Red Hat Product Errata RHSA-2022:0401 - Security Advisory
Issued:
2022-02-02
Updated:
2022-02-02

RHSA-2022:0401 - Security Advisory

Synopsis

Important: Red Hat JBoss Enterprise Application Platform 7.4.3 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.

This release of Red Hat JBoss Enterprise Application Platform 7.4.3 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.2 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.3 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

  • undertow: client side invocation timeout raised when calling over HTTP2 (CVE-2021-3859)
  • EAP 7: Incomplete fix of CVE-2016-4978 in HornetQ library (CVE-2021-20318)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • JBoss Enterprise Application Platform 7.4 for RHEL 8 x86_64

Fixes

  • BZ - 2010378 - CVE-2021-3859 undertow: client side invocation timeout raised when calling over HTTP2
  • BZ - 2010559 - CVE-2021-20318 EAP 7: Incomplete fix of CVE-2016-4978 in HornetQ library
  • JBEAP-22642 - Tracker bug for the EAP 7.4.3 release for RHEL-8
  • JBEAP-22100 - (7.4.z) Upgrade galleon-plugins to a 5.1.x version with WFGP-195 fixed
  • JBEAP-22104 - (7.4.z) Upgrade JBoss Classfilewriter from 1.2.4.Final-redhat-00001 to 1.2.5.Final-redhat-00001
  • JBEAP-22106 - (7.4.z) Upgrade to JBoss Marshalling from 2.0.11.Final-redhat-00001 to 2.0.12.Final-redhat-00001
  • JBEAP-22108 - (7.4.z) Upgrade to Byteman from 4.0.14 to 4.0.16
  • JBEAP-22373 - (7.4.z) Upgrade galleon-plugins in wildfly-core-eap from 5.1.0.Final to 5.1.4.Final
  • JBEAP-22505 - [GSS](7.4.z) WFLY-14923 - Update JPA handling to support `initialize-in-order`
  • JBEAP-22575 - (7.4.z) Upgrade mod_cluster from 1.4.3.Final-redhat-00002 to 1.4.4.Final
  • JBEAP-22582 - (7.4.z) Upgrade WildFly Core from 15.0.5.Final-redhat-00001 to 15.0.6.Final-redhat-00001
  • JBEAP-22586 - (7.4.z) Upgrade RESTEasy from 3.15.2.Final-redhat-00001 to 3.15.3.Final-redhat-00001
  • JBEAP-22587 - (7.4.z) Upgrade Hibernate ORM from 5.3.23.Final-redhat-00001 to 5.3.24.Final-redhat-00001
  • JBEAP-22590 - (7.4.z) Upgrade Mockito from 2.18.0 to 3.10.0
  • JBEAP-22609 - (7.4.z) Upgrade XNIO from 3.8.4.Final-redhat-00001 to 3.8.5.SP1-redhat-00001
  • JBEAP-22668 - (7.4.z) Upgrade Elytron from 1.15.6.Final-redhat-00001 to 1.15.9.Final
  • JBEAP-22679 - [GSS](7.4.z) UNDERTOW-1984 - GOAWAY sent by HTTP2 server when a RST is sent after upgrade
  • JBEAP-22692 - (7.4.z) Upgrade Ironjacamar from 1.5.2.Final-redhat-00001 to 1.5.3.Final-redhat-00001
  • JBEAP-22693 - (7.4.z) Upgrade jboss-ejb-client from 4.0.43.Final-redhat-00001 to 4.0.44.Final-redhat-00001
  • JBEAP-22740 - (7.4.z) Upgrade jgroups_azure from 1.3.0.Final-redhat-00001 to 1.3.1.Final
  • JBEAP-22754 - (7.4.z) Upgrade azure-storage 8.6.6
  • JBEAP-22793 - (7.4.z) Update elytron-tool scripts to make use of jboss-modules
  • JBEAP-22822 - (7.4.z) Update ElytronHttpExchange#getRequestURI to no longer use the 7 argument URI constructor
  • JBEAP-22823 - (7.4.z) Upgrade undertow from 2.2.13.SP1 to 2.2.13.SP2
  • JBEAP-22833 - (7.4.z) Upgrade elytron-web from 1.9.1.Final-redhat-00001 to 1.9.2.Final-redhat-00001
  • JBEAP-22851 - (7.4.z) Upgrade WildFly Http Client from 1.1.8.Final-redhat-00001 to 1.1.10.Final-redhat-00001

