Issued:: 2024-12-10
Updated:: 2024-12-10

RHSA-2024:10928 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: Red Hat JBoss Enterprise Application Platform 7.4.20 Security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.20 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.19, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.20 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

UNDERTOW-2511- information leakage via HTTP/2 request header reuse [eap-7.4.z] (CVE-2024-4109)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258

Affected Products

JBoss Enterprise Application Platform 7.4 for RHEL 8 x86_64

Fixes

BZ - 2272325 - CVE-2024-4109 undertow: information leakage via HTTP/2 request header reuse
JBEAP-27638 - Tracker bug for the EAP 7.4.20 release for RHEL-8
JBEAP-27647 - (7.4.z) Upgrade JBoss Remoting 5.0.29.Final-redhat-00001 to 5.0.30.Final-redhat-00001
JBEAP-28050 - (7.4.z) Upgrade Wildfly Core from 15.0.39.Final-redhat-00001 to 15.0.40.Final-redhat-00002
JBEAP-28107 - (7.4.z) Upgrade resteasy from 3.15.9.Final-redhat-00001 to 3.15.10.Final-redhat-00001
JBEAP-28132 - (7.4.z) Upgrade WildFly Http Client from 1.1.17.Final-redhat-00002 to 1.1.18.Final
JBEAP-28183 - (7.4.z) Upgrade JBossws cxf from 5.4.12.Final-redhat-00001 to 5.4.13.Final-redhat-00001
JBEAP-28192 - (7.4.z) Upgrade artemis from 2.16.0.redhat-00052 to 2.16.0.redhat-00053
JBEAP-28238 - (7.4.z) Upgrade ejb-client from 4.0.55.Final-redhat-00001 to 4.0.56.Final-redhat-00001
JBEAP-28263 - (7.4.z) Upgrade log4j-jboss-logmanager from 1.3.1.Final-redhat-00002 to 1.3.1.Final-redhat-00003
JBEAP-28267 - (7.4.z) Upgrade jaxen from 1.1.6.redhat-2 to 1.1.6.redhat-00003
JBEAP-28268 - (7.4.z) Upgrade woodstox-core from 6.4.0.redhat-00001 to 6.4.0.redhat-00003
JBEAP-28270 - (7.4.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00016 to 2.5.5.SP12-redhat-00017
JBEAP-28277 - (7.4.z) Upgrade byte-buddy from 1.11.12.redhat-00002 to 1.11.12.redhat-00003

CVEs

CVE-2024-4109

References

Note: More recent versions of these packages may be available. Click a package name for more details.

