RHSA-2014:1892: Important: Red Hat JBoss BPM Suite 6.0.3 update
Red Hat JBoss BPM Suite is a business rules and processes management systemfor the management, storage, creation, modification, and deployment ofJBoss rules and BPMN2-compliant business processes.This roll up patch serves as a cumulative upgrade for Red Hat JBoss BPMSuite 6.0.3, and includes bug fixes and enhancements. It includes variousbug fixes, which are listed in the README file included with thepatch files.The following security issues are fixed with this release:It was discovered that Jakarta Commons HttpClient incorrectly extracted thehost name from an X.509 certificate subject's Common Name (CN) field.A man-in-the-middle attacker could use this flaw to spoof an SSL serverusing a specially crafted X.509 certificate. (CVE-2012-6153, CVE-2014-3577)The CVE-2012-6153 issue was discovered by Florian Weimer of Red HatProduct Security.All users of Red Hat JBoss BPM Suite 6.0.3 as provided from the Red HatCustomer Portal are advised to apply this roll up patch.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2014:1892?
The severity of RHSA-2014:1892 is classified as Important.
How do I fix RHSA-2014:1892?
To fix RHSA-2014:1892, you need to apply the provided cumulative update patch for Red Hat JBoss BPM Suite.
What systems are affected by RHSA-2014:1892?
RHSA-2014:1892 affects users of the Red Hat JBoss BPM Suite software.
Is there a risk if RHSA-2014:1892 is not addressed?
Yes, not addressing RHSA-2014:1892 may expose systems to various vulnerabilities that could be exploited.
When was RHSA-2014:1892 released?
RHSA-2014:1892 was released as a cumulative update in 2014.