JBoss Enterprise Application Platform 7.4 for RHEL 8

SRPM
eap7-azure-storage-8.6.6-1.redhat_00001.1.el8eap.src.rpm SHA-256: f7cc0f748b7dcb03ef2b3615809b4c9bd1198009b04684c9e421d1b9b28f1950
eap7-elytron-web-1.9.2-2.Final_redhat_00001.1.el8eap.src.rpm SHA-256: 7c824e61640ac5c8a99abaa382f8ede6793011a906e4fe15479e3bc7e6edcf32
eap7-hibernate-5.3.24-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: e110d932239bdfc1a2d6e76eb5dea068d90596eec8440adf006b9cf184d1b72c
eap7-hornetq-2.4.8-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: f7488d9dc518dde6d3887508bc78fdec5af5a55f3641346c94484604bfd62fca
eap7-ironjacamar-1.5.3-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: a6177ab83d621f46d1857a5f096a0c2e24c3a5ae4398d2a46a9d44f3009385dd
eap7-jboss-classfilewriter-1.2.5-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: f95619b59213f97c11b39d6fad5909977a3a5191aad3ce26156e5264021006b2
eap7-jboss-ejb-client-4.0.44-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: d0b556d85ddd8392383fb8926d684a2d2574e97237accc2abc7e3596e22d1d1a
eap7-jboss-marshalling-2.0.12-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: 86302432f5dea46ae98029f7f99041697d9451207c8282f339e5445caf26cc62
eap7-jboss-server-migration-1.10.0-13.Final_redhat_00012.1.el8eap.src.rpm SHA-256: c730861b590d52500849930169262c4a2093c03ffce68b6509fb0d9eedea761d
eap7-jboss-xnio-base-3.8.5-1.SP1_redhat_00001.1.el8eap.src.rpm SHA-256: 3220675c95ab2b82adb1219660b2eaee7917715e20001855699a3cd090c24574
eap7-jgroups-4.2.15-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: 6c77cdb350029f106d162737526cd849281d7171f7d79d085a24da71cc369c20
eap7-jgroups-azure-1.3.1-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: 6bc9a6f357e1c42f89aceeb2d15baeb7b12b26608b75e4a580dc2339c1e7909a
eap7-mod_cluster-1.4.4-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: 1d1e0cd1d7ead504baf096c3d2e1a6d798d7ea419092199853f4cd9158364883
eap7-resteasy-3.15.3-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: cd467ac144ada05b8af72ecb7308e3d4508ff16cdb3b93f701e49920f2e4227f
eap7-undertow-2.2.13-1.SP2_redhat_00001.1.el8eap.src.rpm SHA-256: 50576cfd786d47e63b0b6401788e9c558fc81822bae2104a11a517e51163c3e1
eap7-wildfly-7.4.3-5.GA_redhat_00002.1.el8eap.src.rpm SHA-256: 13f1409bff0a9a8abe95bd47578a6aabbf4ee1f5e385b478094b35c6688bad9f
eap7-wildfly-elytron-1.15.9-2.Final_redhat_00001.1.el8eap.src.rpm SHA-256: ccd37a590c00bcb95be8122864d0bc62c03f7044916ebf136cd0ec689e3c9c5f
eap7-wildfly-http-client-1.1.10-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: 6af64ef521503a1edee55fb59ca04ff83408b31a5bc7b25866c3bfea61ebae14
x86_64
eap7-azure-storage-8.6.6-1.redhat_00001.1.el8eap.noarch.rpm SHA-256: 10f55d1bb113d98eeda5bef9be999bc5ae5b0707a2852251c98e18353e2a4bc7
eap7-hibernate-5.3.24-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 30302deb555014ed6443ea1c1e1236dbee713e69c456df01516bda067ce5eddc
eap7-hibernate-core-5.3.24-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: dc7d12ab769852a251e758bcf540f55e4faadaa0b2a1ba7d153e445eb725ec7a
eap7-hibernate-entitymanager-5.3.24-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 8f5b3450fec018c0390c96fd009882c5730f9fa7fc071653ae7da340bfe0d53d
eap7-hibernate-envers-5.3.24-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: bc1a99190d7e4492ccf9426d6a9c2aa0816d09b02dbfaf8efb1cdabf5214db93
eap7-hibernate-java8-5.3.24-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 9a9ba08a0326a4c931b97a9a4c4ee8584d5fd4ea9ec6391f9b191d08bb6e6de9
eap7-hornetq-2.4.8-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 64b63d5169e6e73291e575f93033c1697a92e4eaab3393c5933f8f3eaa8d926a
eap7-hornetq-commons-2.4.8-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 38ccabf44c4eae1f30b1e21e4f23120031b85da02b4f67f057e92deab3f065e0
eap7-hornetq-core-client-2.4.8-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 51c9910cd82a20ae1d9421df3abdd70d387d504124a4a8ecf868a8b06aea3013
