RHSA-2018:1247: Important: JBoss Enterprise Application Platform 7.1.2 for RHEL 7

Q: What is the severity of RHSA-2018:1247?

The severity of RHSA-2018:1247 is classified as important.

Q: How do I fix RHSA-2018:1247?

To fix RHSA-2018:1247, you need to upgrade to the specified corrected packages listed in the advisory.

Q: Which products are affected by RHSA-2018:1247?

RHSA-2018:1247 affects multiple packages in the Red Hat JBoss Enterprise Application Platform 7.1.x series.

Q: What is the main purpose of RHSA-2018:1247?

The main purpose of RHSA-2018:1247 is to address security vulnerabilities in Red Hat JBoss Enterprise Application Platform.

Q: What type of vulnerabilities are addressed in RHSA-2018:1247?

RHSA-2018:1247 addresses vulnerabilities that could allow denial of service or application crashes.

Published Apr 25, 2018

Updated

Red Hat JBoss Enterprise Application Platform is a platform for Javaapplications based on the JBoss Application Server.This release of Red Hat JBoss Enterprise Application Platform 7.1.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.Security Fix(es): undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993) (CVE-2018-1067) wildfly-undertow: undertow: Path traversal in ServletResourceManager class (CVE-2018-1047) slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088) Red Hat would like to thank Ammarit Thongthua and Nattakit Intarasorn (Deloitte Thailand Pentest team) for reporting CVE-2018-1067, and Chris McCown for reporting CVE-2018-8088.For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Software

