Issued:: 2024-12-10
Updated:: 2024-12-10

RHSA-2024:10929 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: Red Hat JBoss Enterprise Application Platform 7.4.20 Security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.20 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.19, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.20 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

UNDERTOW-2511- information leakage via HTTP/2 request header reuse [eap-7.4.z] (CVE-2024-4109)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258

Affected Products

JBoss Enterprise Application Platform 7.4 for RHEL 9 x86_64

Fixes

BZ - 2272325 - CVE-2024-4109 undertow: information leakage via HTTP/2 request header reuse
JBEAP-27639 - Tracker bug for the EAP 7.4.20 release for RHEL-9
JBEAP-27647 - (7.4.z) Upgrade JBoss Remoting 5.0.29.Final-redhat-00001 to 5.0.30.Final-redhat-00001
JBEAP-28050 - (7.4.z) Upgrade Wildfly Core from 15.0.39.Final-redhat-00001 to 15.0.40.Final-redhat-00002
JBEAP-28107 - (7.4.z) Upgrade resteasy from 3.15.9.Final-redhat-00001 to 3.15.10.Final-redhat-00001
JBEAP-28132 - (7.4.z) Upgrade WildFly Http Client from 1.1.17.Final-redhat-00002 to 1.1.18.Final
JBEAP-28183 - (7.4.z) Upgrade JBossws cxf from 5.4.12.Final-redhat-00001 to 5.4.13.Final-redhat-00001
JBEAP-28192 - (7.4.z) Upgrade artemis from 2.16.0.redhat-00052 to 2.16.0.redhat-00053
JBEAP-28238 - (7.4.z) Upgrade ejb-client from 4.0.55.Final-redhat-00001 to 4.0.56.Final-redhat-00001
JBEAP-28263 - (7.4.z) Upgrade log4j-jboss-logmanager from 1.3.1.Final-redhat-00002 to 1.3.1.Final-redhat-00003
JBEAP-28267 - (7.4.z) Upgrade jaxen from 1.1.6.redhat-2 to 1.1.6.redhat-00003
JBEAP-28268 - (7.4.z) Upgrade woodstox-core from 6.4.0.redhat-00001 to 6.4.0.redhat-00003
JBEAP-28270 - (7.4.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00016 to 2.5.5.SP12-redhat-00017
JBEAP-28277 - (7.4.z) Upgrade byte-buddy from 1.11.12.redhat-00002 to 1.11.12.redhat-00003

CVEs

CVE-2024-4109

References

Note: More recent versions of these packages may be available. Click a package name for more details.

