RHSA-2014:0374: Important: Red Hat JBoss Data Grid 6.2.1 update

Red Hat JBoss Data Grid is a distributed in-memory data grid, based onInfinispan.This release of Red Hat JBoss Data Grid 6.2.1 serves as a replacement forRed Hat JBoss Data Grid 6.2.0. It includes various bug fixes andenhancements which are detailed in the Red Hat JBoss Data Grid 6.2.1Release Notes. The Release Notes will be available shortly fromhttps://access.redhat.com/site/documentation/en-US/RedHatJBossDataGrid/ This update also fixes the following security issues:It was found that XStream could deserialize arbitrary user-supplied XMLcontent, representing objects of any type. A remote attacker able to passXML to XStream could use this flaw to perform a variety of attacks,including remote code execution in the context of the server running theXStream application. (CVE-2013-7285)It was found that when Tomcat processed a series of HTTP requests in whichat least one request contained either multiple content-length headers, orone content-length header with a chunked transfer-encoding header, Tomcatwould incorrectly handle the request. A remote attacker could use this flawto poison a web cache, perform cross-site scripting (XSS) attacks, orobtain sensitive information from other requests. (CVE-2013-4286)All users of Red Hat JBoss Data Grid 6.2.0 as provided from the Red HatCustomer Portal are advised to upgrade to Red Hat JBoss Data Grid 6.2.1.