105 affected componentsFixes available

redhat/eap7-activemq-artemis<1.5.5.010-1.redhat_1.1.ep7.el7

1.5.5.010-1.redhat_1.1.ep7.el7

redhat/eap7-hibernate<5.1.13-1.Final_redhat_1.1.ep7.el7

5.1.13-1.Final_redhat_1.1.ep7.el7

redhat/eap7-infinispan<8.2.10-1.Final_redhat_1.1.ep7.el7

8.2.10-1.Final_redhat_1.1.ep7.el7

redhat/eap7-ironjacamar<1.4.8-1.Final_redhat_1.1.ep7.el7

1.4.8-1.Final_redhat_1.1.ep7.el7

redhat/eap7-jboss-ejb-client<4.0.10-1.Final_redhat_1.1.ep7.el7

4.0.10-1.Final_redhat_1.1.ep7.el7

redhat/eap7-jboss-marshalling<2.0.4-1.Final_redhat_1.1.ep7.el7

2.0.4-1.Final_redhat_1.1.ep7.el7

redhat/eap7-jboss-server-migration<1.0.4-1.Final_redhat_1.1.ep7.el7

1.0.4-1.Final_redhat_1.1.ep7.el7

redhat/eap7-jboss-weld<2.2-api-2.4.0-3.SP2_redhat_1.1.ep7.el7

2.2-api-2.4.0-3.SP2_redhat_1.1.ep7.el7

redhat/eap7-jboss-xnio-base<3.5.5-1.Final_redhat_1.1.ep7.el7

3.5.5-1.Final_redhat_1.1.ep7.el7

redhat/eap7-jgroups<3.6.14-1.Final_redhat_1.1.ep7.el7

3.6.14-1.Final_redhat_1.1.ep7.el7

redhat/eap7-picketbox<5.0.3-1.Final_redhat_1.1.ep7.el7

5.0.3-1.Final_redhat_1.1.ep7.el7

redhat/eap7-picketlink-bindings<2.5.5-11.SP10_redhat_1.1.ep7.el7

2.5.5-11.SP10_redhat_1.1.ep7.el7

redhat/eap7-picketlink-federation<2.5.5-11.SP10_redhat_1.1.ep7.el7

2.5.5-11.SP10_redhat_1.1.ep7.el7

redhat/eap7-undertow<1.4.18-5.SP5_redhat_1.1.ep7.el7

1.4.18-5.SP5_redhat_1.1.ep7.el7

redhat/eap7-weld-core<2.4.7-1.Final_redhat_1.1.ep7.el7

2.4.7-1.Final_redhat_1.1.ep7.el7

redhat/eap7-wildfly<7.1.2-1.GA_redhat_1.1.ep7.el7

7.1.2-1.GA_redhat_1.1.ep7.el7

redhat/eap7-wildfly-elytron<1.1.9-1.Final_redhat_1.1.ep7.el7

1.1.9-1.Final_redhat_1.1.ep7.el7

redhat/eap7-wildfly-elytron-tool<1.0.6-1.Final_redhat_1.1.ep7.el7

1.0.6-1.Final_redhat_1.1.ep7.el7

redhat/eap7-wildfly-javadocs<7.1.2-1.GA_redhat_1.1.ep7.el7

7.1.2-1.GA_redhat_1.1.ep7.el7

redhat/eap7-wildfly-web-console-eap<2.9.16-2.Final_redhat_1.2.ep7.el7

2.9.16-2.Final_redhat_1.2.ep7.el7

redhat/eap7-activemq-artemis<1.5.5.010-1.redhat_1.1.ep7.el7

1.5.5.010-1.redhat_1.1.ep7.el7

redhat/eap7-activemq-artemis-cli<1.5.5.010-1.redhat_1.1.ep7.el7

1.5.5.010-1.redhat_1.1.ep7.el7

redhat/eap7-activemq-artemis-commons<1.5.5.010-1.redhat_1.1.ep7.el7

1.5.5.010-1.redhat_1.1.ep7.el7

redhat/eap7-activemq-artemis-core-client<1.5.5.010-1.redhat_1.1.ep7.el7

1.5.5.010-1.redhat_1.1.ep7.el7

redhat/eap7-activemq-artemis-dto<1.5.5.010-1.redhat_1.1.ep7.el7

1.5.5.010-1.redhat_1.1.ep7.el7

redhat/eap7-activemq-artemis-hornetq-protocol<1.5.5.010-1.redhat_1.1.ep7.el7

1.5.5.010-1.redhat_1.1.ep7.el7

redhat/eap7-activemq-artemis-hqclient-protocol<1.5.5.010-1.redhat_1.1.ep7.el7

1.5.5.010-1.redhat_1.1.ep7.el7

redhat/eap7-activemq-artemis-jdbc-store<1.5.5.010-1.redhat_1.1.ep7.el7

1.5.5.010-1.redhat_1.1.ep7.el7

redhat/eap7-activemq-artemis-jms-client<1.5.5.010-1.redhat_1.1.ep7.el7

1.5.5.010-1.redhat_1.1.ep7.el7

redhat/eap7-activemq-artemis-jms-server<1.5.5.010-1.redhat_1.1.ep7.el7

1.5.5.010-1.redhat_1.1.ep7.el7

redhat/eap7-activemq-artemis-journal<1.5.5.010-1.redhat_1.1.ep7.el7

1.5.5.010-1.redhat_1.1.ep7.el7

redhat/eap7-activemq-artemis-native<1.5.5.010-1.redhat_1.1.ep7.el7

1.5.5.010-1.redhat_1.1.ep7.el7

redhat/eap7-activemq-artemis-ra<1.5.5.010-1.redhat_1.1.ep7.el7

1.5.5.010-1.redhat_1.1.ep7.el7

redhat/eap7-activemq-artemis-selector<1.5.5.010-1.redhat_1.1.ep7.el7

