Red Hat Product Errata RHSA-2024:4390 - Security Advisory
Issued:
2024-07-08
Updated:
2024-07-08

RHSA-2024:4390 - Security Advisory

Synopsis

Moderate: Red Hat JBoss Enterprise Application Platform 8.0 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime.

This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 8.0.

Security Fix(es):

  • HTTP-2: httpd: CONTINUATION frames DoS (CVE-2024-27316)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258

Affected Products

  • JBoss Enterprise Application Platform 8.0 for RHEL 9 x86_64
  • JBoss Enterprise Application Platform 8.0 for RHEL 8 x86_64

Fixes

  • BZ - 2268277 - CVE-2024-27316 httpd: CONTINUATION frames DoS

JBoss Enterprise Application Platform 8.0 for RHEL 9

SRPM
eap8-hibernate-6.2.26-1.Final_redhat_00001.1.el9eap.src.rpm SHA-256: ec9ca042ecd6ce5ceaaeaecb55e654389fb124e126406988f9e38bb2fa58dc3b
eap8-jboss-remoting-5.0.29-1.Final_redhat_00001.1.el9eap.src.rpm SHA-256: bb59533681e27654e46995b6fb8c32238f685168089b5ebba9026204c3bf2d3b
eap8-jboss-xnio-base-3.8.16-1.Final_redhat_00001.1.el9eap.src.rpm SHA-256: 00e2686a378fa217d25c965354174abcf67f9ffc110af4adda83799e675d9207
eap8-jose4j-0.9.6-1.redhat_00001.1.el9eap.src.rpm SHA-256: 3c3366487fca72152f66d98f3a85da2b0abaeba969b9e59136dd5c7baff3b93f
eap8-undertow-2.3.14-1.SP1_redhat_00001.1.el9eap.src.rpm SHA-256: 602b1702b35026e822df245ec628699a44a7f69f0bc7f3097ed364398cce3e7e
eap8-wildfly-8.0.2-5.GA_redhat_00012.1.el9eap.src.rpm SHA-256: 9a4bd4e68fb20d45bc494fd686b10f2fee8a510f8b4e198ce2923e218a17feef
x86_64
eap8-hibernate-6.2.26-1.Final_redhat_00001.1.el9eap.noarch.rpm SHA-256: 69a1dd09449c1184446eb6c6a325e9c2ab498127a0606a07c6661a9e17a0f436
eap8-hibernate-core-6.2.26-1.Final_redhat_00001.1.el9eap.noarch.rpm SHA-256: 9d24c3d56fb4e9ac350468cae0c98919e25f4a84338c5f3fa2f8c208e93f8da1
eap8-hibernate-envers-6.2.26-1.Final_redhat_00001.1.el9eap.noarch.rpm SHA-256: 36c435b26474d7cc4ff613a420e667b816d6b588b51fe8719bab149caa5a6bbb
eap8-jboss-remoting-5.0.29-1.Final_redhat_00001.1.el9eap.noarch.rpm SHA-256: 450b3ac1ec9901e636d94977c6648957253dc275c7c050c16c17e89e3571064e
eap8-jboss-xnio-base-3.8.16-1.Final_redhat_00001.1.el9eap.noarch.rpm SHA-256: 1fb77d7f4c4eb5b2cccbe4dc56b25934d52d2a753e676cdb968df3d82328d479
eap8-jose4j-0.9.6-1.redhat_00001.1.el9eap.noarch.rpm SHA-256: 0a4e0adae3b195ed6ba02226bb73b60561c35aebd6980a9e8d4a0f9542e522c8
eap8-undertow-2.3.14-1.SP1_redhat_00001.1.el9eap.noarch.rpm SHA-256: 1e6730e3a2bea65cf7078b8d1ac0e80effa8e5457f9db981f3018f28eeee3e87
eap8-wildfly-8.0.2-5.GA_redhat_00012.1.el9eap.noarch.rpm SHA-256: 23b793e9382e4fc78007380350acb72b01f05c1c1549b229c4a9f9dbfb78d29a
eap8-wildfly-java-jdk11-8.0.2-5.GA_redhat_00012.1.el9eap.noarch.rpm SHA-256: 3bd9c97024d0c8b5e4ed30e40c9c972b0f3b149a193af7119cbe0e5e2ca9df45
eap8-wildfly-java-jdk17-8.0.2-5.GA_redhat_00012.1.el9eap.noarch.rpm SHA-256: 74e202657813278cd6769cee8d36529a398f4065a48c9ad2b72abb05160ccbd2
eap8-wildfly-modules-8.0.2-5.GA_redhat_00012.1.el9eap.noarch.rpm SHA-256: b961d40c8495ee3ae49600a776fc2406566ea853c51815f460a94f9d74c5e443

JBoss Enterprise Application Platform 8.0 for RHEL 8

SRPM
eap8-hibernate-6.2.26-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: 5b28c6ca5d8225c43240e927b1c519a12b4864bae4e2056da4fcfc24f22e5695
eap8-jboss-remoting-5.0.29-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: 095057127b8395e69c29868293f717c5c3100c80230fad6c5693dd849be3f9a3
eap8-jboss-xnio-base-3.8.16-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: ddbb9aad409e963d4d7969581701c9c24e549e9c1865e8a5c479bda6ee3d2442
eap8-jose4j-0.9.6-1.redhat_00001.1.el8eap.src.rpm SHA-256: 6e3f593084606b195d8130a610293960644d917ad47e8e08ecd7aa60fbf02694
eap8-undertow-2.3.14-1.SP1_redhat_00001.1.el8eap.src.rpm SHA-256: 609eaf01b8d92cd168d927d2310f974d6c41095efa1c1f1250bdc78b10374910
eap8-wildfly-8.0.2-5.GA_redhat_00012.1.el8eap.src.rpm SHA-256: 35e368c83f7b96195adc32c17783731530b509c72cdcb9e1f5ce546be3b956da
x86_64
eap8-hibernate-6.2.26-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 938bbc088553624a5752c1e4e888fbf8fb583d86861e7f6004933cb14b9c9041
eap8-hibernate-core-6.2.26-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 8117a9a1e330e0a85953ee45cf22a4f7241c8b1ff5c993535ff975b015b106b3
eap8-hibernate-envers-6.2.26-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 11e0d0854c08a76de2058941819d854f5f7cd27ef77d22cca86f17730880402e
eap8-jboss-remoting-5.0.29-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 02319d8763f0fc96f4176df1b3a61ca04850d2bff65f3c96d3dbe44244750f62
eap8-jboss-xnio-base-3.8.16-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: d7ecc183ebd651fa3bee90b0f0100448602abb7e01bed4da7bdcbafca900a5d7
eap8-jose4j-0.9.6-1.redhat_00001.1.el8eap.noarch.rpm SHA-256: d6c75816eddca55918fb0d39c04b9e499f9c47ff9ef5d1e5d1b5c9ec97d4a5dc
eap8-undertow-2.3.14-1.SP1_redhat_00001.1.el8eap.noarch.rpm SHA-256: 4499e7f28142c01a2b4dc8f4ba18b42b6bd5214b3ab5febab1f0cd9024479c32
eap8-wildfly-8.0.2-5.GA_redhat_00012.1.el8eap.noarch.rpm SHA-256: 884438a0417eedefc6bec0c800ad0c6d31a482269552d4cee3defe96de55147b
eap8-wildfly-java-jdk11-8.0.2-5.GA_redhat_00012.1.el8eap.noarch.rpm SHA-256: 05ee229f0c1e25f37182632a396bcf42600c4564ab84691222648b2099bbbc30
eap8-wildfly-java-jdk17-8.0.2-5.GA_redhat_00012.1.el8eap.noarch.rpm SHA-256: 2b5d450c7ad33a0e88dae86821cc7d250cc84fce863dac1397e1b27be447c96c
eap8-wildfly-modules-8.0.2-5.GA_redhat_00012.1.el8eap.noarch.rpm SHA-256: e4ee46e048fc98ee31ad4b0c36ef4a83d8cb09b73d90b74e2774d2afbeae21da

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.