Issued:: 2024-12-10
Updated:: 2024-12-10

RHSA-2024:10927 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: Red Hat JBoss Enterprise Application Platform 7.4.20 Security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.20 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.19, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.20 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

UNDERTOW-2511- information leakage via HTTP/2 request header reuse [eap-7.4.z] (CVE-2024-4109)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258

Affected Products

JBoss Enterprise Application Platform 7.4 for RHEL 7 x86_64

Fixes

BZ - 2272325 - CVE-2024-4109 undertow: information leakage via HTTP/2 request header reuse
JBEAP-27637 - Tracker bug for the EAP 7.4.20 release for RHEL-7
JBEAP-27647 - (7.4.z) Upgrade JBoss Remoting 5.0.29.Final-redhat-00001 to 5.0.30.Final-redhat-00001
JBEAP-28050 - (7.4.z) Upgrade Wildfly Core from 15.0.39.Final-redhat-00001 to 15.0.40.Final-redhat-00002
JBEAP-28107 - (7.4.z) Upgrade resteasy from 3.15.9.Final-redhat-00001 to 3.15.10.Final-redhat-00001
JBEAP-28132 - (7.4.z) Upgrade WildFly Http Client from 1.1.17.Final-redhat-00002 to 1.1.18.Final
JBEAP-28183 - (7.4.z) Upgrade JBossws cxf from 5.4.12.Final-redhat-00001 to 5.4.13.Final-redhat-00001
JBEAP-28192 - (7.4.z) Upgrade artemis from 2.16.0.redhat-00052 to 2.16.0.redhat-00053
JBEAP-28238 - (7.4.z) Upgrade ejb-client from 4.0.55.Final-redhat-00001 to 4.0.56.Final-redhat-00001
JBEAP-28263 - (7.4.z) Upgrade log4j-jboss-logmanager from 1.3.1.Final-redhat-00002 to 1.3.1.Final-redhat-00003
JBEAP-28267 - (7.4.z) Upgrade jaxen from 1.1.6.redhat-2 to 1.1.6.redhat-00003
JBEAP-28268 - (7.4.z) Upgrade woodstox-core from 6.4.0.redhat-00001 to 6.4.0.redhat-00003
JBEAP-28270 - (7.4.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00016 to 2.5.5.SP12-redhat-00017
JBEAP-28277 - (7.4.z) Upgrade byte-buddy from 1.11.12.redhat-00002 to 1.11.12.redhat-00003

CVEs

CVE-2024-4109

References

Note: More recent versions of these packages may be available. Click a package name for more details.

