- Issued:
- 2023-02-14
- Updated:
- 2023-02-14
RHSA-2023:0756 - Security Advisory
Synopsis
Important: Red Hat JBoss Enterprise Application Platform 7.4.9 XP 4.0.0.GA Security release
Type/Severity
Security Advisory: Important
Topic
JBoss EAP XP 4.0.0.GA Security release on the EAP 7.4.9 base. See references for release notes.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Description
This is a cumulative patch release zip for the JBoss EAP XP 4.0.0 runtime distribution for use with EAP 7.4.9.
Security Fix(es):
- libksba: integer overflow to code execution (CVE-2022-47629)
- okhttp: information disclosure via improperly used cryptographic function (CVE-2021-0341)
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- JBoss Enterprise Application Platform Text-Only Advisories x86_64
Fixes
- BZ - 2154086 - CVE-2021-0341 okhttp: information disclosure via improperly used cryptographic function
- BZ - 2161571 - CVE-2022-47629 libksba: integer overflow to code execution
- JBEAP-24408 - EAP XP 4.0.0.GA for EAP 7.4.9
References
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/red_hat_jboss_eap_xp_4.0.0_release_notes/
- https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html/jboss_eap_xp_4.0_upgrade_and_migration_guide/index
- https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/using_jboss_eap_xp_4.0.0/index
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.