JBoss Enterprise Application Platform 7.4 for RHEL 8

SRPM
eap7-activemq-artemis-2.16.0-19.redhat_00053.1.el8eap.src.rpm	SHA-256: d800c024d967d76c10d1e182f5b11cc1b9c088b83e8b28b019028c86be87a3e6
eap7-byte-buddy-1.11.12-3.redhat_00003.1.el8eap.src.rpm	SHA-256: 82e4228f2fd6a0becd5bdd1006aaed86da3aa9578bfb037b20b88f7515470ebb
eap7-jaxen-1.1.6-15.redhat_00003.1.el8eap.src.rpm	SHA-256: 733b296392dfd441b946c30b0ddb286503b07954b1a8a1439417918dba58f207
eap7-jboss-ejb-client-4.0.56-1.Final_redhat_00001.1.el8eap.src.rpm	SHA-256: fe02ea158249f79bc07c0919d1b4afdf5fb4f832060a5586ddd9aaced62b7af0
eap7-jboss-remoting-5.0.30-1.Final_redhat_00001.1.el8eap.src.rpm	SHA-256: ae365b09268cf8f2af6b199aaf3b5b2e13f3ca1816884b6cd95cbf66c475e190
eap7-jboss-server-migration-1.10.0-40.Final_redhat_00040.1.el8eap.src.rpm	SHA-256: 32d2d8cc437e91e74068c29cebf6a08cedf7a43b6e61eeaa4793d87483c30da4
eap7-jbossws-cxf-5.4.13-1.Final_redhat_00001.1.el8eap.src.rpm	SHA-256: 52cb7589f744dad659de6fb3acf8869e4e781f731fb4c9bd3cf24e4cfb1f9f8c
eap7-log4j-jboss-logmanager-1.3.1-2.Final_redhat_00003.1.el8eap.src.rpm	SHA-256: fd24c88458a33530409d655b07e734c96e4009698dad31eb33d7f2f8c1a0c0d9
eap7-picketlink-bindings-2.5.5-28.SP12_redhat_00017.1.el8eap.src.rpm	SHA-256: 8b2adda27ab4b56589d4f7c426794923e8f6f7fb0e82a09be8b2405850bbff3c
eap7-resteasy-3.15.10-1.Final_redhat_00001.1.el8eap.src.rpm	SHA-256: 005143efd470dd23f62cd0dcad69e1e989311baadc35972f2501cb1da26750e8
eap7-undertow-2.2.37-1.SP2_redhat_00001.1.el8eap.src.rpm	SHA-256: d517227c81f1c67fd79dbd7d79740cd9c4b6cc171e30e7023f28e13d30f68fef
eap7-wildfly-7.4.20-2.GA_redhat_00001.1.el8eap.src.rpm	SHA-256: 2c9ed05a612361f7d8b6ba63a6c01f1b599fe23da23acc155d82411042724ab1
eap7-wildfly-http-client-1.1.18-1.Final_redhat_00001.1.el8eap.src.rpm	SHA-256: 9851197cda212eb75eb22f039f97829891e1913e5592c7d8ef622c0a7d2f3a92
eap7-woodstox-core-6.4.0-2.redhat_00003.1.el8eap.src.rpm	SHA-256: b3f396b58ec76a491272bf7d8594f9fdc08aa79b6f6541b296dd378dd2321bcc
x86_64
eap7-activemq-artemis-2.16.0-19.redhat_00053.1.el8eap.noarch.rpm	SHA-256: bfd133e254b33fca1440da38acfa7a7f4adf98e2283fb947c6950d600c2780e0
eap7-activemq-artemis-cli-2.16.0-19.redhat_00053.1.el8eap.noarch.rpm	SHA-256: 3935a73dfd9e628a57c9ae54123d82cc6908a308fc268777d788f7993487368a
eap7-activemq-artemis-commons-2.16.0-19.redhat_00053.1.el8eap.noarch.rpm	SHA-256: 982e0760f7470fa4f259fbd8d76c4e55c7093aca876f17c6e777abb3a2778f50
eap7-activemq-artemis-core-client-2.16.0-19.redhat_00053.1.el8eap.noarch.rpm	SHA-256: 7914f3287d8a5dee6056ee10906bb9241fa5a70d03cd689e33fabc7e2ac44ae4
eap7-activemq-artemis-dto-2.16.0-19.redhat_00053.1.el8eap.noarch.rpm	SHA-256: 5713d8653d1f0435fd463a15e50b64c0d96bfc02e76d95dc543efe79808e6f67
