RHSA-2019:2413: Important: Red Hat Fuse 7.4.0 security update

This release of Red Hat Fuse 7.4.0 serves as a replacement for Red Hat Fuse 7.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.<br>Security Fix(es):<br><li> hazelcast: java deserialization in join cluster procedure leading to remote code execution (CVE-2016-10750)</li> <li> slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)</li> <li> jolokia: system-wide CSRF that could lead to Remote Code Execution (CVE-2018-10899)</li> <li> spring-security-oauth: Privilege escalation by manipulating saved authorization request (CVE-2018-15758)</li> <li> solr: remote code execution due to unsafe deserialization (CVE-2019-0192)</li> <li> thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class (CVE-2018-1320)</li> <li> spring-security-core: Unauthorized Access with Spring Security Method Security (CVE-2018-1258)</li> <li> wildfly: Race condition on PID file allows for termination of arbitrary processes by local users (CVE-2019-3805)</li> For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.