Red Hat Product Errata RHSA-2022:8790 - Security Advisory
Issued:
2022-12-05
Updated:
2022-12-05

RHSA-2022:8790 - Security Advisory

Synopsis

Low: Red Hat JBoss Enterprise Application Platform 7.4.8 Security update

Type/Severity

Security Advisory: Low

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.8 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

  • undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)

Solution

Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258

Affected Products

  • JBoss Enterprise Application Platform 7.4 for RHEL 7 x86_64

Fixes

  • BZ - 2117506 - CVE-2022-2764 Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations
  • JBEAP-23833 - Tracker bug for the EAP 7.4.8 release for RHEL-7
  • JBEAP-23913 - [GSS](7.4.z) Upgrade HAL from 3.3.14.Final-redhat-00001 to 3.3.15.Final-redhat-00001
  • JBEAP-23997 - (7.4.z) Upgrade Infinispan from 11.0.15.Final-redhat-00001 to 11.0.16.Final-redhat-00001
  • JBEAP-23998 - [GSS](7.4.z) Upgrade Jakarta Mail from 1.6.5.redhat-00001 to 1.6.7.redhat-00001
  • JBEAP-24011 - [GSS](7.4.z) Upgrade to JBoss Marshalling from 2.0.12.Final-redhat-00001 to 2.0.13.Final-redhat-00001
  • JBEAP-24013 - (7.4.z) Upgrade WildFly Core from 15.0.18.Final-redhat-00001 to 15.0.19.Final-redhat-00001
  • JBEAP-24028 - [GSS](7.4.z) Upgrade Mojarra from 2.3.14.SP06-redhat-00001 to 2.3.14.SP07-redhat-00001
  • JBEAP-24030 - [GSS](7.4.z) Upgrade remoting from 5.0.25.SP1-redhat-00001 to 5.0.26.SP1-redhat-00001
  • JBEAP-24031 - [GSS](7.4.z) Upgrade wildfly-naming-client from 1.0.14.Final-redhat-00001 to 1.0.15.Final-redhat-00002

