Red Hat Product Errata RHSA-2024:8075 - Security Advisory
Issued:
2024-10-14
Updated:
2024-10-14

RHSA-2024:8075 - Security Advisory

Synopsis

Important: Red Hat JBoss Enterprise Application Platform 7.4.19 Security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.19 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.18, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.19 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

  • braces: fails to limit the number of characters it can handle [eap-7.4.z] (CVE-2024-4068)
  • jose4j: denial of service via specially crafted JWE [eap-7.4.z] (CVE-2023-51775)
  • wildfly-domain-http: wildfly: No timeout for EAP management interface may lead to Denial of Service (DoS) [eap-7.4.z] (CVE-2024-4029)
  • xalan: integer truncation issue in Xalan-J (JAXP, 8285407) [eap-7.4.z] (CVE-2022-34169)
  • org.jsoup/jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled [eap-7.4.z] (CVE-2022-36033)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258

Affected Products

  • JBoss Enterprise Application Platform 7.4 for RHEL 7 x86_64

Fixes

  • BZ - 2108554 - CVE-2022-34169 OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)
  • BZ - 2127078 - CVE-2022-36033 jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled
  • BZ - 2266921 - CVE-2023-51775 jose4j: denial of service via specially crafted JWE
  • BZ - 2278615 - CVE-2024-4029 wildfly: No timeout for EAP management interface may lead to Denial of Service (DoS)
  • BZ - 2280600 - CVE-2024-4068 braces: fails to limit the number of characters it can handle
  • JBEAP-27049 - Tracker bug for the EAP 7.4.19 release for RHEL-7
  • JBEAP-27357 - (7.4.z) Upgrade undertow from 2.2.33.SP1-redhat-00001 to 2.2.35.SP1
  • JBEAP-27548 - (7.4.z) Upgrade JBossws cxf from 5.4.9.Final-redhat-00001 to 5.4.12.Final-redhat-00001
  • JBEAP-27613 - (7.4.z) Upgrade Wildfly Core from 15.0.37.Final-redhat-00001 to 15.0.38.Final-redhat-00001
  • JBEAP-27658 - (7.4.z) Upgrade insights java client from 1.1.2.redhat-00001 to 1.1.3.redhat-00001
  • JBEAP-27700 - (7.4.z) Upgrade hibernate-validator from 6.0.23.Final-redhat-00001 to 6.0.23.SP1
  • JBEAP-27701 - (7.4.z) HV-2027 - Upgrade jsoup to 1.15.4 in hibernate-validator 6.0 branch
  • JBEAP-27713 - [GSS](7.4.z) Upgrade jboss-ejb-client from 4.0.54.Final-redhat-00001 to 4.0.55.Final
  • JBEAP-27714 - [GSS](7.4.z) Upgrade HAL Console from 3.3.23.Final-redhat-00001 to 3.3.24.Final
  • JBEAP-27715 - [GSS](7.4.z) Upgrade IronJacamar from 1.5.17.Final-redhat-00001 to 1.5.18.Final
  • JBEAP-27746 - (7.4.z) Upgrade jastow from 2.0.14.Final-redhat-00001 to 2.0.15.Final
  • JBEAP-27747 - (7.4.z) Upgrade Wildfly Core from 15.0.38.Final-redhat-00001 to 15.0.39.Final-redhat-00001