JBoss Enterprise Application Platform 7.4 for RHEL 9

SRPM
eap7-activemq-artemis-2.16.0-19.redhat_00053.1.el9eap.src.rpm	SHA-256: 94c2375bf5801c42689b41688b1b8ca92512a0fa90b81e555cf6ecc3e117141e
eap7-byte-buddy-1.11.12-3.redhat_00003.1.el9eap.src.rpm	SHA-256: 56a843cde3166a7f6e79235036a9fdc0a77db000a834b27cebd6a2ce36669987
eap7-jaxen-1.1.6-15.redhat_00003.1.el9eap.src.rpm	SHA-256: 27188e6e5a0f78440acafe8ee073398f023238cff7ef4e784ba897c1138c044b
eap7-jboss-ejb-client-4.0.56-1.Final_redhat_00001.1.el9eap.src.rpm	SHA-256: eb4499e68aec47f165fc14eee4e1346d156d566290a87ef823fafce157f67978
eap7-jboss-remoting-5.0.30-1.Final_redhat_00001.1.el9eap.src.rpm	SHA-256: bec74ea2211cf2ec3ed36c438967b29a615fbad27874ff781fcc710f0fdd4c0c
eap7-jboss-server-migration-1.10.0-40.Final_redhat_00040.1.el9eap.src.rpm	SHA-256: 098ff104baf5e74010f44be10cba24fc18df655a6ef34f3c9076f2480010cd70
eap7-jbossws-cxf-5.4.13-1.Final_redhat_00001.1.el9eap.src.rpm	SHA-256: 0332e2b1d72d42cece1167baef8f204e19c47eaaf2368f9f280b499eb14e8303
eap7-log4j-jboss-logmanager-1.3.1-2.Final_redhat_00003.1.el9eap.src.rpm	SHA-256: 6b02250aef69529b495acc5a9d5244b18bcee42116e777587e74da0bca700a23
eap7-picketlink-bindings-2.5.5-28.SP12_redhat_00017.1.el9eap.src.rpm	SHA-256: 13d7df78d722dad67da7a54490e6e59ec9867dc07bf580e4f0081356fd2b5fcd
eap7-resteasy-3.15.10-1.Final_redhat_00001.1.el9eap.src.rpm	SHA-256: f20eb151813af3a0633fc1d2f5a6ad996f5bf5ef4fa5225e54ea6f6a5d3ccd1f
eap7-undertow-2.2.37-1.SP2_redhat_00001.1.el9eap.src.rpm	SHA-256: d923a8ad9da9b02079208a8d0c4dad54c2528b917c0f5e427ed6055897cf9820
eap7-wildfly-7.4.20-2.GA_redhat_00001.1.el9eap.src.rpm	SHA-256: 9a4bf2b91fae022fc8c2f5d0beee1c25e1fc9e0198dd11e320ca997b3eb240ef
eap7-wildfly-http-client-1.1.18-1.Final_redhat_00001.1.el9eap.src.rpm	SHA-256: 318839b338ac9cda0a219c473792d923fe754bdd1fcd80b42e0d58f4533aca54
eap7-woodstox-core-6.4.0-2.redhat_00003.1.el9eap.src.rpm	SHA-256: 5a65628e8a9111d5e760fbcb8ec0dfecd4bb2647afb83ced6fa3c1940e4dafce
x86_64
eap7-activemq-artemis-2.16.0-19.redhat_00053.1.el9eap.noarch.rpm	SHA-256: ebe84e2cebb73d0a7922323347f7687fca3dc2782b1d8aada9876a9733d57b86
eap7-activemq-artemis-cli-2.16.0-19.redhat_00053.1.el9eap.noarch.rpm	SHA-256: 84f67630ead2706c96ddd57308a4232d876454153d1a7c34f11035a655cdbe2e
eap7-activemq-artemis-commons-2.16.0-19.redhat_00053.1.el9eap.noarch.rpm	SHA-256: b4df00f42faad346a3b2787f352c67daf4b4392db92720633b732d150d8e979e
eap7-activemq-artemis-core-client-2.16.0-19.redhat_00053.1.el9eap.noarch.rpm	SHA-256: f029b2f3f6ed67ed244d0602f272f10264c8255cba55ce77197fab6f2912f949
eap7-activemq-artemis-dto-2.16.0-19.redhat_00053.1.el9eap.noarch.rpm	SHA-256: 1ff89c1f32027e6dbeb8a196178da1c718042bd8176c9a402b3c5a4972aaa8b0
eap7-activemq-artemis-hornetq-protocol-2.16.0-19.redhat_00053.1.el9eap.noarch.rpm	SHA-256: 44b8a29dbc60b2937880bc26e242564710776bd87800e657acd4cbf5610accfd
eap7-activemq-artemis-hqclient-protocol-2.16.0-19.redhat_00053.1.el9eap.noarch.rpm	SHA-256: 5056e91cf53f95509e84c224bee7e65897c27bc4da1e49a365777f9d9f748658
eap7-activemq-artemis-jdbc-store-2.16.0-19.redhat_00053.1.el9eap.noarch.rpm	SHA-256: 6d69165f7192c4db53cb6efe8fb2138411f6f14ace2d1e45d0e0486909c5caa1
eap7-activemq-artemis-jms-client-2.16.0-19.redhat_00053.1.el9eap.noarch.rpm	SHA-256: cbb8c71d7145498cdaa25f109985046fa9b9afa54a52f492df23e643be76a76e
eap7-activemq-artemis-jms-server-2.16.0-19.redhat_00053.1.el9eap.noarch.rpm	SHA-256: 812e7ec67e7b8d62664d7c0f3de6f32d970c7b5c54003bfe3eef806552e40b60
eap7-activemq-artemis-journal-2.16.0-19.redhat_00053.1.el9eap.noarch.rpm	SHA-256: ecc1573c2eb985f8d0db49557ab4ff0ea033204cb658b5cc8485e01e0984b238
eap7-activemq-artemis-ra-2.16.0-19.redhat_00053.1.el9eap.noarch.rpm	SHA-256: aa6192e4e8561ce23da146a11c28f7d7e4dc9d772063f5027fed8cd0ef2f3b6f
eap7-activemq-artemis-selector-2.16.0-19.redhat_00053.1.el9eap.noarch.rpm	SHA-256: a59b70d3299f5aecac94c49244a500dfd6adce6087b6ef7f5d05b69890a84dbc
eap7-activemq-artemis-server-2.16.0-19.redhat_00053.1.el9eap.noarch.rpm	SHA-256: ea31568c4a88330b44e687084f9ade8fb68b47896d038270d13fd21d5815fd20
eap7-activemq-artemis-service-extensions-2.16.0-19.redhat_00053.1.el9eap.noarch.rpm	SHA-256: 3a50ec05de316a5151650a13d9f44b1e18ec85df86c56e0018d1ca966109104b
eap7-activemq-artemis-tools-2.16.0-19.redhat_00053.1.el9eap.noarch.rpm	SHA-256: 782e6f630eefe65ed951b89d2205a64ac0a57b8fa00076c187e507adb3bd15d8
eap7-byte-buddy-1.11.12-3.redhat_00003.1.el9eap.noarch.rpm	SHA-256: 2f64630a6316ae5df2f93d5c9d1a469fdef26bd532f2847a352b090968c2fdf4
eap7-jaxen-1.1.6-15.redhat_00003.1.el9eap.noarch.rpm	SHA-256: ee94865cd02bf85e53893984dbc7292d0146379f544e409a94c0dbc2252f7cbd
eap7-jboss-ejb-client-4.0.56-1.Final_redhat_00001.1.el9eap.noarch.rpm	SHA-256: f3c17ae91a5553ac8618b84c14d16c35ec13675d31ad6dab36934ca04dd4b890
eap7-jboss-remoting-5.0.30-1.Final_redhat_00001.1.el9eap.noarch.rpm	SHA-256: 5444be32d7ab49808e30135529ce0a0ccd443a650c9d8ab9360554e36adb271a
eap7-jboss-server-migration-1.10.0-40.Final_redhat_00040.1.el9eap.noarch.rpm	SHA-256: b7152876fd3037d8cd0ba71b53b3bca8fc1d9399b70798789c8aad97cec599be
eap7-jboss-server-migration-cli-1.10.0-40.Final_redhat_00040.1.el9eap.noarch.rpm	SHA-256: a8692af2002f0136ae242cac8cdde291a50209554f7eb624c5b34aca3b69d08f
eap7-jboss-server-migration-core-1.10.0-40.Final_redhat_00040.1.el9eap.noarch.rpm	SHA-256: 3401d3290afdafef420b6dacc5a4a666e79ed276e05c5ee8914c90d4acd89630
eap7-jbossws-cxf-5.4.13-1.Final_redhat_00001.1.el9eap.noarch.rpm	SHA-256: e4fe11ae56441d7f7fd88905c73f96402de4b2a8ba2407cab2157aecc74431b7
eap7-log4j-jboss-logmanager-1.3.1-2.Final_redhat_00003.1.el9eap.noarch.rpm	SHA-256: ba177ef0b4589f10af613e1224487cde199fd6112234fd5d14a8446f412b1859
eap7-picketlink-bindings-2.5.5-28.SP12_redhat_00017.1.el9eap.noarch.rpm	SHA-256: 3e83e9379aa2ebe00e4fd164074fd4c24aab3dac3af11171f8b12e53f551f5a6
eap7-picketlink-wildfly8-2.5.5-28.SP12_redhat_00017.1.el9eap.noarch.rpm	SHA-256: df8d811a43f86dc7fe2a6aad49895a48047ae362f69cab00a26f6be8bfd25f6d
eap7-resteasy-3.15.10-1.Final_redhat_00001.1.el9eap.noarch.rpm	SHA-256: 098bddfd785fb5def935adbf110b6cda9f201e339e7e05457cc696e2df646b77
eap7-resteasy-atom-provider-3.15.10-1.Final_redhat_00001.1.el9eap.noarch.rpm	SHA-256: 7cc5cf5825f88eb3cf6e59cb5ca1ae64fc93dece1234972df279e89626a8c169
eap7-resteasy-cdi-3.15.10-1.Final_redhat_00001.1.el9eap.noarch.rpm	SHA-256: 2d86975f71c74e96cacf8fd6ebfc160dc923ade78de6b228de0b49041993cc61
eap7-resteasy-client-3.15.10-1.Final_redhat_00001.1.el9eap.noarch.rpm	SHA-256: ae8c0c59942e000148be7c7a553874dc227f0c30da07f7cc91042d12acea71c9
eap7-resteasy-crypto-3.15.10-1.Final_redhat_00001.1.el9eap.noarch.rpm	SHA-256: 3d5a5256cdd57d7aee91d14743201ccb3b85bc2f5170bb6231a417869185e305
eap7-resteasy-jackson-provider-3.15.10-1.Final_redhat_00001.1.el9eap.noarch.rpm	SHA-256: 48305bbd90a267c2df2148d2c313ceb2f771ed04811503c5c3a2722e6d9f0580
eap7-resteasy-jackson2-provider-3.15.10-1.Final_redhat_00001.1.el9eap.noarch.rpm	SHA-256: 9bb08961e1c51680a3fa59395d46ab50b278653c7c490988bd93b9c0fa8c9d05
eap7-resteasy-jaxb-provider-3.15.10-1.Final_redhat_00001.1.el9eap.noarch.rpm	SHA-256: 06e7be406e66ce5ee2d7681cb3808069de533450ad89bc28345537e563865d8a
eap7-resteasy-jaxrs-3.15.10-1.Final_redhat_00001.1.el9eap.noarch.rpm	SHA-256: 379c5bf682480dda7d1d5218e1304ff6d281fb71dc6449e0013150eab90c5a41
eap7-resteasy-jettison-provider-3.15.10-1.Final_redhat_00001.1.el9eap.noarch.rpm	SHA-256: 5e5c4385321d5d39f426784d5804d8c5421f2ff8cdf9cab6004eaf8262644edf
eap7-resteasy-jose-jwt-3.15.10-1.Final_redhat_00001.1.el9eap.noarch.rpm	SHA-256: 34d00e4aaff135f6a9428aa093290eb0511fb4e2e78601d9d1b91fb1180f40a9
eap7-resteasy-jsapi-3.15.10-1.Final_redhat_00001.1.el9eap.noarch.rpm	SHA-256: 1be2128e90334251ffceb6d1112accf83e30aa691ad0b058a1b30773a5cb0d08
eap7-resteasy-json-binding-provider-3.15.10-1.Final_redhat_00001.1.el9eap.noarch.rpm	SHA-256: 91fb8e60fdb8a666b3efbd509b0afd44768b554a01c709a4f87032b68d8cac8e
eap7-resteasy-json-p-provider-3.15.10-1.Final_redhat_00001.1.el9eap.noarch.rpm	SHA-256: 4f5f39712364586d71d19b0d0eaa86d48fbf1c23312fd1804ef41d98375115aa
eap7-resteasy-multipart-provider-3.15.10-1.Final_redhat_00001.1.el9eap.noarch.rpm	SHA-256: 001adf4e4c2514e6ea4b613bfb8baee59af180b4fc9982376b538a361384d0dc
eap7-resteasy-rxjava2-3.15.10-1.Final_redhat_00001.1.el9eap.noarch.rpm	SHA-256: 28795905391c320720e59672d5f25ae746ee0f379f83dd664db0f49048008368
eap7-resteasy-spring-3.15.10-1.Final_redhat_00001.1.el9eap.noarch.rpm	SHA-256: e3722d2b64552b149ead30e383732f28675e8085e7ec1f72cbab8cbcb73c3a02
eap7-resteasy-validator-provider-11-3.15.10-1.Final_redhat_00001.1.el9eap.noarch.rpm	SHA-256: b409b32a249511fe3bc7a44740ac3256ea9481bad1bb065011d1dce5b8c99c23
eap7-resteasy-yaml-provider-3.15.10-1.Final_redhat_00001.1.el9eap.noarch.rpm	SHA-256: 68774284451a50dbd8c55b27c529dae0cc4941777a829866ad6d698fbf191d75
eap7-undertow-2.2.37-1.SP2_redhat_00001.1.el9eap.noarch.rpm	SHA-256: d183372f9f61fa26bc07b415da2f7819dc47cb305740a71c66ddcf9f11243c34
eap7-wildfly-7.4.20-2.GA_redhat_00001.1.el9eap.noarch.rpm	SHA-256: 6cd4234fa23cd3fe010808c1c5e6f448082a6a1f7e2f062cbd7b36c32f112bf7
eap7-wildfly-http-client-common-1.1.18-1.Final_redhat_00001.1.el9eap.noarch.rpm	SHA-256: 09f33f5f1071f84b69fcf3042dabd14a02f326b192b2b63e85b09f36f69714fe
eap7-wildfly-http-ejb-client-1.1.18-1.Final_redhat_00001.1.el9eap.noarch.rpm	SHA-256: e8e771eba89ff140f96aae8a77f0ead346aec0151e8d59e2a8eee10dea901fb6
eap7-wildfly-http-naming-client-1.1.18-1.Final_redhat_00001.1.el9eap.noarch.rpm	SHA-256: 726b9ad4c9ceb56dce7ca7a001c3bf258887ff0aaeb0a8db6e4069caf0ff3890
eap7-wildfly-http-transaction-client-1.1.18-1.Final_redhat_00001.1.el9eap.noarch.rpm	SHA-256: 940abf55bd6840caa86c01bb37d42a67733c151614b8aabd0687e251ec355e1b
eap7-wildfly-java-jdk11-7.4.20-2.GA_redhat_00001.1.el9eap.noarch.rpm	SHA-256: ae3cd56825fce2e0e61b2347e3c024270227bc4cfe75340bf99ac666d47eb5c7
eap7-wildfly-java-jdk17-7.4.20-2.GA_redhat_00001.1.el9eap.noarch.rpm	SHA-256: 1599ecf77f391d29bc69f2f12e53f05e2dc2ba885fbf474dab910bfe2c441a16
eap7-wildfly-java-jdk8-7.4.20-2.GA_redhat_00001.1.el9eap.noarch.rpm	SHA-256: df5c6a2be214e58152a5fc37540cac14b44d118a8798933778632fcbf7d9603e
eap7-wildfly-javadocs-7.4.20-2.GA_redhat_00001.1.el9eap.noarch.rpm	SHA-256: 260aa379aa24f7c65cc66dbae3c081305ad747fef1078adaca43784b1e854c89
eap7-wildfly-modules-7.4.20-2.GA_redhat_00001.1.el9eap.noarch.rpm	SHA-256: 6b91ed697021c421bad2d80cc40a54e21449da989eeb75f2c987a6821885d060
eap7-woodstox-core-6.4.0-2.redhat_00003.1.el9eap.noarch.rpm	SHA-256: ff8d5d1240cbe1525ffe50985ebb86e51b070b0655f8ed15a0c3a0ba0f86211b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation