Red Hat Product Errata RHSA-2022:8791 - Security Advisory
Issued:
2022-12-05
Updated:
2022-12-05

RHSA-2022:8791 - Security Advisory

Synopsis

Low: Red Hat JBoss Enterprise Application Platform 7.4.8 Security update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.8 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

  • undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)

Solution

Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258

Affected Products

  • JBoss Enterprise Application Platform 7.4 for RHEL 8 x86_64

Fixes

  • BZ - 2117506 - CVE-2022-2764 Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations
  • JBEAP-23834 - Tracker bug for the EAP 7.4.8 release for RHEL-8
  • JBEAP-23913 - [GSS](7.4.z) Upgrade HAL from 3.3.14.Final-redhat-00001 to 3.3.15.Final-redhat-00001
  • JBEAP-23997 - (7.4.z) Upgrade Infinispan from 11.0.15.Final-redhat-00001 to 11.0.16.Final-redhat-00001
  • JBEAP-23998 - [GSS](7.4.z) Upgrade Jakarta Mail from 1.6.5.redhat-00001 to 1.6.7.redhat-00001
  • JBEAP-24011 - [GSS](7.4.z) Upgrade to JBoss Marshalling from 2.0.12.Final-redhat-00001 to 2.0.13.Final-redhat-00001
  • JBEAP-24013 - (7.4.z) Upgrade WildFly Core from 15.0.18.Final-redhat-00001 to 15.0.19.Final-redhat-00001
  • JBEAP-24028 - [GSS](7.4.z) Upgrade Mojarra from 2.3.14.SP06-redhat-00001 to 2.3.14.SP07-redhat-00001
  • JBEAP-24030 - [GSS](7.4.z) Upgrade remoting from 5.0.25.SP1-redhat-00001 to 5.0.26.SP1-redhat-00001
  • JBEAP-24031 - [GSS](7.4.z) Upgrade wildfly-naming-client from 1.0.14.Final-redhat-00001 to 1.0.15.Final-redhat-00002

JBoss Enterprise Application Platform 7.4 for RHEL 8

SRPM
eap7-glassfish-javamail-1.6.7-1.redhat_00001.1.el8eap.src.rpm SHA-256: 990e9e7ec1d5563dfad7791ba5491a532513b14a6ad195c93ebf700701e98a22
eap7-glassfish-jsf-2.3.14-6.SP07_redhat_00001.1.el8eap.src.rpm SHA-256: 3bc523f9f119710939886144b6f581ce2c68778c5f607ccec8ae0799c76e9931
eap7-hal-console-3.3.15-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: 1f43ebfe4c94752bfe1a4805f3f35f5dfbf94957894de8fe60f845d384701592
eap7-infinispan-11.0.16-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: 2782e92fc0c851eaae1a93b62c82cdd9fdd74bf3357a89f11cff1fdb39cf5790
eap7-jboss-marshalling-2.0.13-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: 3bc5bb7975e8c8765208a13975390ddd82f64358f4e8829bb0b59c8322a675d4
eap7-jboss-remoting-5.0.26-1.SP1_redhat_00001.1.el8eap.src.rpm SHA-256: 139ea23e7b4152de2fe1fe2a520f7d5e3396d4f787eed201306cb075a8c0af2c
eap7-jboss-server-migration-1.10.0-21.Final_redhat_00020.1.el8eap.src.rpm SHA-256: 8d9310f29adcd203d6565856e121abe7d60df9f9a3cf8fa4a580ef63dc7b8de3
eap7-undertow-2.2.20-1.SP1_redhat_00001.1.el8eap.src.rpm SHA-256: 6b70e245f493423fc6e4ac304bfcaf09bd7e5406865b79e98aa181061241d2e8
eap7-wildfly-7.4.8-4.GA_redhat_00002.1.el8eap.src.rpm SHA-256: 405116037cbe031e43a016533a52d60f58a4da7a91db8359a5d1426bbd25f62e
eap7-wildfly-naming-client-1.0.15-1.Final_redhat_00002.1.el8eap.src.rpm SHA-256: fb75722accce5850dbba7621e478078573a44f00fe00f3c9b4e0567ae396e7f0
x86_64
eap7-glassfish-javamail-1.6.7-1.redhat_00001.1.el8eap.noarch.rpm SHA-256: 175270a235449a30504adeb0acea50978a2037b712a49bf049af1163cf753448
eap7-glassfish-jsf-2.3.14-6.SP07_redhat_00001.1.el8eap.noarch.rpm SHA-256: 40764300711f086a034db7736c9e987ae1b60d2689ff2ec9aab1884113b35110
eap7-hal-console-3.3.15-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: b6b008ff724b8b9f2bdcb36aa2fda5ec6109b1c901eedf8eff041e2e0d929217
eap7-infinispan-11.0.16-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 26a1630c9cdb9ad53a22f078f3e41dd0d0607ea2d5c2f2fea6e7fe5282693671
eap7-infinispan-cachestore-jdbc-11.0.16-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 1ebd407f7eacaf3712ba769b2e176cb950b8ac52f682b61c49bc3fe6a57dd290
eap7-infinispan-cachestore-remote-11.0.16-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 79aaa66cdf78ffe70e3969bac55d9b13325da92c7cbd7b0698ce60484d0c3c8a
eap7-infinispan-client-hotrod-11.0.16-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 415360a5b9475ee651dc5acf6d92c0980b4cde9bf2a96b27b03274ceff26c008
eap7-infinispan-commons-11.0.16-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 77be772bfad29a8a28cd751e752feb2dba6730ec81b4348917df132b4cfe807b
eap7-infinispan-component-annotations-11.0.16-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: d8bc33b5fdc3be3270ca1434ddf48ca1620fadd83fd4eaf33abc9442d46a87b0
eap7-infinispan-core-11.0.16-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 45264272b6f1a8044f39103d4c5ee728bc7aa3ce16eed32776ff6f85eda7d087
eap7-infinispan-hibernate-cache-commons-11.0.16-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 0348fde56d61d4c6376a7cfd358332234344955f4aa66c48face7ac92cb41518
eap7-infinispan-hibernate-cache-spi-11.0.16-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 901018d54dbce28cb364e522047c741cbb15d4518fda8895cc48d546095163a1
eap7-infinispan-hibernate-cache-v53-11.0.16-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: e94712da9ae90887248fa8d37bac2a2b0a4186cfdae9b04a6316112c72ef8feb
eap7-jboss-marshalling-2.0.13-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: f90d243200743d89b279c275f8516df57a044a79b328fc7ec91c22e2168a4c1a
eap7-jboss-marshalling-river-2.0.13-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 65b8fb648b22f8bbec2432611eceef46fabcbd2414384eab26e5a82d9d4f6f55
eap7-jboss-remoting-5.0.26-1.SP1_redhat_00001.1.el8eap.noarch.rpm SHA-256: 3ed28e9a5359f3a5f3e77c7c102964f0a0ea89fdbbdf49fb864f89808ef045ff
eap7-jboss-server-migration-1.10.0-21.Final_redhat_00020.1.el8eap.noarch.rpm SHA-256: 18676460f72706a690ee107c4c7d9978b821d2af2634a008c22b33c841c1713f
eap7-jboss-server-migration-cli-1.10.0-21.Final_redhat_00020.1.el8eap.noarch.rpm SHA-256: 3dbd9b4956b827bfa91e1c60af690730a9da86db73461e3a71b0bdb2fc80ca43
eap7-jboss-server-migration-core-1.10.0-21.Final_redhat_00020.1.el8eap.noarch.rpm SHA-256: 5b3ae1a3573d433f6488650ee612ef076ce8c8d7c0f6c0a048bed5d2eb39066b
eap7-undertow-2.2.20-1.SP1_redhat_00001.1.el8eap.noarch.rpm SHA-256: a0df432e14e13f6caaf7b0b9e1254ad9b704877b24e200b17fb7d905f560a96c
eap7-wildfly-7.4.8-4.GA_redhat_00002.1.el8eap.noarch.rpm SHA-256: 7ab1711d8484d91e5e93d9d3f8dd7d0394b28f00985e8ced92e1beab99a6379c
eap7-wildfly-javadocs-7.4.8-4.GA_redhat_00002.1.el8eap.noarch.rpm SHA-256: b26a42b48b9327516d862d71724002cb21b48340e2f7fdddfeccfc731d7d611a
eap7-wildfly-modules-7.4.8-4.GA_redhat_00002.1.el8eap.noarch.rpm SHA-256: 6e264ff4f70afa120babfb827b7a722d5b9989eac9a9e5e0db553f90428812ec
eap7-wildfly-naming-client-1.0.15-1.Final_redhat_00002.1.el8eap.noarch.rpm SHA-256: 5c5bdfdcf78fb21540d61eb6a73fe89bbb3dd2bed3321864228ee0e2b3048429

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.