JBoss Enterprise Application Platform 7.4 for RHEL 7

SRPM
eap7-glassfish-javamail-1.6.7-1.redhat_00001.1.el7eap.src.rpm SHA-256: 44b4875a3fd5e641d6a41d9e6fb33b4d6572ced0aaf79430688c1f842b014911
eap7-glassfish-jsf-2.3.14-6.SP07_redhat_00001.1.el7eap.src.rpm SHA-256: eabe1554a37487fbd945eaa166a10f36e542b913843ce30f98ec6eff4ad0541d
eap7-hal-console-3.3.15-1.Final_redhat_00001.1.el7eap.src.rpm SHA-256: bdcd7d452a727aaae3de608ac96a683357cf1fab3291eef6b8e90b183638b5bd
eap7-infinispan-11.0.16-1.Final_redhat_00001.1.el7eap.src.rpm SHA-256: 659362ca5194abd56afa2c7aec4e538d89719155bada32561ec8e66f5fc1beca
eap7-jboss-marshalling-2.0.13-1.Final_redhat_00001.1.el7eap.src.rpm SHA-256: 7948909b54597b4e1a0b2e7e1279977e6bfadc62fa627fe66125765f0edcb2cd
eap7-jboss-remoting-5.0.26-1.SP1_redhat_00001.1.el7eap.src.rpm SHA-256: 688117ed30b17cfd19d955d65f0bfd15c7ce05289a502b5aec29a2c5fb207912
eap7-jboss-server-migration-1.10.0-21.Final_redhat_00020.1.el7eap.src.rpm SHA-256: 940e86e010ff0b55db0cc703d3eab6795a64be3154e62879eadda9ceed8e5953
eap7-undertow-2.2.20-1.SP1_redhat_00001.1.el7eap.src.rpm SHA-256: 3b352bfd625ead0c86a8ec4580b234114efc91f36fc5535b0e89ae40963cbbf7
eap7-wildfly-7.4.8-4.GA_redhat_00002.1.el7eap.src.rpm SHA-256: 9856e14e845dabf7624e22f22f495d349373700375e31b246fbb803a995e4281
eap7-wildfly-naming-client-1.0.15-1.Final_redhat_00002.1.el7eap.src.rpm SHA-256: 79c4f820f77a2fbbd763037704fe67ecd7f329048056959a3660b89c76d406ac
x86_64
eap7-glassfish-javamail-1.6.7-1.redhat_00001.1.el7eap.noarch.rpm SHA-256: 027452fcbe0b132a7b534b530e4d02ea0034f3f1b9a6af720feff09c44b9aa0a
eap7-glassfish-jsf-2.3.14-6.SP07_redhat_00001.1.el7eap.noarch.rpm SHA-256: 0609318b85c53adeb5b70f55cb2a74ffeb40d813d3325b9e4bf9bb148788fb08
eap7-hal-console-3.3.15-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: ee142be282e4775b8cbc3012c5191837b74a61bb56e65cf213312a70bd51ccac
eap7-infinispan-11.0.16-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: c34cd3fb88f4a494c33c6e4799e24ada4bcc8018b0f118b8a928da8bf01c3d9f
eap7-infinispan-cachestore-jdbc-11.0.16-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: 0468c75843d3020d8bff1572177771f4549ec809b82e81595eba931afe465a04
eap7-infinispan-cachestore-remote-11.0.16-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: e1e21398d84f7793a9f05dd5d506cfd0b32b43e0a7bfbc590fcb29f008c6c46e
eap7-infinispan-client-hotrod-11.0.16-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: de2e714628438dc02c2d08aac889f6076c70ce219f1641ef5b794e7ac2edd354
eap7-infinispan-commons-11.0.16-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: aface5665295f0a627d3580f2b39b0e76c00807250d2f303a2b41f05b0b0324b
eap7-infinispan-component-annotations-11.0.16-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: cb7b37a67e64a5b4c3b95ac3ce9716fb6cc568daa743ca2717cd3f598130ab9d
eap7-infinispan-core-11.0.16-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: 5f71f39a8815bcaaed0eb958c80b5bd15563405f16b9c36f1a8cce74ae05e186
eap7-infinispan-hibernate-cache-commons-11.0.16-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: c45e49b6e96d2b08a4e3326c36e41d4691db032401117ecce5ed7d18f0632b87
eap7-infinispan-hibernate-cache-spi-11.0.16-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: befe8fb592b6df833f9cdb15db25aa75f12455d7dc681c856342160770145896
eap7-infinispan-hibernate-cache-v53-11.0.16-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: 3793816c04306845d659663412e20158c1e474e5bf6840aeb36c5032e784034e
eap7-jboss-marshalling-2.0.13-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: 1d850a740c18fc4647afd92b7e441522b6a29dced11be58e559c2f970000c932
eap7-jboss-marshalling-river-2.0.13-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: 16453c13ceffcafc3d9ce7a761b543c99cbbd36a3308f85b5fc6775c29a8baf1
eap7-jboss-remoting-5.0.26-1.SP1_redhat_00001.1.el7eap.noarch.rpm SHA-256: 352b5a6ee8cc7bce4dbf72372acade9835475bd6e590139d85d2c153d837ec47
eap7-jboss-server-migration-1.10.0-21.Final_redhat_00020.1.el7eap.noarch.rpm SHA-256: 29ea66d9a1f25c97b63a16ca4ed8c0b7001872815fc02d8b7c707c9338b75bd6
eap7-jboss-server-migration-cli-1.10.0-21.Final_redhat_00020.1.el7eap.noarch.rpm SHA-256: 8f6133dd394c8e995589b9b905edd8844f0d496e669dfc5d7de7c07d54f70626
eap7-jboss-server-migration-core-1.10.0-21.Final_redhat_00020.1.el7eap.noarch.rpm SHA-256: 8bc89c1b67e103677493ac41abab33e367e5771fbb5b19f17abaf631d43dcae9
eap7-undertow-2.2.20-1.SP1_redhat_00001.1.el7eap.noarch.rpm SHA-256: 14dc906b5490b983f398ddecf4862ec8cf3b5646b35e77b47c2d4e3fdd1e6386
eap7-wildfly-7.4.8-4.GA_redhat_00002.1.el7eap.noarch.rpm SHA-256: 2adbacaf35805dcb3ff0b173840f7a43c08397265d3037f4f1883a3b9327dfbf
eap7-wildfly-java-jdk11-7.4.8-4.GA_redhat_00002.1.el7eap.noarch.rpm SHA-256: 56e01b9490d126de5396ef1767039e3cdcdb39664711c6858c126ea6079583f1
eap7-wildfly-java-jdk8-7.4.8-4.GA_redhat_00002.1.el7eap.noarch.rpm SHA-256: 169554c27c0b5396c3472f052c5f66058b249a8404f610a3a1d31b71c07a2298
eap7-wildfly-javadocs-7.4.8-4.GA_redhat_00002.1.el7eap.noarch.rpm SHA-256: 870f9e2049f87fd7fdcc9f9ba30b00604207571663a40c1d196dc4592bf87d0f
eap7-wildfly-modules-7.4.8-4.GA_redhat_00002.1.el7eap.noarch.rpm SHA-256: c0a5abad6d26bca65ac6c063c8fa2c880ba70d88342692b0998d09933b17d425
eap7-wildfly-naming-client-1.0.15-1.Final_redhat_00002.1.el7eap.noarch.rpm SHA-256: d27a515dc36ec4bb6535a6d6865fc2bd57d7213eddbc0200f29fda2f32c0e1d5

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.