb-client-1.0.29-1.Final_redhat_00002.1.el8eap.noarch.rpm SHA-256: 2a2ae020b7bd14d7af17b2f6877dba8fc958bdf544d74b5c0fd43cf290c3a4a3
eap7-wildfly-http-naming-client-1.0.29-1.Final_redhat_00002.1.el8eap.noarch.rpm SHA-256: fda40f855f25bb9d129b97b08ee6465f7742fa5e878f017c25004af2a9915ac3
eap7-wildfly-http-transaction-client-1.0.29-1.Final_redhat_00002.1.el8eap.noarch.rpm SHA-256: 853ad1175cf7d916a8ee2b200aa30b29a1eeee08a28978af0d4584dfda09842d
eap7-wildfly-javadocs-7.3.9-2.GA_redhat_00002.1.el8eap.noarch.rpm SHA-256: a578865445f6b71bba7eb2a45cb50fb331d852a54d62edb9f7a6957b12175519
eap7-wildfly-modules-7.3.9-2.GA_redhat_00002.1.el8eap.noarch.rpm SHA-256: 3777b5b8f97d77b46cf1d11915d5791d9b34e82071825729142bcbbb640a1809
eap7-wildfly-transaction-client-1.1.14-2.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: a29db77a14048ec1f0247e7a335fc4d5f32e15dd0cf99ed693a6d5119f3b5bd1

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.