Red Hat Product Errata RHSA-2024:8076 - Security Advisory
Issued:
2024-10-14
Updated:
2024-10-14

RHSA-2024:8076 - Security Advisory

Synopsis

Important: Red Hat JBoss Enterprise Application Platform 7.4.19 Security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.19 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.18, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.19 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

  • braces: fails to limit the number of characters it can handle [eap-7.4.z] (CVE-2024-4068)
  • jose4j: denial of service via specially crafted JWE [eap-7.4.z] (CVE-2023-51775)
  • wildfly-domain-http: wildfly: No timeout for EAP management interface may lead to Denial of Service (DoS) [eap-7.4.z] (CVE-2024-4029)
  • xalan: integer truncation issue in Xalan-J (JAXP, 8285407) [eap-7.4.z] (CVE-2022-34169)
  • org.jsoup/jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled [eap-7.4.z] (CVE-2022-36033)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258

Affected Products

  • JBoss Enterprise Application Platform 7.4 for RHEL 8 x86_64

Fixes

  • BZ - 2108554 - CVE-2022-34169 OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)
  • BZ - 2127078 - CVE-2022-36033 jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled
  • BZ - 2266921 - CVE-2023-51775 jose4j: denial of service via specially crafted JWE
  • BZ - 2278615 - CVE-2024-4029 wildfly: No timeout for EAP management interface may lead to Denial of Service (DoS)
  • BZ - 2280600 - CVE-2024-4068 braces: fails to limit the number of characters it can handle
  • JBEAP-27050 - Tracker bug for the EAP 7.4.19 release for RHEL-8
  • JBEAP-27357 - (7.4.z) Upgrade undertow from 2.2.33.SP1-redhat-00001 to 2.2.35.SP1
  • JBEAP-27548 - (7.4.z) Upgrade JBossws cxf from 5.4.9.Final-redhat-00001 to 5.4.12.Final-redhat-00001
  • JBEAP-27613 - (7.4.z) Upgrade Wildfly Core from 15.0.37.Final-redhat-00001 to 15.0.38.Final-redhat-00001
  • JBEAP-27658 - (7.4.z) Upgrade insights java client from 1.1.2.redhat-00001 to 1.1.3.redhat-00001
  • JBEAP-27700 - (7.4.z) Upgrade hibernate-validator from 6.0.23.Final-redhat-00001 to 6.0.23.SP1
  • JBEAP-27701 - (7.4.z) HV-2027 - Upgrade jsoup to 1.15.4 in hibernate-validator 6.0 branch
  • JBEAP-27713 - [GSS](7.4.z) Upgrade jboss-ejb-client from 4.0.54.Final-redhat-00001 to 4.0.55.Final
  • JBEAP-27714 - [GSS](7.4.z) Upgrade HAL Console from 3.3.23.Final-redhat-00001 to 3.3.24.Final
  • JBEAP-27715 - [GSS](7.4.z) Upgrade IronJacamar from 1.5.17.Final-redhat-00001 to 1.5.18.Final
  • JBEAP-27746 - (7.4.z) Upgrade jastow from 2.0.14.Final-redhat-00001 to 2.0.15.Final
  • JBEAP-27747 - (7.4.z) Upgrade Wildfly Core from 15.0.38.Final-redhat-00001 to 15.0.39.Final-redhat-00001

JBoss Enterprise Application Platform 7.4 for RHEL 8

SRPM
eap7-hal-console-3.3.24-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: 4b4ae724fa49af7ea9ca7b565745bee117e9a99480ff6046403584f768bafa8e
eap7-hibernate-validator-6.0.23-2.SP1_redhat_00001.1.el8eap.src.rpm SHA-256: 7cc5c8760770daeecf5265dfa7e63e7e49b4a49a1048942655bdf2e81e41de5c
eap7-insights-java-client-1.1.3-1.redhat_00001.1.el8eap.src.rpm SHA-256: a166386a44f0b2dd379bd8f97164abe29143b9faff5af16b1f416135ddd202f7
eap7-ironjacamar-1.5.18-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: 3d27904d2a33c18aa0900f9da319234e77d924b49ce68cd3cc81dae5330cddb1
eap7-jboss-cert-helper-1.1.3-1.redhat_00001.1.el8eap.src.rpm SHA-256: dc2c4e4802ca97cf5064ce64575e0f69c0165bc35b956fc81c554106c3179a5a
eap7-jboss-ejb-client-4.0.55-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: f2f0490abc531f627501bb89699dc0db00c286e8de93cf56d241c04b85accefb
eap7-jboss-server-migration-1.10.0-39.Final_redhat_00039.1.el8eap.src.rpm SHA-256: f78514adf6622cbf75a2b8902ba4bc16518cf7863eb71b6d341960d31fe9a2ab
eap7-jbossws-cxf-5.4.12-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: fa8cdfdf45783aa7dcfd5a816c9574585a6dd6c3895e04f37a8f5b7d2a4cfccd
eap7-jsoup-1.15.4-1.redhat_00003.1.el8eap.src.rpm SHA-256: fdbd459f8c7a8c1d71f8946b6ae769738ca020dd2ba14f9acae97030b4286429
eap7-undertow-jastow-2.0.15-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: ccc12f9a5596c30523383ae46b8d76eb7813cc990abbd14bb0336583e4d68346
eap7-wildfly-7.4.19-1.GA_redhat_00002.1.el8eap.src.rpm SHA-256: 4f760fedce25c9a65dc6aa2abeb2dd3d1bf0ee0c32ae3537a6dc71302ab2eb90
eap7-xalan-j2-2.7.1-37.redhat_00015.1.el8eap.src.rpm SHA-256: fee8d76d5865e57ad96467f6efa507f05406a72e0a70987da46cfd76ae1d774f
x86_64
eap7-hal-console-3.3.24-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 15d2f6e2edce94fb20b3e2a72bbb141a12b8dc7be3dfa6da45e0d8fdf23fbdf1
eap7-hibernate-validator-6.0.23-2.SP1_redhat_00001.1.el8eap.noarch.rpm SHA-256: 72a6cabb03104b7299867f4ed271472ec1e12d5d55fb27345799b61aa06d9818
eap7-hibernate-validator-cdi-6.0.23-2.SP1_redhat_00001.1.el8eap.noarch.rpm SHA-256: 71e5023af2c70d5e322e3dafb17053f7cb91b5fc1a9c9b1025537ed2472fc183
eap7-insights-java-client-1.1.3-1.redhat_00001.1.el8eap.noarch.rpm SHA-256: e38d2660faabd2d3f143a629ae37f72b9f3e6c7a387fb7350cd7dc48f4d22a53
eap7-ironjacamar-1.5.18-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: fa1776ac2638694eb5ca7a1cddc2bb5ba63904fb9d1d44396bc4167b90569a87
eap7-ironjacamar-common-api-1.5.18-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 4af64c3a34e62592889ca7be0a85bf43db600d164569b4e8381d109d75d4fcfc
eap7-ironjacamar-common-impl-1.5.18-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 5c5d098de0dad1f6b9ecb22b79a3a275208edf397d1c01f4db3a2e0323cf7af4
eap7-ironjacamar-common-spi-1.5.18-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 5a542c5e887986e1b28865e8efb8b8c67625f299659f2d3a4e2dd22925d82a55
eap7-ironjacamar-core-api-1.5.18-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 817f09016ed65dd84b438be3a4471481b5035c839e6633b81071650d3100b369
eap7-ironjacamar-core-impl-1.5.18-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 2eb96a185fff6fb46fb0b4e9aa0d7519cf0f95d122220c343705f35af1933c38
eap7-ironjacamar-deployers-common-1.5.18-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: a3f7aa43bf82c2ab15512c53ef634301ebd3d2cbe73d9958397653f0ce02892f
eap7-ironjacamar-jdbc-1.5.18-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 2707a7c3c3c47ae77cc81953cc5645712d97dad97519a8d55ba4a9402bdd9946
eap7-ironjacamar-validator-1.5.18-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 172382f960014117e17b1dd93061b58a955baea4c0442a10297a27568b31083d
eap7-jboss-cert-helper-1.1.3-1.redhat_00001.1.el8eap.x86_64.rpm SHA-256: 065e9b92241fb4de677d934155b4e54963f7999da29a9fcd88d5cb66615ba939
eap7-jboss-ejb-client-4.0.55-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: e55a1ecd8d7a54a60414d1beac67c1c3157fff6cedde36243b022acc368405ae
eap7-jboss-server-migration-1.10.0-39.Final_redhat_00039.1.el8eap.noarch.rpm SHA-256: c7ce57eaf74768f94207effaeb006a0bba07ee1f35d3763faba45b5bcc613b01
eap7-jboss-server-migration-cli-1.10.0-39.Final_redhat_00039.1.el8eap.noarch.rpm SHA-256: bc0d526dcccc6bfe4843e6dbf42982f085701deca5cbd4fe8255a61b38531c73
eap7-jboss-server-migration-core-1.10.0-39.Final_redhat_00039.1.el8eap.noarch.rpm SHA-256: de91d0836e5f2d39a2691c499194272a9e2cc27bed6403e4795e4b22f405c09d
eap7-jbossws-cxf-5.4.12-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 1bc85c9c2a61f41441b071493cfae2e68298cff354b97ac15b55aeca8e434b10
eap7-jsoup-1.15.4-1.redhat_00003.1.el8eap.noarch.rpm SHA-256: 47e8d254a58e908aba54a80f6342ed102c07dcb40b5e016c7e1560b15c9b61c6
eap7-undertow-jastow-2.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 596e8345d79e7adf05164e619720488e8c017d7c7d638f3f8027f0220d390d7d
eap7-wildfly-7.4.19-1.GA_redhat_00002.1.el8eap.noarch.rpm SHA-256: cb1734cdc1b40aa506ec92c50b1e6e63d7ae8b834e2a069cc0ea119f7229f0f3
eap7-wildfly-java-jdk11-7.4.19-1.GA_redhat_00002.1.el8eap.noarch.rpm SHA-256: 917a226409bac7c8f07f39a054631472842dccb5c73b2f2005c4834eddbefa89
eap7-wildfly-java-jdk17-7.4.19-1.GA_redhat_00002.1.el8eap.noarch.rpm SHA-256: 43c8259e97b1e9584532d4bce09a54f2d3b31ebb751dfefd1690eb16875cdf6e
eap7-wildfly-java-jdk8-7.4.19-1.GA_redhat_00002.1.el8eap.noarch.rpm SHA-256: 35864bb972bfdbf5d8a9b3c9de3aaccc257a9272b38e3cb39cce220b188a11a9
eap7-wildfly-javadocs-7.4.19-1.GA_redhat_00002.1.el8eap.noarch.rpm SHA-256: 476760837f70d2165d62ee8eca876641b8c3c819faed3748a6b7574ad3ec7064
eap7-wildfly-modules-7.4.19-1.GA_redhat_00002.1.el8eap.noarch.rpm SHA-256: d547bf9ec7c1627118cdcd99837bf673b48fee543b73d25ef3e1b34f50e577f0
eap7-xalan-j2-2.7.1-37.redhat_00015.1.el8eap.noarch.rpm SHA-256: b00efa7ab8fe6607d93873e968f14f6e211d1bb34d5689b0f454250baf6482d0

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.