JBoss Enterprise Application Platform 7.4 for RHEL 7

SRPM
eap7-activemq-artemis-2.16.0-19.redhat_00053.1.el7eap.src.rpm	SHA-256: c30827051d89cfb634b5ecaa70f3bdf6fbff8c84955407947b521850cd40275b
eap7-byte-buddy-1.11.12-3.redhat_00003.1.el7eap.src.rpm	SHA-256: 8866a1dd50c77c3ca983b89ddc8b47857f4e41ceb015146cb6bc1f98ef0fae54
eap7-jaxen-1.1.6-15.redhat_00003.1.el7eap.src.rpm	SHA-256: 6214f482e5701d4c94cbf9872f708fee872b9d8a22ee95c782327f5850a207b5
eap7-jboss-ejb-client-4.0.56-1.Final_redhat_00001.1.el7eap.src.rpm	SHA-256: ffd1b3cfc54d7c3592f96f9f87fd89cc7f3cd1befc335bff86806b05f802096c
eap7-jboss-remoting-5.0.30-1.Final_redhat_00001.1.el7eap.src.rpm	SHA-256: 547e7d3b4da03fede834761320341647dcf26bcfb0e00860bac0066eef8d3290
eap7-jboss-server-migration-1.10.0-40.Final_redhat_00040.1.el7eap.src.rpm	SHA-256: 97b054c4ef749bb6e92190a73702c96078dadca69d57ec3b43fa98db4694e6ff
eap7-jbossws-cxf-5.4.13-1.Final_redhat_00001.1.el7eap.src.rpm	SHA-256: 16bb11567ae44e622bb75aed03c5955c4d9283501dd390343ffad6ba49c6cd7d
eap7-log4j-jboss-logmanager-1.3.1-2.Final_redhat_00003.1.el7eap.src.rpm	SHA-256: c241aabcdc447a32bc1736af37ef060ffc9bd511068b23ba19345f11dc167665
eap7-picketlink-bindings-2.5.5-28.SP12_redhat_00017.1.el7eap.src.rpm	SHA-256: 2b9a98b2f1bf42671c20123fa8df112e4b16833c3e86affe9d416850c5416a03
eap7-resteasy-3.15.10-1.Final_redhat_00001.1.el7eap.src.rpm	SHA-256: 6756f374123868d6d1e0298a38f25c02b1a17dfa607bc96c807ad8c5682150fb
eap7-undertow-2.2.37-1.SP2_redhat_00001.1.el7eap.src.rpm	SHA-256: 841e9876500851f31f6420822be7241b72d5b9379a3980571d63174c8a853e8e
eap7-wildfly-7.4.20-2.GA_redhat_00001.1.el7eap.src.rpm	SHA-256: 875c3fcb48dfaa26d14629a6a81521fce5b86405837442aa7678810d611b5128
eap7-wildfly-http-client-1.1.18-1.Final_redhat_00001.1.el7eap.src.rpm	SHA-256: 44c4686cefec142aaf3b2ca1d303174ec1eebc04045067ac3ff8626ec729d371
eap7-woodstox-core-6.4.0-2.redhat_00003.1.el7eap.src.rpm	SHA-256: 856cb99950b98df35e09f9c6aa97869b9e75e2ff36df0a1bf01f8dec0b7cad7a
x86_64
eap7-activemq-artemis-2.16.0-19.redhat_00053.1.el7eap.noarch.rpm	SHA-256: 4cf301c8d9a9fc816218ee3e692548951308fa0a5d769144bc78f31ab4a36356
eap7-activemq-artemis-cli-2.16.0-19.redhat_00053.1.el7eap.noarch.rpm	SHA-256: 351c3ec948d86f21c46893399e1a4f692d88f67e1310cc66c5e8acc7ec0e1dbf
eap7-activemq-artemis-commons-2.16.0-19.redhat_00053.1.el7eap.noarch.rpm	SHA-256: ea5f0f086ac46bb2b99a47dc4a7dc9a04db4cf69618167b9a6287a6e188e6912
eap7-activemq-artemis-core-client-2.16.0-19.redhat_00053.1.el7eap.noarch.rpm	SHA-256: 584897ebcb367d9236953bbfbd69fa1b168172d1d8257a66e842c130d5e8e261