1.5.5.010-1.redhat_1.1.ep7.el7

redhat/eap7-activemq-artemis-server<1.5.5.010-1.redhat_1.1.ep7.el7

1.5.5.010-1.redhat_1.1.ep7.el7

redhat/eap7-activemq-artemis-service-extensions<1.5.5.010-1.redhat_1.1.ep7.el7

1.5.5.010-1.redhat_1.1.ep7.el7

redhat/eap7-hibernate<5.1.13-1.Final_redhat_1.1.ep7.el7

5.1.13-1.Final_redhat_1.1.ep7.el7

redhat/eap7-hibernate-core<5.1.13-1.Final_redhat_1.1.ep7.el7

5.1.13-1.Final_redhat_1.1.ep7.el7

redhat/eap7-hibernate-entitymanager<5.1.13-1.Final_redhat_1.1.ep7.el7

5.1.13-1.Final_redhat_1.1.ep7.el7

redhat/eap7-hibernate-envers<5.1.13-1.Final_redhat_1.1.ep7.el7

5.1.13-1.Final_redhat_1.1.ep7.el7

redhat/eap7-hibernate-infinispan<5.1.13-1.Final_redhat_1.1.ep7.el7

5.1.13-1.Final_redhat_1.1.ep7.el7

redhat/eap7-hibernate-java8<5.1.13-1.Final_redhat_1.1.ep7.el7

5.1.13-1.Final_redhat_1.1.ep7.el7

redhat/eap7-infinispan<8.2.10-1.Final_redhat_1.1.ep7.el7

8.2.10-1.Final_redhat_1.1.ep7.el7

redhat/eap7-infinispan-cachestore-jdbc<8.2.10-1.Final_redhat_1.1.ep7.el7

8.2.10-1.Final_redhat_1.1.ep7.el7

redhat/eap7-infinispan-cachestore-remote<8.2.10-1.Final_redhat_1.1.ep7.el7

8.2.10-1.Final_redhat_1.1.ep7.el7

redhat/eap7-infinispan-client-hotrod<8.2.10-1.Final_redhat_1.1.ep7.el7

8.2.10-1.Final_redhat_1.1.ep7.el7

redhat/eap7-infinispan-commons<8.2.10-1.Final_redhat_1.1.ep7.el7

8.2.10-1.Final_redhat_1.1.ep7.el7

redhat/eap7-infinispan-core<8.2.10-1.Final_redhat_1.1.ep7.el7

8.2.10-1.Final_redhat_1.1.ep7.el7

redhat/eap7-ironjacamar<1.4.8-1.Final_redhat_1.1.ep7.el7

1.4.8-1.Final_redhat_1.1.ep7.el7

redhat/eap7-ironjacamar-common-api<1.4.8-1.Final_redhat_1.1.ep7.el7

1.4.8-1.Final_redhat_1.1.ep7.el7

redhat/eap7-ironjacamar-common-impl<1.4.8-1.Final_redhat_1.1.ep7.el7

1.4.8-1.Final_redhat_1.1.ep7.el7

redhat/eap7-ironjacamar-common-spi<1.4.8-1.Final_redhat_1.1.ep7.el7

1.4.8-1.Final_redhat_1.1.ep7.el7

redhat/eap7-ironjacamar-core-api<1.4.8-1.Final_redhat_1.1.ep7.el7

1.4.8-1.Final_redhat_1.1.ep7.el7

redhat/eap7-ironjacamar-core-impl<1.4.8-1.Final_redhat_1.1.ep7.el7

1.4.8-1.Final_redhat_1.1.ep7.el7

redhat/eap7-ironjacamar-deployers-common<1.4.8-1.Final_redhat_1.1.ep7.el7

1.4.8-1.Final_redhat_1.1.ep7.el7

redhat/eap7-ironjacamar-jdbc<1.4.8-1.Final_redhat_1.1.ep7.el7

1.4.8-1.Final_redhat_1.1.ep7.el7

redhat/eap7-ironjacamar-validator<1.4.8-1.Final_redhat_1.1.ep7.el7

1.4.8-1.Final_redhat_1.1.ep7.el7

redhat/eap7-jboss-ejb-client<4.0.10-1.Final_redhat_1.1.ep7.el7

4.0.10-1.Final_redhat_1.1.ep7.el7

redhat/eap7-jboss-marshalling<2.0.4-1.Final_redhat_1.1.ep7.el7

2.0.4-1.Final_redhat_1.1.ep7.el7

redhat/eap7-jboss-marshalling-river<2.0.4-1.Final_redhat_1.1.ep7.el7

2.0.4-1.Final_redhat_1.1.ep7.el7

redhat/eap7-jboss-server-migration<1.0.4-1.Final_redhat_1.1.ep7.el7

1.0.4-1.Final_redhat_1.1.ep7.el7

redhat/eap7-jboss-server-migration-cli<1.0.4-1.Final_redhat_1.1.ep7.el7

1.0.4-1.Final_redhat_1.1.ep7.el7

redhat/eap7-jboss-server-migration-core<1.0.4-1.Final_redhat_1.1.ep7.el7

1.0.4-1.Final_redhat_1.1.ep7.el7

redhat/eap7-jboss-server-migration-eap6.4<1.0.4-1.Final_redhat_1.1.ep7.el7

1.0.4-1.Final_redhat_1.1.ep7.el7

redhat/eap7-jboss-server-migration-eap6.4-to-eap7.0<1.0.4-1.Final_redhat_1.1.ep7.el7

1.0.4-1.Final_redhat_1.1.ep7.el7

redhat/eap7-jboss-server-migration-eap6.4-to-eap7.1<1.0.4-1.Final_redhat_1.1.ep7.el7

