RHSA-2020:4401: Important: Red Hat JBoss Enterprise Application Platform 7.3 security update
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.<br>This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6, 7, and 8.<br>Security Fix(es):<br><li> jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (CVE-2020-25649)</li> For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2020:4401?
The severity of RHSA-2020:4401 is categorized as critical.
How do I fix RHSA-2020:4401?
To fix RHSA-2020:4401, update the eap7-jackson-databind package to the specified versions for your Red Hat Enterprise Linux 6, 7, or 8.
What vulnerabilities does RHSA-2020:4401 address?
RHSA-2020:4401 addresses security vulnerabilities in the Jackson Databind library used in Red Hat JBoss Enterprise Application Platform 7.
Which versions are affected by RHSA-2020:4401?
RHSA-2020:4401 affects versions prior to 2.10.4-1.redhat_00002.1 for eap7-jackson-databind on RHEL 6, 7, and 8.
Is a system reboot required after applying the RHSA-2020:4401 fix?
A system reboot is not typically required after applying the fix for RHSA-2020:4401, but it is recommended to verify application functionality.