RHSA-2018:0576: Important: Red Hat JBoss BRMS 6.4.9 security update
Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules.This release of Red Hat JBoss BRMS 6.4.9 serves as a replacement for Red Hat JBoss BRMS 6.4.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.Security Fix(es): jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) (CVE-2017-15095) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting this issue.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2018:0576?
The severity of RHSA-2018:0576 is classified as important.
How do I fix RHSA-2018:0576?
To fix RHSA-2018:0576, update your Red Hat JBoss BRMS to version 6.4.9.
What products are affected by RHSA-2018:0576?
RHSA-2018:0576 affects Red Hat JBoss BRMS 6.4.8 and earlier versions.
What type of vulnerabilities does RHSA-2018:0576 address?
RHSA-2018:0576 addresses various bug fixes and enhancements in JBoss BRMS.
Is there a workaround for RHSA-2018:0576?
No specific workaround is mentioned for RHSA-2018:0576; applying the update is recommended.