RHSA-2018:0629: Important: Red Hat JBoss Enterprise Application Platform 7.1 security update
Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on WildFly.This asynchronous patch is a security update for slf4j package in Red Hat JBoss Enterprise Application Platform 7.1.Security Fix(es): An XML deserialization vulnerability was discovered in slf4j's EventData which accepts xml serialized string and can lead to arbitrary code execution. (CVE-2018-8088) The Simple Logging Facade for Java or (SLF4J) is a simple facade for various logging APIs allowing the end-user to plug in the desired implementation at deployment time. SLF4J also allows for a gradual migration path away from Jakarta Commons Logging (JCL).Red Hat would like to thank Chris McCown for reporting CVE-2018-8088.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2018:0629?
RHSA-2018:0629 has been classified with an important severity level.
How do I fix RHSA-2018:0629?
To fix RHSA-2018:0629, apply the asynchronous patch provided for the slf4j package in Red Hat JBoss Enterprise Application Platform 7.1.
What vulnerability does RHSA-2018:0629 address?
RHSA-2018:0629 addresses an XML deserialization vulnerability in the slf4j package.
Is RHSA-2018:0629 applicable to all versions of Red Hat JBoss?
RHSA-2018:0629 specifically applies to Red Hat JBoss Enterprise Application Platform 7.1.
What is the associated package for RHSA-2018:0629?
The associated package for RHSA-2018:0629 is the slf4j package used in Red Hat JBoss Enterprise Application Platform.