JBoss Enterprise Application Platform 7.4 for RHEL 7

SRPM
eap7-hal-console-3.3.24-1.Final_redhat_00001.1.el7eap.src.rpm SHA-256: 919235db829bd0bdcbc1918e40736e613447dcbd2a0fc9b72f781809de2700ab
eap7-hibernate-validator-6.0.23-2.SP1_redhat_00001.1.el7eap.src.rpm SHA-256: 8314f503ca69cb7c85bfe7cfe07dac605ffc7d6d62118a2bd9bae8ee50135f05
eap7-insights-java-client-1.1.3-1.redhat_00001.1.el7eap.src.rpm SHA-256: 6905296abfea7d75ec10f87952f393b555f21ef12012eed8c6fd90e25917f3e3
eap7-ironjacamar-1.5.18-1.Final_redhat_00001.1.el7eap.src.rpm SHA-256: 161453d581d024fcb3c79efe65c3d28921e7fd3959bdf74d0df5374c43a21490
eap7-jboss-cert-helper-1.1.3-1.redhat_00001.1.el7eap.src.rpm SHA-256: 9d28cb0869aa90b7494cb5771f5e519be4a0a1d6e693ff19df9453ac0222907b
eap7-jboss-ejb-client-4.0.55-1.Final_redhat_00001.1.el7eap.src.rpm SHA-256: e196c104aeed73974adddb93d8f1f38b0885a0b36a6080868da23ae0eb046d6a
eap7-jboss-server-migration-1.10.0-39.Final_redhat_00039.1.el7eap.src.rpm SHA-256: 345c273fd674fa3a157b01615c174b9b77a710678cbff1f7bfb271723e17bf23
eap7-jbossws-cxf-5.4.12-1.Final_redhat_00001.1.el7eap.src.rpm SHA-256: 38611aff1fa3ef7735d0a897c7535f4afed2015b25bc01428b705c20a80805cf
eap7-jsoup-1.15.4-1.redhat_00003.1.el7eap.src.rpm SHA-256: edbc008f28d1a24b2fdadfa388b7f5258622879f6c7feef46025e4362f470a65
eap7-undertow-jastow-2.0.15-1.Final_redhat_00001.1.el7eap.src.rpm SHA-256: 05afd413f799b04ffda527b21acf6f703f438428943da5f2c41c4e24913ea874
eap7-wildfly-7.4.19-1.GA_redhat_00002.1.el7eap.src.rpm SHA-256: 3d4d9b526998106b281fe220da802bcd4f040d4394dbe0f2b9ac5efa29fc3bd6
eap7-xalan-j2-2.7.1-37.redhat_00015.1.el7eap.src.rpm SHA-256: c7c7cb8f5a94c7541cd764dea144be6362476a526b449530336ded502d8dc89c
x86_64
eap7-hal-console-3.3.24-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: 7065d062f409fc9e8bedf97e58aa7828b7b7e38ee13e806f9f5dc2fa44838769
eap7-hibernate-validator-6.0.23-2.SP1_redhat_00001.1.el7eap.noarch.rpm SHA-256: 2b0586b9912466685cadcafc44ba68091e6abea0ebc1ec72f6a740f101882d46
eap7-hibernate-validator-cdi-6.0.23-2.SP1_redhat_00001.1.el7eap.noarch.rpm SHA-256: 51a7476d38bd51775c3138f6db207c7171d32cd67c3a82aef84a91f9f00b54d9
eap7-insights-java-client-1.1.3-1.redhat_00001.1.el7eap.noarch.rpm SHA-256: 1b44bea86cf6ab8a63669198acca6f37bfe7c00b3fb41c9e933811b6d9a70824
eap7-ironjacamar-1.5.18-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: bd55a0857c69edd22c5c74438788d45c6f3dcaf5a6e46bd352ea183bfb79e646
eap7-ironjacamar-common-api-1.5.18-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: 3bbfc4de2e3d189c78a96ec7903cbae53c7d1d13ec2dfb067f2a4bfc038a1993
eap7-ironjacamar-common-impl-1.5.18-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: 49ffff3b97a6b3151fbc3424bfd245594b0b961b4056ccdfd4d69adbabbde892
eap7-ironjacamar-common-spi-1.5.18-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: a240500d37665246b53824c73f7c6a8fc12008b617a82823ccc6298765dc1c6e
eap7-ironjacamar-core-api-1.5.18-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: e4170aae1221ff9e3ec3030bd033eefbe7fefd016a7651c9502e5c0995ea7198
eap7-ironjacamar-core-impl-1.5.18-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: 1f9cd2907636f792705f961b9bdd7c3da5984bb2b8ba04a84d3bd2abef905005
eap7-ironjacamar-deployers-common-1.5.18-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: 347a440fc611144cc2f2fce60bdee3438170136aed9b1464fa160703ff2f2e2e
eap7-ironjacamar-jdbc-1.5.18-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: 164cccf63ac55663a254ed4fd98107dc31a29621a46662acff530a78b8da6f38
eap7-ironjacamar-validator-1.5.18-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: e75c5777119341933bc408dc8ad6f9f33a450c095cf64c3268d0a19039475ea5
eap7-jboss-cert-helper-1.1.3-1.redhat_00001.1.el7eap.x86_64.rpm SHA-256: b5493fbf28cf1fbe2ed386bd4557206fef9ea806c374e9d5f395b72684a5e89a
eap7-jboss-cert-helper-debuginfo-1.1.3-1.redhat_00001.1.el7eap.x86_64.rpm SHA-256: abbc93eca1c135c014832f5e83eecbc8afc4e38bc0ab79af963aece928c54d9f
eap7-jboss-ejb-client-4.0.55-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: d21a455a55c6a1b6ac067fe83bf12d9e9e9b404113e29aa5ffdc67bcadd444aa
eap7-jboss-server-migration-1.10.0-39.Final_redhat_00039.1.el7eap.noarch.rpm SHA-256: 0f8313be071585e3ab92ed15200a5bc7fc4eae457f9ad85d7f2edee2fe4e60fb
eap7-jboss-server-migration-cli-1.10.0-39.Final_redhat_00039.1.el7eap.noarch.rpm SHA-256: 05c0b1a4e6b80b69e39767ebd0de80ef0c2b7ec4c72887bb6fc0d9725cc184f1
eap7-jboss-server-migration-core-1.10.0-39.Final_redhat_00039.1.el7eap.noarch.rpm SHA-256: 8164294ddcbf5ee525aca66a5cd65ac2f8bbb0b3167d633490f59d322334f622
eap7-jbossws-cxf-5.4.12-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: b3103e1dc6720e1594b0136ff7eb96d6458f4803decf718204a435a24b11e586
eap7-jsoup-1.15.4-1.redhat_00003.1.el7eap.noarch.rpm SHA-256: 0f8dc31ecf554da15e9ea8d694c58266bdd327c6eff411378214c79d6827f121
eap7-undertow-jastow-2.0.15-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: e07307ae8ff54d4702bc74676f554ed02930cc65b5b510f1d7588e045bffe7f0
eap7-wildfly-7.4.19-1.GA_redhat_00002.1.el7eap.noarch.rpm SHA-256: 3531faed156a3e66c8d81835bc6effe6987396edcdda4a63d699a07957eb6ca7
eap7-wildfly-java-jdk11-7.4.19-1.GA_redhat_00002.1.el7eap.noarch.rpm SHA-256: 1a160e61a50c2d9ceb1d9f390e51c9f99707e6a0b5795278c2298f51e13c2cb1
eap7-wildfly-java-jdk8-7.4.19-1.GA_redhat_00002.1.el7eap.noarch.rpm SHA-256: 34c96cbbc5c4d9cbdc12066971ca102a3e7f68329053faed848040a63a2940ff
eap7-wildfly-javadocs-7.4.19-1.GA_redhat_00002.1.el7eap.noarch.rpm SHA-256: b8be4f106ee6fe812bf0ecbf4437220e2b105a3fe3833f03c1ff12d992662910
eap7-wildfly-modules-7.4.19-1.GA_redhat_00002.1.el7eap.noarch.rpm SHA-256: 42a8f994f5bac6dc3af1a12727a90fd3b9d436118c9a2370c5b4fd5bb73852da
eap7-xalan-j2-2.7.1-37.redhat_00015.1.el7eap.noarch.rpm SHA-256: 208e906e4f0c23b8d9a41c12dc68d5589165a1442465f8de4132bd564291d500

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.