1.0.4-1.Final_redhat_1.1.ep7.el7

redhat/eap7-jboss-server-migration-eap7.0<1.0.4-1.Final_redhat_1.1.ep7.el7

1.0.4-1.Final_redhat_1.1.ep7.el7

redhat/eap7-jboss-server-migration-eap7.0-to-eap7.1<1.0.4-1.Final_redhat_1.1.ep7.el7

1.0.4-1.Final_redhat_1.1.ep7.el7

redhat/eap7-jboss-server-migration-eap7.1<1.0.4-1.Final_redhat_1.1.ep7.el7

1.0.4-1.Final_redhat_1.1.ep7.el7

redhat/eap7-jboss-server-migration-wildfly10.0<1.0.4-1.Final_redhat_1.1.ep7.el7

1.0.4-1.Final_redhat_1.1.ep7.el7

redhat/eap7-jboss-server-migration-wildfly10.0-to-eap7.1<1.0.4-1.Final_redhat_1.1.ep7.el7

1.0.4-1.Final_redhat_1.1.ep7.el7

redhat/eap7-jboss-server-migration-wildfly10.1<1.0.4-1.Final_redhat_1.1.ep7.el7

1.0.4-1.Final_redhat_1.1.ep7.el7

redhat/eap7-jboss-server-migration-wildfly10.1-to-eap7.1<1.0.4-1.Final_redhat_1.1.ep7.el7

1.0.4-1.Final_redhat_1.1.ep7.el7

redhat/eap7-jboss-server-migration-wildfly8.2<1.0.4-1.Final_redhat_1.1.ep7.el7

1.0.4-1.Final_redhat_1.1.ep7.el7

redhat/eap7-jboss-server-migration-wildfly8.2-to-eap7.0<1.0.4-1.Final_redhat_1.1.ep7.el7

1.0.4-1.Final_redhat_1.1.ep7.el7

redhat/eap7-jboss-server-migration-wildfly8.2-to-eap7.1<1.0.4-1.Final_redhat_1.1.ep7.el7

1.0.4-1.Final_redhat_1.1.ep7.el7

redhat/eap7-jboss-server-migration-wildfly9.0<1.0.4-1.Final_redhat_1.1.ep7.el7

1.0.4-1.Final_redhat_1.1.ep7.el7

redhat/eap7-jboss-server-migration-wildfly9.0-to-eap7.0<1.0.4-1.Final_redhat_1.1.ep7.el7

1.0.4-1.Final_redhat_1.1.ep7.el7

redhat/eap7-jboss-server-migration-wildfly9.0-to-eap7.1<1.0.4-1.Final_redhat_1.1.ep7.el7

