RHSA-2018:2419: Important: Red Hat JBoss BPM Suite 6.4.11 security update
Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes.<br>This release of Red Hat JBoss BPM Suite 6.4.11 serves as a replacement for Red Hat JBoss BPM Suite 6.4.10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.<br>Security Fix(es):<br><li> slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)</li> For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.<br>Red Hat would like to thank Chris McCown for reporting this issue.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2018:2419?
The severity of RHSA-2018:2419 is classified as critical.
What vulnerabilities does RHSA-2018:2419 address?
RHSA-2018:2419 addresses critical vulnerabilities in Red Hat JBoss BPM Suite that could lead to unauthorized access or denial of service.
How do I fix RHSA-2018:2419?
To fix RHSA-2018:2419, you should update to the latest version of Red Hat JBoss BPM Suite as recommended in the release notes.
What versions of Red Hat JBoss BPM Suite are affected by RHSA-2018:2419?
RHSA-2018:2419 affects the Red Hat JBoss BPM Suite 6.4.11 and earlier versions.
Is there a workaround for RHSA-2018:2419 if I cannot update immediately?
There are no known workarounds for RHSA-2018:2419, so it is recommended to apply the security update as soon as possible.