RHSA-2014:1891: Important: Red Hat JBoss BRMS 6.0.3 security update
Red Hat JBoss BRMS is a business rules management system for themanagement, storage, creation, modification, and deployment of JBoss Rules.This roll up patch serves as a cumulative upgrade for Red Hat JBoss BRMS6.0.3, and includes bug fixes and enhancements. It includes various bugfixes, which are listed in the README file included with the patch files.The following security issues are fixed with this release:It was discovered that Jakarta Commons HttpClient incorrectly extracted thehost name from an X.509 certificate subject's Common Name (CN) field.A man-in-the-middle attacker could use this flaw to spoof an SSL serverusing a specially crafted X.509 certificate. (CVE-2012-6153, CVE-2014-3577)The CVE-2012-6153 issue was discovered by Florian Weimer of Red HatProduct Security.All users of Red Hat JBoss BRMS 6.0.3 as provided from the Red Hat CustomerPortal are advised to apply this roll up patch.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2014:1891?
The severity of RHSA-2014:1891 is classified as important.
How do I fix RHSA-2014:1891?
To fix RHSA-2014:1891, you need to apply the cumulative upgrade patch for Red Hat JBoss BRMS 6.0.3.
What software is affected by RHSA-2014:1891?
RHSA-2014:1891 affects Red Hat JBoss BRMS 6.0.3.
What enhancements are included in RHSA-2014:1891?
RHSA-2014:1891 includes various bug fixes and enhancements for Red Hat JBoss BRMS.
Is RHSA-2014:1891 a single patch or a roll-up patch?
RHSA-2014:1891 is a roll-up patch that serves as a cumulative upgrade.