1.0.4-1.Final_redhat_1.1.ep7.el7

redhat/eap7-jboss-weld<2.2-api-2.4.0-3.SP2_redhat_1.1.ep7.el7

2.2-api-2.4.0-3.SP2_redhat_1.1.ep7.el7

redhat/eap7-jboss-xnio-base<3.5.5-1.Final_redhat_1.1.ep7.el7

3.5.5-1.Final_redhat_1.1.ep7.el7

redhat/eap7-jgroups<3.6.14-1.Final_redhat_1.1.ep7.el7

3.6.14-1.Final_redhat_1.1.ep7.el7

redhat/eap7-picketbox<5.0.3-1.Final_redhat_1.1.ep7.el7

5.0.3-1.Final_redhat_1.1.ep7.el7

redhat/eap7-picketbox-infinispan<5.0.3-1.Final_redhat_1.1.ep7.el7

5.0.3-1.Final_redhat_1.1.ep7.el7

redhat/eap7-picketlink-api<2.5.5-11.SP10_redhat_1.1.ep7.el7

2.5.5-11.SP10_redhat_1.1.ep7.el7

redhat/eap7-picketlink-bindings<2.5.5-11.SP10_redhat_1.1.ep7.el7

2.5.5-11.SP10_redhat_1.1.ep7.el7

redhat/eap7-picketlink-common<2.5.5-11.SP10_redhat_1.1.ep7.el7

2.5.5-11.SP10_redhat_1.1.ep7.el7

redhat/eap7-picketlink-config<2.5.5-11.SP10_redhat_1.1.ep7.el7

2.5.5-11.SP10_redhat_1.1.ep7.el7

redhat/eap7-picketlink-federation<2.5.5-11.SP10_redhat_1.1.ep7.el7

2.5.5-11.SP10_redhat_1.1.ep7.el7

redhat/eap7-picketlink-idm-api<2.5.5-11.SP10_redhat_1.1.ep7.el7

2.5.5-11.SP10_redhat_1.1.ep7.el7

redhat/eap7-picketlink-idm-impl<2.5.5-11.SP10_redhat_1.1.ep7.el7

2.5.5-11.SP10_redhat_1.1.ep7.el7

redhat/eap7-picketlink-idm-simple-schema<2.5.5-11.SP10_redhat_1.1.ep7.el7

2.5.5-11.SP10_redhat_1.1.ep7.el7

redhat/eap7-picketlink-impl<2.5.5-11.SP10_redhat_1.1.ep7.el7

2.5.5-11.SP10_redhat_1.1.ep7.el7

redhat/eap7-picketlink-wildfly8<2.5.5-11.SP10_redhat_1.1.ep7.el7

2.5.5-11.SP10_redhat_1.1.ep7.el7

redhat/eap7-undertow<1.4.18-5.SP5_redhat_1.1.ep7.el7

1.4.18-5.SP5_redhat_1.1.ep7.el7

redhat/eap7-weld-core<2.4.7-1.Final_redhat_1.1.ep7.el7

2.4.7-1.Final_redhat_1.1.ep7.el7

redhat/eap7-weld-core-impl<2.4.7-1.Final_redhat_1.1.ep7.el7

2.4.7-1.Final_redhat_1.1.ep7.el7

redhat/eap7-weld-core-jsf<2.4.7-1.Final_redhat_1.1.ep7.el7

2.4.7-1.Final_redhat_1.1.ep7.el7

redhat/eap7-weld-probe-core<2.4.7-1.Final_redhat_1.1.ep7.el7

2.4.7-1.Final_redhat_1.1.ep7.el7

redhat/eap7-wildfly<7.1.2-1.GA_redhat_1.1.ep7.el7

7.1.2-1.GA_redhat_1.1.ep7.el7

redhat/eap7-wildfly-elytron<1.1.9-1.Final_redhat_1.1.ep7.el7

1.1.9-1.Final_redhat_1.1.ep7.el7

redhat/eap7-wildfly-elytron-tool<1.0.6-1.Final_redhat_1.1.ep7.el7

1.0.6-1.Final_redhat_1.1.ep7.el7

redhat/eap7-wildfly-javadocs<7.1.2-1.GA_redhat_1.1.ep7.el7

7.1.2-1.GA_redhat_1.1.ep7.el7

redhat/eap7-wildfly-modules<7.1.2-1.GA_redhat_1.1.ep7.el7

7.1.2-1.GA_redhat_1.1.ep7.el7

redhat/eap7-wildfly-web-console-eap<2.9.16-2.Final_redhat_1.2.ep7.el7

2.9.16-2.Final_redhat_1.2.ep7.el7

Remediation

Event History

Apr 25, 2018

Advisory Published

via Red Hat·12:00 AM

Frequently Asked Questions

What is the severity of RHSA-2018:1247?

The severity of RHSA-2018:1247 is classified as important.

How do I fix RHSA-2018:1247?

To fix RHSA-2018:1247, you need to upgrade to the specified corrected packages listed in the advisory.

Which products are affected by RHSA-2018:1247?

RHSA-2018:1247 affects multiple packages in the Red Hat JBoss Enterprise Application Platform 7.1.x series.

What is the main purpose of RHSA-2018:1247?

The main purpose of RHSA-2018:1247 is to address security vulnerabilities in Red Hat JBoss Enterprise Application Platform.

What type of vulnerabilities are addressed in RHSA-2018:1247?

RHSA-2018:1247 addresses vulnerabilities that could allow denial of service or application crashes.

RHSA-2018:1247: Important: JBoss Enterprise Application Platform 7.1.2 for RHEL 7

Affected Software

Remediation

Event History

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of RHSA-2018:1247?

How do I fix RHSA-2018:1247?

Which products are affected by RHSA-2018:1247?

What is the main purpose of RHSA-2018:1247?

What type of vulnerabilities are addressed in RHSA-2018:1247?

Company

Resources

Contact