RHSA-2020:2561: Critical: EAP Continuous Delivery Technical Preview Release 12 security update
Red Hat JBoss Enterprise Application Platform CD12 is a platform for Java applications based on the WildFly application runtime.This release of Red Hat JBoss Enterprise Application Platform CD12 includes bug fixes and enhancements. Security Fix(es): artemis: artemis/hornetq: memory exhaustion via UDP and JGroups discovery (CVE-2017-12174) lucene: Solr: Code execution via entity expansion (CVE-2017-12629) infinispan-core: infinispan: Unsafe deserialization of malicious object injected into data cache (CVE-2017-15089) slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088) elytron: client can use bogus uri in digest authentication (CVE-2017-12196) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2020:2561?
The severity of RHSA-2020:2561 is categorized as important due to potential vulnerabilities in the Red Hat JBoss Enterprise Application Platform.
How do I fix RHSA-2020:2561?
To fix RHSA-2020:2561, update your Red Hat JBoss Enterprise Application Platform to the latest patched version provided by Red Hat.
What vulnerabilities are addressed in RHSA-2020:2561?
RHSA-2020:2561 addresses multiple security vulnerabilities affecting the messaging service in the JBoss Enterprise Application Platform.
Is my system vulnerable if I am using Red Hat JBoss Enterprise Application Platform CD12?
Yes, if you are using Red Hat JBoss Enterprise Application Platform CD12 without the latest updates, your system may be vulnerable to the issues identified in RHSA-2020:2561.
When was RHSA-2020:2561 released?
RHSA-2020:2561 was released on September 29, 2020.