eap7-activemq-artemis-hornetq-protocol-2.16.0-19.redhat_00053.1.el8eap.noarch.rpm	SHA-256: 125f96ddd984852b5d95a9b8c3adf1a3a45b7940197777d32887bc392190c150
eap7-activemq-artemis-hqclient-protocol-2.16.0-19.redhat_00053.1.el8eap.noarch.rpm	SHA-256: e7afc972177bcf05e1a0d1716b7254f8f648e1039517621c27e8f4fff2f70815
eap7-activemq-artemis-jdbc-store-2.16.0-19.redhat_00053.1.el8eap.noarch.rpm	SHA-256: e46cc55b4a21a8d15bae4106b32e1657f1f4bb6ee2dfcdf1ababef2fc06015ad
eap7-activemq-artemis-jms-client-2.16.0-19.redhat_00053.1.el8eap.noarch.rpm	SHA-256: 7aa010472cd0ed6fcf3f669f4730696c1c108c7d2915c2acb14d014fdbd650ff
eap7-activemq-artemis-jms-server-2.16.0-19.redhat_00053.1.el8eap.noarch.rpm	SHA-256: 650d8ae5c66738c62103b4cd160756ae4ef77dc0010a20fef10add6419e41754
eap7-activemq-artemis-journal-2.16.0-19.redhat_00053.1.el8eap.noarch.rpm	SHA-256: 040a9961ca79a662aefde0d2322b448fce3df1086c866952717c27ba0bc0a1fa
eap7-activemq-artemis-ra-2.16.0-19.redhat_00053.1.el8eap.noarch.rpm	SHA-256: 398d54b58d30c9128727403a6acee80cce51b148e065a985131760c17c2f3a0c
eap7-activemq-artemis-selector-2.16.0-19.redhat_00053.1.el8eap.noarch.rpm	SHA-256: 6453eba1db81b92ef381b7175662bdc88fdb1028a962aab3d79fe4bb4be7c1e5
eap7-activemq-artemis-server-2.16.0-19.redhat_00053.1.el8eap.noarch.rpm	SHA-256: b7d8c82abfa51dd2c9f5e6b1e7bc78452394368a7fb1c970376937edde4d0a6f
eap7-activemq-artemis-service-extensions-2.16.0-19.redhat_00053.1.el8eap.noarch.rpm	SHA-256: 7bf80da92f1e4cb026994d86ac5f21bfb519aa605105bce2c6b32cabf1a396b1
eap7-activemq-artemis-tools-2.16.0-19.redhat_00053.1.el8eap.noarch.rpm	SHA-256: 5f8b4af03c212d2c049f7e9d1c851d3c416a553f46c015bdb600e26ff346a5c0
eap7-byte-buddy-1.11.12-3.redhat_00003.1.el8eap.noarch.rpm	SHA-256: 5ecdb0b1c859b05c36beff8f015f925a5a000ca410d8d1444dbeb1eea79a9425
eap7-jaxen-1.1.6-15.redhat_00003.1.el8eap.noarch.rpm	SHA-256: f7ae509611c16b08aa132b9eea87535f9e2eaf20199043f508c59e28f5b315c1
eap7-jboss-ejb-client-4.0.56-1.Final_redhat_00001.1.el8eap.noarch.rpm	SHA-256: 3d72e307c73fbca79670804c76434cf5a547616f5844c15d33dfaabfd5fe5a7c
eap7-jboss-remoting-5.0.30-1.Final_redhat_00001.1.el8eap.noarch.rpm	SHA-256: 5d561bfe1dd71d42affaeee65fafd98e100c5657ffe9f3cb08923d120ef7a4a3
eap7-jboss-server-migration-1.10.0-40.Final_redhat_00040.1.el8eap.noarch.rpm	SHA-256: 850183ca0daab8b10f11471d7cc8fc9ab47f7d37c274b9cca68f625d48632e59
eap7-jboss-server-migration-cli-1.10.0-40.Final_redhat_00040.1.el8eap.noarch.rpm	SHA-256: 05c2389dac0b85b9fabf787c05f1eae157f26c7f119faa567541cb23de6f6307
eap7-jboss-server-migration-core-1.10.0-40.Final_redhat_00040.1.el8eap.noarch.rpm	SHA-256: 95b4b04b3a027a398af8cbc11425b84eef62fdbe13dc24521cbb599f8bae755f
eap7-jbossws-cxf-5.4.13-1.Final_redhat_00001.1.el8eap.noarch.rpm	SHA-256: f72820c1b4df15249404025cbe2aa2272f6144bbcac04d053a209f389f79d5c9
eap7-log4j-jboss-logmanager-1.3.1-2.Final_redhat_00003.1.el8eap.noarch.rpm	SHA-256: 5b321e5d3f03aaa3d341fd23a8cedea12a1a06bf53634cc9d7e815e73fa847fa
eap7-picketlink-bindings-2.5.5-28.SP12_redhat_00017.1.el8eap.noarch.rpm	SHA-256: fe1cb92b0dcfa5e2b7e9aac2c943f13ebfcb471fbdfc0aaac96aaf06a21f5345
eap7-picketlink-wildfly8-2.5.5-28.SP12_redhat_00017.1.el8eap.noarch.rpm	SHA-256: f5472ffcd80b4fb446d7c5c8087e94087b8d688cb248088407da11bdc9063e5e
eap7-resteasy-3.15.10-1.Final_redhat_00001.1.el8eap.noarch.rpm	SHA-256: 5b5ac9c30e28e86ebc1bf3ad6166ba4c95895604195d2c6950cb86ef5672d2b6
eap7-resteasy-atom-provider-3.15.10-1.Final_redhat_00001.1.el8eap.noarch.rpm	SHA-256: 5fd72bfd55fab380e638bb1919b5e9c2eac4a9201a52362c86c1ea45326f48ee
eap7-resteasy-cdi-3.15.10-1.Final_redhat_00001.1.el8eap.noarch.rpm	SHA-256: 366b27bfd6176033cb8a547eaeb2fd3bb9cb1743880c904b14b27697b41b8262
eap7-resteasy-client-3.15.10-1.Final_redhat_00001.1.el8eap.noarch.rpm	SHA-256: 58ea24e200fe70006a57baa1b8654dc400000bac0ed57b1dea070982e782b697
eap7-resteasy-crypto-3.15.10-1.Final_redhat_00001.1.el8eap.noarch.rpm	SHA-256: 76146854c91cf82985d13549ac231a80a1f740f54977ba3bf9126571d6b3889a
eap7-resteasy-jackson-provider-3.15.10-1.Final_redhat_00001.1.el8eap.noarch.rpm	SHA-256: 9f46c8fc8ab8fd271326972717d89a5a756e3cf7ab9d238fcd894fa8761d97b1
eap7-resteasy-jackson2-provider-3.15.10-1.Final_redhat_00001.1.el8eap.noarch.rpm	SHA-256: 14da48b7c21716f550b90b9a3a8f1d3f699df7ad98d45d0e719867a8a854db20
eap7-resteasy-jaxb-provider-3.15.10-1.Final_redhat_00001.1.el8eap.noarch.rpm	SHA-256: d0aa0fb323cdf015f3fe187506f03475829d53cdeb9e7aed95924c8fb8c23c2e
eap7-resteasy-jaxrs-3.15.10-1.Final_redhat_00001.1.el8eap.noarch.rpm	SHA-256: 421ebdb84f1c839478473fac2a670a03a1c131e28eaf8366052beafd6a286a73
eap7-resteasy-jettison-provider-3.15.10-1.Final_redhat_00001.1.el8eap.noarch.rpm	SHA-256: 5286934321e29c8c92cc5a3798119775a5a37f7674016477a5961d390fb3d9c8
eap7-resteasy-jose-jwt-3.15.10-1.Final_redhat_00001.1.el8eap.noarch.rpm	SHA-256: e006b81fdc9bf1a33907a60ffb51c9e6275a7909a1a5cf38d6a479cea824f132
eap7-resteasy-jsapi-3.15.10-1.Final_redhat_00001.1.el8eap.noarch.rpm	SHA-256: 44d6720792cb090a261f4844ab5d580eadb3acbbaea439956a7973c52ba79d99
eap7-resteasy-json-binding-provider-3.15.10-1.Final_redhat_00001.1.el8eap.noarch.rpm	SHA-256: bc1f94e204a0e3475eb0ea20600cd674d66f9ccf1f4d3938e86229c25c799a95
eap7-resteasy-json-p-provider-3.15.10-1.Final_redhat_00001.1.el8eap.noarch.rpm	SHA-256: 6c58e6c0c8107e1b906cd7025cb40f4e6fb43fca65095a9240ebc91549d56c9c
eap7-resteasy-multipart-provider-3.15.10-1.Final_redhat_00001.1.el8eap.noarch.rpm	SHA-256: 3f43e7d4a1225c4b62686a53a4fbf70a158d4295bbfddfe8fa2669f4c7206d80
eap7-resteasy-rxjava2-3.15.10-1.Final_redhat_00001.1.el8eap.noarch.rpm	SHA-256: e4d53aed9b0bdda1dd36a63bfdf78b6d4dba203f28056ad841f637fbd949a911
eap7-resteasy-spring-3.15.10-1.Final_redhat_00001.1.el8eap.noarch.rpm	SHA-256: f44fd6cc90e0784c9208183d987dd8fe7825f3a44161057d9b79604bc9869147
eap7-resteasy-validator-provider-11-3.15.10-1.Final_redhat_00001.1.el8eap.noarch.rpm	SHA-256: c095a256f77bb42bead5276759a88777ff7d116ad50add3c479a293ec6fd9b62
eap7-resteasy-yaml-provider-3.15.10-1.Final_redhat_00001.1.el8eap.noarch.rpm	SHA-256: b8dfff3ca212a494c4ba0a8af58c38d3e358eaf8f5f3a75607818e0fbf0899aa
eap7-undertow-2.2.37-1.SP2_redhat_00001.1.el8eap.noarch.rpm	SHA-256: ef21cb31bed883169c4c82382b37b1051fd0522ac32318e409fe05619c5c492b
eap7-wildfly-7.4.20-2.GA_redhat_00001.1.el8eap.noarch.rpm	SHA-256: c1e03abddb0515781ad40e8f836c8bb0e36dc20873b06a8064affa453a429c31
eap7-wildfly-http-client-common-1.1.18-1.Final_redhat_00001.1.el8eap.noarch.rpm	SHA-256: cd54bb3dda754186456f5dec6d3cbe4f8e5a7e0d012d6dfc834a3b4d0ba89ebd
eap7-wildfly-http-ejb-client-1.1.18-1.Final_redhat_00001.1.el8eap.noarch.rpm	SHA-256: 69ec964da7b6a5d52fbca058d8aee22197244c3257e9503fb47aed0ebb365aa3
eap7-wildfly-http-naming-client-1.1.18-1.Final_redhat_00001.1.el8eap.noarch.rpm	SHA-256: e61e7ae9ef067a100bfbd4f26b6b68616f742031ec47846659f82d9b0a7096e9
eap7-wildfly-http-transaction-client-1.1.18-1.Final_redhat_00001.1.el8eap.noarch.rpm	SHA-256: a7e5a6520fcd3f88ee0de9d96b660fa312a22e7fb996bb0eba4bfb07d3effbbc
eap7-wildfly-java-jdk11-7.4.20-2.GA_redhat_00001.1.el8eap.noarch.rpm	SHA-256: eb515364c34a0d79d0d82a4d5fba694a0cb3740566dec2edc52858f27e2bf05d
eap7-wildfly-java-jdk17-7.4.20-2.GA_redhat_00001.1.el8eap.noarch.rpm	SHA-256: 40c2c2c6d8c1a2e4e2311e0bc8fd030ba2f0115cf12185ef21ab4c92b5e95d90
eap7-wildfly-java-jdk8-7.4.20-2.GA_redhat_00001.1.el8eap.noarch.rpm	SHA-256: ba75d028e76b44a2dc19705253c669f1911ff7f22714398590044574c946d76f
eap7-wildfly-javadocs-7.4.20-2.GA_redhat_00001.1.el8eap.noarch.rpm	SHA-256: 2913a3871f55beb82e7b742f82cf4b52c2d62078c7fd22f27d74035b0a3bc562
eap7-wildfly-modules-7.4.20-2.GA_redhat_00001.1.el8eap.noarch.rpm	SHA-256: 4dcca821136abbd7855f3a0eb6700486207d8b7e43f0d6a538829cda2e737019
eap7-woodstox-core-6.4.0-2.redhat_00003.1.el8eap.noarch.rpm	SHA-256: 856c60c0cd592e1cb472ccc54fec32d33dacf17e95e592c558785dc6ccdbfa6b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation