RHSA-2023:1855-01: Moderate: Red Hat JBoss EAP 7.4.10 XP 4.0.0.GA security release

Red Hat 9049 Published by

A Red Hat JBoss EAP 7.4.10 XP 4.0.0.GA security release has been released.



RHSA-2023:1855-01: Moderate: Red Hat JBoss EAP 7.4.10 XP 4.0.0.GA security release



=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Red Hat JBoss EAP 7.4.10 XP 4.0.0.GA security release
Advisory ID: RHSA-2023:1855-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL:   https://access.redhat.com/errata/RHSA-2023:1855
Issue date: 2023-04-18
CVE Names: CVE-2022-1278 CVE-2022-3509 CVE-2022-3510
=====================================================================

1. Summary:

JBoss EAP XP 4.0.0.GA security release on the EAP 7.4.10 base is now
available. See references for release notes.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

This is a cumulative patch release zip for the JBoss EAP XP 4.0.0 runtime
distribution for use with EAP 7.4.10.

Security Fix(es):

* protobuf-java: Textformat parsing issue leads to DoS (CVE-2022-3509)

* protobuf-java: Message-Type Extensions parsing issue leads to DoS
(CVE-2022-3510)

* WildFly: possible information disclosure (CVE-2022-1278)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

  https://access.redhat.com/articles/11258

4. Bugs fixed (  https://bugzilla.redhat.com/):

2073401 - CVE-2022-1278 WildFly: possible information disclosure
2184161 - CVE-2022-3509 protobuf-java: Textformat parsing issue leads to DoS
2184176 - CVE-2022-3510 protobuf-java: Message-Type Extensions parsing issue leads to DoS

5. JIRA issues fixed (  https://issues.jboss.org/):

JBEAP-24683 - EAP XP 4.0.0.GA for EAP 7.4.10

6. References:

  https://access.redhat.com/security/cve/CVE-2022-1278
  https://access.redhat.com/security/cve/CVE-2022-3509
  https://access.redhat.com/security/cve/CVE-2022-3510
  https://access.redhat.com/security/updates/classification/#moderate
  https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/red_hat_jboss_eap_xp_4.0.0_release_notes/index
  https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/jboss_eap_xp_4.0_upgrade_and_migration_guide/index
  https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/using_jboss_eap_xp_4.0.0/index

7. Contact:

The Red Hat security contact is . More contact
details at   https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.

Fedora 36 Update: lilypond-doc-2.24.1-1.fc36

ELSA-2023-1904 Important: Oracle Linux 7 java-1.8.0-openjdk security and bug fix update (aarch64)

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...