eap7-activemq-artemis-dto-2.16.0-19.redhat_00053.1.el7eap.noarch.rpm	SHA-256: a93bd9315d50c110ca9d35d6ef432d59ca40b6fe90256d6be34ef101742b3f59
eap7-activemq-artemis-hornetq-protocol-2.16.0-19.redhat_00053.1.el7eap.noarch.rpm	SHA-256: 1e363c6237ba95390c55d9d3ca78946cf2588affae59cb785340b57b24597f07
eap7-activemq-artemis-hqclient-protocol-2.16.0-19.redhat_00053.1.el7eap.noarch.rpm	SHA-256: 5507786c3c78beb5249a00b68c7e43083f0f539407f41b00dad8accf6d676f6b
eap7-activemq-artemis-jdbc-store-2.16.0-19.redhat_00053.1.el7eap.noarch.rpm	SHA-256: e3853db885119f65e07c52bf356068700e2a4c9b653d348966db5d4bdc038ef7
eap7-activemq-artemis-jms-client-2.16.0-19.redhat_00053.1.el7eap.noarch.rpm	SHA-256: caf6796f74145d223d58bfd60946e3f8c0bf119d3a2bf1a8978db8be9904381e
eap7-activemq-artemis-jms-server-2.16.0-19.redhat_00053.1.el7eap.noarch.rpm	SHA-256: 069d90146c0cea028658482ee07b4eb56e6508777fecd94d9f36ad347d4f9836
eap7-activemq-artemis-journal-2.16.0-19.redhat_00053.1.el7eap.noarch.rpm	SHA-256: 1a09f534c2ecde18e7aedb90a177a6db8ff3e33dad8e15a59e0caecf4899d114
eap7-activemq-artemis-ra-2.16.0-19.redhat_00053.1.el7eap.noarch.rpm	SHA-256: d9467897675679eee789fa39a0e783ac77634776f746674c0a11f406fce3bd89
eap7-activemq-artemis-selector-2.16.0-19.redhat_00053.1.el7eap.noarch.rpm	SHA-256: 4fe7c189390d46c9118128b4ff9fbe4b4939810e09a5169a566d8d9f521a2373
eap7-activemq-artemis-server-2.16.0-19.redhat_00053.1.el7eap.noarch.rpm	SHA-256: 687e612051616b521dd0c1d950ffb60d1a308003ef01533f83bffaf135b3c927
eap7-activemq-artemis-service-extensions-2.16.0-19.redhat_00053.1.el7eap.noarch.rpm	SHA-256: 5c61b1f50a19fbaa895d496540263c1d9e7262d000cce8d8da1676391a14da62
eap7-activemq-artemis-tools-2.16.0-19.redhat_00053.1.el7eap.noarch.rpm	SHA-256: 08bcf929904e575d5af8e714b9483c1bb49e7edfd192a3b9cfde45b3407a944b
eap7-byte-buddy-1.11.12-3.redhat_00003.1.el7eap.noarch.rpm	SHA-256: 4394f4ee9d2a9af09713b5f4b81850558a1847a7dc644c767717a3d50c9c063d
eap7-jaxen-1.1.6-15.redhat_00003.1.el7eap.noarch.rpm	SHA-256: e50238e40b0926a162f62fed9b8eec0d2700f6c14b72d2967a1ce9c7f3ad1b4a
eap7-jboss-ejb-client-4.0.56-1.Final_redhat_00001.1.el7eap.noarch.rpm	SHA-256: 61c492b7fc63d17fac1f0a1d05f0285677338c1ae31a208077f1d3a075d713d6
eap7-jboss-remoting-5.0.30-1.Final_redhat_00001.1.el7eap.noarch.rpm	SHA-256: 02e582c7ca8f28c64991b6567cdf66be65027ac18b5b85ab76605148648b11de
eap7-jboss-server-migration-1.10.0-40.Final_redhat_00040.1.el7eap.noarch.rpm	SHA-256: 85fea5b4b99b63784b976fa66b2149e134432f12e6062011db607d39f79b1285
eap7-jboss-server-migration-cli-1.10.0-40.Final_redhat_00040.1.el7eap.noarch.rpm	SHA-256: daf187940a2c2897c19a90da637a3bbca122e312632c43c44cd020072a6dc88b
eap7-jboss-server-migration-core-1.10.0-40.Final_redhat_00040.1.el7eap.noarch.rpm	SHA-256: aed29309bba955cb9cf345b80cf124f038d64d2accdad35cfbca8b1c077b7ae9
eap7-jbossws-cxf-5.4.13-1.Final_redhat_00001.1.el7eap.noarch.rpm	SHA-256: 6b7a0bc201857205af494746245c493b8329fee617e93bcef92a8fdbe3a522bd
eap7-log4j-jboss-logmanager-1.3.1-2.Final_redhat_00003.1.el7eap.noarch.rpm	SHA-256: 9eac09f66971a8fb006e3b1d565255ca179d68dd23b5cbb935e4a57b84e148e0
eap7-picketlink-bindings-2.5.5-28.SP12_redhat_00017.1.el7eap.noarch.rpm	SHA-256: 749a4202f1ba79d4383cb375f8421784af2b7effaab337c13d2dd4978872f659
eap7-picketlink-wildfly8-2.5.5-28.SP12_redhat_00017.1.el7eap.noarch.rpm	SHA-256: 0644f37f0a7f48881265227f5ca92467b062dd9552250ea890f78b1df80effed
eap7-resteasy-3.15.10-1.Final_redhat_00001.1.el7eap.noarch.rpm	SHA-256: 6ef7ba9b04b8fdf5770d77aadbd41f8432d76b6a776452e7a25d6495356c58f6
eap7-resteasy-atom-provider-3.15.10-1.Final_redhat_00001.1.el7eap.noarch.rpm	SHA-256: 0f6212f5616c76c25fa30f0c5e5ab389ff85f0e2e6347f71fe40b176b05dccac
eap7-resteasy-cdi-3.15.10-1.Final_redhat_00001.1.el7eap.noarch.rpm	SHA-256: 6d42aaa901a5fbebe2d7c47ca4560a8814665f7a50adf58203c9c07a7625422a
eap7-resteasy-client-3.15.10-1.Final_redhat_00001.1.el7eap.noarch.rpm	SHA-256: c9bb29840a235bfbee06a2d68dced777e9dbe15a69c55d5bd788aa90f0a3d614
eap7-resteasy-crypto-3.15.10-1.Final_redhat_00001.1.el7eap.noarch.rpm	SHA-256: 3d56dce89bfbdc90cdf6f72386c14636a14b651f15afc841ef0dc5024a0c5cd8
eap7-resteasy-jackson-provider-3.15.10-1.Final_redhat_00001.1.el7eap.noarch.rpm	SHA-256: d352a56d9a17a5dca8f453b83506c92e33219346aebc039ab07213c9af91c3fa
eap7-resteasy-jackson2-provider-3.15.10-1.Final_redhat_00001.1.el7eap.noarch.rpm	SHA-256: 843635801473cd557c7165869c02b9276b90c776dab2e826f60331c3af937778
eap7-resteasy-jaxb-provider-3.15.10-1.Final_redhat_00001.1.el7eap.noarch.rpm	SHA-256: 1f2b1ab6a76d74d3a7eef7ce5e0b7a223fea5d10fd71acb72c2c55d69dd7088e
eap7-resteasy-jaxrs-3.15.10-1.Final_redhat_00001.1.el7eap.noarch.rpm	SHA-256: 625d2d3c283e31108f37afa1e17a02556887644f987d249ca497d3c7b2f14832
eap7-resteasy-jettison-provider-3.15.10-1.Final_redhat_00001.1.el7eap.noarch.rpm	SHA-256: 45a809510d42cb94315a02138194449f24f36b1fc9c335a3a68708ed99b0acbe
eap7-resteasy-jose-jwt-3.15.10-1.Final_redhat_00001.1.el7eap.noarch.rpm	SHA-256: 7b86d7eed74a857079a5d333eb1fc73e57f0e49f614914b6230670abf2697a00
eap7-resteasy-jsapi-3.15.10-1.Final_redhat_00001.1.el7eap.noarch.rpm	SHA-256: ec047279d4dd2b4d42f831baeea1e840627fda4b49e658c6a23163bc452a94f6
eap7-resteasy-json-binding-provider-3.15.10-1.Final_redhat_00001.1.el7eap.noarch.rpm	SHA-256: 48e0858de5f4a3eb7de7f77e71afdc990b80d625ff4bbe4f66b52067a3da5057
eap7-resteasy-json-p-provider-3.15.10-1.Final_redhat_00001.1.el7eap.noarch.rpm	SHA-256: 9cc50954f7e833c6f88c883eb34f77e3e56a130075cbc112052b9c2af9f3f319
eap7-resteasy-multipart-provider-3.15.10-1.Final_redhat_00001.1.el7eap.noarch.rpm	SHA-256: 568321932a5116826a25af5306a1005939c7c77060ca1075536c8874cac8f818
eap7-resteasy-rxjava2-3.15.10-1.Final_redhat_00001.1.el7eap.noarch.rpm	SHA-256: 3b1ccf23526f498ed505138872a759e5f7a0217e70a4fe4eacb5e10d8d92aeb9
eap7-resteasy-spring-3.15.10-1.Final_redhat_00001.1.el7eap.noarch.rpm	SHA-256: fd3cca3c27bf8c548b60ec722fd413dceb0ad2fda94683ac8057e1756a4f3d3c
eap7-resteasy-validator-provider-11-3.15.10-1.Final_redhat_00001.1.el7eap.noarch.rpm	SHA-256: 5e44241633dcc43f53a225e30d1400a2acc710ee64559c97088c7767793729c2
eap7-resteasy-yaml-provider-3.15.10-1.Final_redhat_00001.1.el7eap.noarch.rpm	SHA-256: 0bc9f2ed6dc56eec1875a12cc708be31a486084d1f645526a1b423e828a09e4d
eap7-undertow-2.2.37-1.SP2_redhat_00001.1.el7eap.noarch.rpm	SHA-256: db8d3e366c9178f35c90eec92081eb81200350bc0424199e932d3278a5e2b16d
eap7-wildfly-7.4.20-2.GA_redhat_00001.1.el7eap.noarch.rpm	SHA-256: b330989f9b33e959361848f38d49028a7d10689c520e9f08580b0349faee0be0
eap7-wildfly-http-client-common-1.1.18-1.Final_redhat_00001.1.el7eap.noarch.rpm	SHA-256: 5e153ef8464930ff348f156440ea3c73614e695e706ac7e6d88894914008b1d2
eap7-wildfly-http-ejb-client-1.1.18-1.Final_redhat_00001.1.el7eap.noarch.rpm	SHA-256: 1b8ec1959d3b72117f38d269d45adab32c37ac472967780fe6f9832c597d3754
eap7-wildfly-http-naming-client-1.1.18-1.Final_redhat_00001.1.el7eap.noarch.rpm	SHA-256: 9f0904fcf925c0133642244a812e78781e2da996773cccc91618c18716811ab9
eap7-wildfly-http-transaction-client-1.1.18-1.Final_redhat_00001.1.el7eap.noarch.rpm	SHA-256: 7f9a46bde7f399b7e1532d9732d90efeba2ef22dc6c2ffd45c929a0780f925dc
eap7-wildfly-java-jdk11-7.4.20-2.GA_redhat_00001.1.el7eap.noarch.rpm	SHA-256: 8c5f9465a693debee20b0a5e6e1744bd6bd9c183b962c391b1400c6e17c9ff8c
eap7-wildfly-java-jdk8-7.4.20-2.GA_redhat_00001.1.el7eap.noarch.rpm	SHA-256: 0fb533cfa61a05043833e6a5f802cd2cde1c793100b436a9a64a0fb5d6ecfc22
eap7-wildfly-javadocs-7.4.20-2.GA_redhat_00001.1.el7eap.noarch.rpm	SHA-256: 609841e7513b18178956c17656a7395eac8b343355cc7bdc64b85d129a769675
eap7-wildfly-modules-7.4.20-2.GA_redhat_00001.1.el7eap.noarch.rpm	SHA-256: ba8710e56ee2b39222dab581eacaac64c235bce97239e165f4ed1711a0aec5c3
eap7-woodstox-core-6.4.0-2.redhat_00003.1.el7eap.noarch.rpm	SHA-256: 4bd2c9cc3bd62ef65bedd630f190481f7ddad412e9d092ed328a82fd03865a6f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation