Red Hat Product Errata RHSA-2024:1916 - Security Advisory
Issued:
2024-05-07
Updated:
2024-05-07

RHSA-2024:1916 - Security Advisory

Synopsis

Important: Red Hat JBoss Web Server 6.0.2 release and security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update is now available for Red Hat JBoss Web Server 6.0.2 on Red Hat Enterprise Linux versions 8 and 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.

This release of Red Hat JBoss Web Server 6.0.2 serves as a replacement for Red Hat JBoss Web Server 6.0.1. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.

Security Fix(es):

  • tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • JBoss Enterprise Web Server 6 for RHEL 9 x86_64
  • JBoss Enterprise Web Server 6 for RHEL 8 x86_64

Fixes

  • BZ - 2269608 - CVE-2024-23672 Apache Tomcat: WebSocket DoS with incomplete closing handshake

JBoss Enterprise Web Server 6 for RHEL 9

SRPM
jws6-mod_cluster-2.0.4-1.Final_redhat_00001.1.el9jws.src.rpm SHA-256: bacf4fb6bcdeeb80daaa49d9533521422253c1f29861ea0dfccee517499eba7c
jws6-tomcat-10.1.8-7.redhat_00014.1.el9jws.src.rpm SHA-256: 3394dc9a8997a58727d36fddd7fd9bc9c9e8ce338e55d2505ec6f3e79df752dc
x86_64
jws6-mod_cluster-2.0.4-1.Final_redhat_00001.1.el9jws.noarch.rpm SHA-256: 0c212b7d241c8f22d52f885854d36cfee9d869c47926581541ed489d630508af
jws6-mod_cluster-tomcat-2.0.4-1.Final_redhat_00001.1.el9jws.noarch.rpm SHA-256: a47fd92e88fe79cf5b7efd49caffd7e399d38ddbad95c152a0f0cf25aa04ce0f
jws6-tomcat-10.1.8-7.redhat_00014.1.el9jws.noarch.rpm SHA-256: 6fe957f2f2424584b7921ece88d03a7e2c174b068c26e6e04bec0e1845055544
jws6-tomcat-admin-webapps-10.1.8-7.redhat_00014.1.el9jws.noarch.rpm SHA-256: f9488c8dafd98b9c52cd8dd4f840a4f919daa4589de2b68202361b558d4cfc21
jws6-tomcat-docs-webapp-10.1.8-7.redhat_00014.1.el9jws.noarch.rpm SHA-256: 66491581d831bd3e4b42a45e277c9b626d456194af456619723394ddb945dc41
jws6-tomcat-el-5.0-api-10.1.8-7.redhat_00014.1.el9jws.noarch.rpm SHA-256: 3a5b6da1ff15d29e38fd4ef643b01f7f000a1222086fdf81f07e1bfba4dbd065
jws6-tomcat-javadoc-10.1.8-7.redhat_00014.1.el9jws.noarch.rpm SHA-256: b3e3964ca5f38ac7fc920cf14b09aa6c180ede0347adcf603c30c00e2e36d9dc
jws6-tomcat-jsp-3.1-api-10.1.8-7.redhat_00014.1.el9jws.noarch.rpm SHA-256: 21956a93d5279245d455336f8cf28992d54cda73695ff52fb453a7b721a607a1
jws6-tomcat-lib-10.1.8-7.redhat_00014.1.el9jws.noarch.rpm SHA-256: cdc77b3d2bd4701e363f9df2566330f76e3663fe240be0c575519f65b7567b83
jws6-tomcat-selinux-10.1.8-7.redhat_00014.1.el9jws.noarch.rpm SHA-256: 3c07a9d2f939433f7a1a84889e0731750620e03fb0afc2c95e8b4c88d56a441b
jws6-tomcat-servlet-6.0-api-10.1.8-7.redhat_00014.1.el9jws.noarch.rpm SHA-256: d8e6ae0317e2e13aef7847fce229ae6fc5cb25a158d56facdbb0393b78979f19
jws6-tomcat-webapps-10.1.8-7.redhat_00014.1.el9jws.noarch.rpm SHA-256: 4d9e5d58228c4f31ae30fa3ecf9762b09a9e22daaf38e9ba616df3ba4534a101

JBoss Enterprise Web Server 6 for RHEL 8

SRPM
jws6-mod_cluster-2.0.4-1.Final_redhat_00001.1.el8jws.src.rpm SHA-256: 2325caeac54f5dd6729c969bd7e6be5226ba899351d7e4fbd854a1f20fca2bef
jws6-tomcat-10.1.8-7.redhat_00014.1.el8jws.src.rpm SHA-256: 37a84e06c9a8298128f4b912c585379589afb8d28cf264365afc6a205623eadb
x86_64
jws6-mod_cluster-2.0.4-1.Final_redhat_00001.1.el8jws.noarch.rpm SHA-256: 14ee8cd7fa5ee61cc5879414a1fcba45fff563df6c41015c584631bd5ba58b69
jws6-mod_cluster-tomcat-2.0.4-1.Final_redhat_00001.1.el8jws.noarch.rpm SHA-256: da869aa318145424e7cb299aa0bb2812ab87adf1b12aa56d705529655197ab3f
jws6-tomcat-10.1.8-7.redhat_00014.1.el8jws.noarch.rpm SHA-256: 4bc9ea3eccf0906b8506fa70fbfe683bb6ef90495f7cbb6bb4689ef7b61fdbc9
jws6-tomcat-admin-webapps-10.1.8-7.redhat_00014.1.el8jws.noarch.rpm SHA-256: 8f10a6009926885eaaf366eeb091d45b35094e887460a7cfc4ea1ea9dee9cd3a
jws6-tomcat-docs-webapp-10.1.8-7.redhat_00014.1.el8jws.noarch.rpm SHA-256: 853bb528ba5b9eef2d62fb2268f2341c381e4689fa0b72726f45c958cf71a649
jws6-tomcat-el-5.0-api-10.1.8-7.redhat_00014.1.el8jws.noarch.rpm SHA-256: 96fc133237089c8bc8f7b8c24c0ffb5b612232095b50da333722f52b2248896c
jws6-tomcat-javadoc-10.1.8-7.redhat_00014.1.el8jws.noarch.rpm SHA-256: 2c8f4625f0061b9f1041147dcbbb9478c31a3550b40b17cf60fc8eae47d9d138
jws6-tomcat-jsp-3.1-api-10.1.8-7.redhat_00014.1.el8jws.noarch.rpm SHA-256: 082a7c75e6405fa0e7adfdf0a15c7b460ddb8144cbc69221b020dad236cadd04
jws6-tomcat-lib-10.1.8-7.redhat_00014.1.el8jws.noarch.rpm SHA-256: 78d4e86afbb0a746c515fe6f5066086e180698368fb1fbe48e43c026316bc2a0
jws6-tomcat-selinux-10.1.8-7.redhat_00014.1.el8jws.noarch.rpm SHA-256: 047c82270c0762f8512719247aa36432fc3e37ca0d852cc01c485ad612f0d6e0
jws6-tomcat-servlet-6.0-api-10.1.8-7.redhat_00014.1.el8jws.noarch.rpm SHA-256: 7d6107dedf69a26b5fd92dbd9eb3a2208c712094fef12b731e34e72b52364717
jws6-tomcat-webapps-10.1.8-7.redhat_00014.1.el8jws.noarch.rpm SHA-256: 129792d4c9d8b84e381644fa9cd383e25c59d41eeb90155077084cce2c97960f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.