Red Hat Product Errata RHSA-2022:8792 - Security Advisory
Issued:
2022-12-05
Updated:
2022-12-05

RHSA-2022:8792 - Security Advisory

Synopsis

Low: Red Hat JBoss Enterprise Application Platform 7.4.8 Security update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.8 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

  • undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)

Solution

Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258

Affected Products

  • JBoss Enterprise Application Platform 7.4 for RHEL 9 x86_64

Fixes

  • BZ - 2117506 - CVE-2022-2764 Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations
  • JBEAP-23835 - Tracker bug for the EAP 7.4.8 release for RHEL-9
  • JBEAP-23913 - [GSS](7.4.z) Upgrade HAL from 3.3.14.Final-redhat-00001 to 3.3.15.Final-redhat-00001
  • JBEAP-23997 - (7.4.z) Upgrade Infinispan from 11.0.15.Final-redhat-00001 to 11.0.16.Final-redhat-00001
  • JBEAP-23998 - [GSS](7.4.z) Upgrade Jakarta Mail from 1.6.5.redhat-00001 to 1.6.7.redhat-00001
  • JBEAP-24011 - [GSS](7.4.z) Upgrade to JBoss Marshalling from 2.0.12.Final-redhat-00001 to 2.0.13.Final-redhat-00001
  • JBEAP-24013 - (7.4.z) Upgrade WildFly Core from 15.0.18.Final-redhat-00001 to 15.0.19.Final-redhat-00001
  • JBEAP-24028 - [GSS](7.4.z) Upgrade Mojarra from 2.3.14.SP06-redhat-00001 to 2.3.14.SP07-redhat-00001
  • JBEAP-24030 - [GSS](7.4.z) Upgrade remoting from 5.0.25.SP1-redhat-00001 to 5.0.26.SP1-redhat-00001
  • JBEAP-24031 - [GSS](7.4.z) Upgrade wildfly-naming-client from 1.0.14.Final-redhat-00001 to 1.0.15.Final-redhat-00002

JBoss Enterprise Application Platform 7.4 for RHEL 9

SRPM
eap7-glassfish-javamail-1.6.7-1.redhat_00001.1.el9eap.src.rpm SHA-256: d4fb0a9703be653d4284b2b1ba102fe16c454b67dc7be25c640876ca93175653
eap7-glassfish-jsf-2.3.14-6.SP07_redhat_00001.1.el9eap.src.rpm SHA-256: 789d0c36cf350ffaf6123a82426e133c01c2a3b45f6f488961878195ec4dbbfe
eap7-hal-console-3.3.15-1.Final_redhat_00001.1.el9eap.src.rpm SHA-256: b860c620a9f68d20610ce7bfc436ecd46c33aed95e30ec8e40307e3ca04fab95
eap7-infinispan-11.0.16-1.Final_redhat_00001.1.el9eap.src.rpm SHA-256: 73a50eed840358f2e809bb6244711c333505a09e45dda29c29646f73b63228e9
eap7-jboss-marshalling-2.0.13-1.Final_redhat_00001.1.el9eap.src.rpm SHA-256: 4f0be1933f9063446e1db29038095de12828728c7829245ee7c6289914cd62c9
eap7-jboss-remoting-5.0.26-1.SP1_redhat_00001.1.el9eap.src.rpm SHA-256: 0d8a660c8ed1602dead7b4fd6ad49496ff7b5a71802b6bf66519504837df80ae
eap7-jboss-server-migration-1.10.0-21.Final_redhat_00020.1.el9eap.src.rpm SHA-256: 2add18352a923f8d1052c9c45c9f3b817178a0cb6639c8408ac29e096e31dc46
eap7-undertow-2.2.20-1.SP1_redhat_00001.1.el9eap.src.rpm SHA-256: 1df5d27262aa009a79fc080a63f3a32311ff43359a64b1f022a68985697254cf
eap7-wildfly-7.4.8-4.GA_redhat_00002.1.el9eap.src.rpm SHA-256: d36b8878852a7873d54be1c4c310c8b840b75598c1a5c74064010bec0e97caf3
eap7-wildfly-naming-client-1.0.15-1.Final_redhat_00002.1.el9eap.src.rpm SHA-256: a3dafa6491279577a5a293eebeaa7adbfc999a487baba2c3d771779af3aaa620
x86_64
eap7-glassfish-javamail-1.6.7-1.redhat_00001.1.el9eap.noarch.rpm SHA-256: d39655894459ff5c783f432ae2cb4c0a82ff6e9881265617e93eac8ea3689907
eap7-glassfish-jsf-2.3.14-6.SP07_redhat_00001.1.el9eap.noarch.rpm SHA-256: e81163e77c5e49ef39cbb998ed9706dac3e03722dac5c52157b395410da2ee19
eap7-hal-console-3.3.15-1.Final_redhat_00001.1.el9eap.noarch.rpm SHA-256: d772633edc3c4e974a28834722f5c016c8e1afdbd055b2e72f96de34c4de830a
eap7-infinispan-11.0.16-1.Final_redhat_00001.1.el9eap.noarch.rpm SHA-256: 8ee737668024a816b31537fa0c79061d04e07063a8c6e8fe86046553c36ddb22
eap7-infinispan-cachestore-jdbc-11.0.16-1.Final_redhat_00001.1.el9eap.noarch.rpm SHA-256: 1e21aaa63513886e3afb72c97f2f9e070a0e4cebdcb7c2842c72959168279c34
eap7-infinispan-cachestore-remote-11.0.16-1.Final_redhat_00001.1.el9eap.noarch.rpm SHA-256: 65a3536a419786d3ae9a4fbdc690f2328ed610da30c09204a4dc746d058ca16b
eap7-infinispan-client-hotrod-11.0.16-1.Final_redhat_00001.1.el9eap.noarch.rpm SHA-256: 1d219f4108cf01e2124b80489c67a48eab68a261f99e7675ce120d02b2fb2a30
eap7-infinispan-commons-11.0.16-1.Final_redhat_00001.1.el9eap.noarch.rpm SHA-256: 511a1fbea90630ab73ef877f23a9473ae9606e3f625ec1fbcdd54317ca387686
eap7-infinispan-component-annotations-11.0.16-1.Final_redhat_00001.1.el9eap.noarch.rpm SHA-256: f4cebc48433bf2c7f00a3ae7e144d9d5ba7709093a8dc5e73d6ab1545f650bdb
eap7-infinispan-core-11.0.16-1.Final_redhat_00001.1.el9eap.noarch.rpm SHA-256: f5c7a2fc0d0678fa1f8dccecf3d010e8fca7675858a314a216cb9e1ec8a512fb
eap7-infinispan-hibernate-cache-commons-11.0.16-1.Final_redhat_00001.1.el9eap.noarch.rpm SHA-256: 972543f6ad3f55a58852dc28b8de8c56427d6e85d4c991c1a4d33b9dc8947941
eap7-infinispan-hibernate-cache-spi-11.0.16-1.Final_redhat_00001.1.el9eap.noarch.rpm SHA-256: 644d8d7509cc5f3b65606ce5f1098b380eec48e08637b90fb4ebda660b910f97
eap7-infinispan-hibernate-cache-v53-11.0.16-1.Final_redhat_00001.1.el9eap.noarch.rpm SHA-256: 60859574d3a6edbf1bcdb154303afca36a7c357def7252533743e266eab989c2
eap7-jboss-marshalling-2.0.13-1.Final_redhat_00001.1.el9eap.noarch.rpm SHA-256: 27c87e5b9949bcccec843dd08c6628ad7ffd65ca5ae21016e5fb2e627af1a962
eap7-jboss-marshalling-river-2.0.13-1.Final_redhat_00001.1.el9eap.noarch.rpm SHA-256: 4c9e0dabe2fe262ed6c44dd69a7eaacec28cbbb29fae4ba52296e7a7dbf859db
eap7-jboss-remoting-5.0.26-1.SP1_redhat_00001.1.el9eap.noarch.rpm SHA-256: bc6856c2b4d24bc08494fdfb8334d56482b67f2af6982b4603239d4dce4a7bf8
eap7-jboss-server-migration-1.10.0-21.Final_redhat_00020.1.el9eap.noarch.rpm SHA-256: 5e1aa2bb719554c05d4d3874fae222108769b1122d616d5a2c90308246560310
eap7-jboss-server-migration-cli-1.10.0-21.Final_redhat_00020.1.el9eap.noarch.rpm SHA-256: 2a5e7f48257c3f824dc565070d1831fa21c56d74564c0608d3b7a9cb5c3b2434
eap7-jboss-server-migration-core-1.10.0-21.Final_redhat_00020.1.el9eap.noarch.rpm SHA-256: cee243b745f0a43451c3596f0115bbb82c87343fc9bb4b679d117edff17e40d5
eap7-undertow-2.2.20-1.SP1_redhat_00001.1.el9eap.noarch.rpm SHA-256: 74e1071f216fd15af36b62e45b94a9421b73f369f0917b7d5988929dff4200cb
eap7-wildfly-7.4.8-4.GA_redhat_00002.1.el9eap.noarch.rpm SHA-256: ea4d3797e14a7e1bc6cdd2846869c37eb167dfd4f770d47bef96ba4654f8a6f1
eap7-wildfly-javadocs-7.4.8-4.GA_redhat_00002.1.el9eap.noarch.rpm SHA-256: bc23bb8da29139992684ace0a4d77329e4b5f6885acf59b88116ca72cf682f67
eap7-wildfly-modules-7.4.8-4.GA_redhat_00002.1.el9eap.noarch.rpm SHA-256: f944fff48ce37be6659575c5ced568ddb442050d8f73bd277ff879818de00b70
eap7-wildfly-naming-client-1.0.15-1.Final_redhat_00002.1.el9eap.noarch.rpm SHA-256: 44602a3c1519a25faf47555f926d27ff191d3763f139ee7776d47e7a4b8aac13

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.