eap7-hornetq-jms-client-2.4.8-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 9df22af443f8ef86fc45280e0612a4135bb4023780b09522be60a13417d1da53
eap7-ironjacamar-1.5.3-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 2eae5f22222f40983861c19178071bb0f1479e64e90a8b7462e99dfd9c3bb4e6
eap7-ironjacamar-common-api-1.5.3-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: aace4852e0e4b6c948e1d65c9b6f2875190355a7ae5d1996c91fcf345decb29c
eap7-ironjacamar-common-impl-1.5.3-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: d00f7dcc587fd19acf435e28e08586cb9ac79531c1a2823a7e303361f5f20e5d
eap7-ironjacamar-common-spi-1.5.3-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 34cf42d08a56fdf31e727f1a54690903a5aaf8e32f2498206c89a4eadbc2d110
eap7-ironjacamar-core-api-1.5.3-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 5de488b894e737c014d05b89538e6557085c4602a64b8b71a5ac62b1e004fe11
eap7-ironjacamar-core-impl-1.5.3-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 48c2583c7b4089f98631c8dfac4176c6f04f594912f58dbb0ae8aa8904eccb41
eap7-ironjacamar-deployers-common-1.5.3-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: fc82d0aa593c2919593d77d7f60382890a23480dc033b476cfbfa7ecb1fd514d
eap7-ironjacamar-jdbc-1.5.3-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 1eab8d841e2abf980a4208af192695c74fea1384e2bad6bd08287c9609341cbe
eap7-ironjacamar-validator-1.5.3-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 9949fbaa05097616d60a80bfbba240e6024f048478f396fab5cf37fd5b189e2c
eap7-jboss-classfilewriter-1.2.5-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: c2bf7d6eee8d46fb4e5652cc830ee010c38260dd640d3652c7b06e5093b68f3f
eap7-jboss-ejb-client-4.0.44-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 778f916d8cc8fdde5867d751d00b8a1c048b3cc3c392623437319cd28f8f6f32
eap7-jboss-marshalling-2.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 7c9a759c49419628b8e78380bba47921e26231d5abe2b3d29a6865aabf966353
eap7-jboss-marshalling-river-2.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 18f3d4520b5a670b0d672919849e8cda58c39278b873eb95bea0904c956f55b1
eap7-jboss-server-migration-1.10.0-13.Final_redhat_00012.1.el8eap.noarch.rpm SHA-256: c39ccbfa2453b16534cf99c0ab7a7832be482d83b8b2704de1452afa27becc24
eap7-jboss-server-migration-cli-1.10.0-13.Final_redhat_00012.1.el8eap.noarch.rpm SHA-256: d6bc78c18704e133db6952d5875ff00ae33b0adf3838c1afc01b2fd85b1a75a2
eap7-jboss-server-migration-core-1.10.0-13.Final_redhat_00012.1.el8eap.noarch.rpm SHA-256: ba5b502b473a1fb5f3f759c088468525f9d7c027a5634d985a32b446c19d6ed6
eap7-jboss-xnio-base-3.8.5-1.SP1_redhat_00001.1.el8eap.noarch.rpm SHA-256: a079c178420a24ef379d93328a42610280beb9a518551314d590492abdca9f15
eap7-jgroups-4.2.15-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 60889589f190a2444b1f1fa534e503f12f2e6e82376501017dbbf2285d8aa122
eap7-jgroups-azure-1.3.1-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: c947349660a2db132bd6442cc09340e12e57a640a18c9ae3a1c7ac656cdf571d
eap7-mod_cluster-1.4.4-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: c30d7e2f6894b941453a322cd801ff84dbdc4cee57bdbdff039bb579a076a893
eap7-resteasy-3.15.3-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 6ec178f867d16393abeddde1dc7f9d6798aedd156d325debc07bb5fe92d6d065
eap7-resteasy-atom-provider-3.15.3-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: f9a5bf7c35f2d638a453509a7bce2f04534a907fdbb07fa416eac8fc5630b7ac
eap7-resteasy-cdi-3.15.3-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: f3ad91afdbd7f49e89f5cf0576513f5eeafe60a39f2940295090d19e146cb197
eap7-resteasy-client-3.15.3-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 045653f358b87d75087803934432e1470f6bf798fcb458780318cf230b8ef9c1
eap7-resteasy-crypto-3.15.3-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: b97508c6cb84914511c6aa4a5260afb212b01d0f4cce01a61f1e0060edd8d68f
