RHSA-2018:1575: Important: Red Hat JBoss Data Grid 7.2 security update
Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan.<br>This release of Red Hat JBoss Data Grid 7.2.0 serves as a replacement for Red Hat JBoss Data Grid 7.1.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.<br>Security Fix(es):<br><li> slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)</li> For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.<br>Red Hat would like to thank Chris McCown for reporting this issue.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2018:1575?
The severity of RHSA-2018:1575 is considered moderate.
How do I fix RHSA-2018:1575?
To fix RHSA-2018:1575, update to the latest version of Red Hat JBoss Data Grid as recommended in the advisory.
What products are affected by RHSA-2018:1575?
RHSA-2018:1575 affects Red Hat JBoss Data Grid 7.1.2 and earlier versions.
What type of vulnerability is described in RHSA-2018:1575?
RHSA-2018:1575 addresses various bug fixes and enhancements in Red Hat JBoss Data Grid.
When was RHSA-2018:1575 released?
RHSA-2018:1575 was released on August 7, 2018.