eap7-resteasy-jackson-provider-3.15.3-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 5627ba27df5a03af7f75908e56fd12aa499bc46be8250a740cbd90de24a72109
eap7-resteasy-jackson2-provider-3.15.3-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 2d143ef225865db173284561173f77f51714b4a9db8669cd5d1c787c78bb9857
eap7-resteasy-jaxb-provider-3.15.3-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: ca4c197ab16ede681f4bcffee71c27a7e4221152b2dacb802d41ff9c117b5952
eap7-resteasy-jaxrs-3.15.3-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 8899a81f779182902aa671a3c5efd6b7cecb952dfeb7050214dd2e7d4375809c
eap7-resteasy-jettison-provider-3.15.3-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 864c5f5ec2cfd04f8baa67df7c9cf1f3c0560291ed4a440db80417c0da63ac1f
eap7-resteasy-jose-jwt-3.15.3-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: e65b7ac516a4da76087ea180f99c0dc7286af382a280242a1f4e0b00f66530d2
eap7-resteasy-jsapi-3.15.3-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: a12e673a3520746809e450a3a47ab44238d809b87638d8d02815da7a58680dc6
eap7-resteasy-json-binding-provider-3.15.3-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 692dd3fa1d16902ce3cfca437d5c5a542c3f676b7e17b9272955ffde8e37e223
eap7-resteasy-json-p-provider-3.15.3-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 11b3496be9b9c2fbba6ea4f266fa08c0f16ec0eea80384661f84c2daa0ca934a
eap7-resteasy-multipart-provider-3.15.3-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 95b9ff33942812a82b900d869dc336d270094043cddcb0948f48ae39db8d5ed9
eap7-resteasy-rxjava2-3.15.3-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: a1912fcbb06fd8cb333d29a5422fd5719fbae4075ed6c68a29c53108b820ef80
eap7-resteasy-spring-3.15.3-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 473f65be63e823c58e4aa83a4b97572b04a11ab11747931913f69dc0d29dd7bb
eap7-resteasy-validator-provider-11-3.15.3-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: ad8a02aaa296ffca6b31b92ccd7db66a00072444b689525d9763a4d6701b2af5
eap7-resteasy-yaml-provider-3.15.3-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 67066b15aa69c78e7221269dfc9556f9fad55d168023b0d8bb788d9e46319223
eap7-undertow-2.2.13-1.SP2_redhat_00001.1.el8eap.noarch.rpm SHA-256: 7b562e314215670efe0adfb8e4a86b67d03ee328d3a1f8affe4c523fdbfcfc39
eap7-undertow-server-1.9.2-2.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 3cbe48bc4491de2518c202d34d6678289fe0391abb864588eb7efaaaf30eaf7e
eap7-wildfly-7.4.3-5.GA_redhat_00002.1.el8eap.noarch.rpm SHA-256: 3e97c4115cd60e595cd0130f354098ecd19933b46d55d392484fcad6d62dc41f
eap7-wildfly-elytron-1.15.9-2.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 580dab90a5be51bb77ebe2f6d6664fec0367ad940922ff4dbbf7f15d3c8f02d9
eap7-wildfly-elytron-tool-1.15.9-2.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: c041fb8842bb68063edf8252fc978ff891f362b2c4e9408533930186f40a682e
eap7-wildfly-http-client-common-1.1.10-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: d8cb2629e43cf0c58e437afa71b4cc81dcc39f9853e8d897e9c8ddef2ab31d84
eap7-wildfly-http-ejb-client-1.1.10-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: fcbca69c2c0e251aff7eb075aa105d1b7616c9115a7a1946c049916c95f2a0f1
eap7-wildfly-http-naming-client-1.1.10-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: aa7c98585c9f42e4a70e3be309e4b5917cefedd5bff7617b9c12412805f610fa
eap7-wildfly-http-transaction-client-1.1.10-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 0505ac375a2b879442aa5ee2eabe0d2f0831ab31c658f7f361fd7e534593933b
eap7-wildfly-javadocs-7.4.3-5.GA_redhat_00002.1.el8eap.noarch.rpm SHA-256: 4e7af944249354de14e82c10617db4056ca3380381179c3c9cc85da55eecc66c
eap7-wildfly-modules-7.4.3-5.GA_redhat_00002.1.el8eap.noarch.rpm SHA-256: 230a446030984c02f3e76dbd579cae2618d7114e408be0ce8de718071039fb77

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.