RHSA-2020:5344: Important: Red Hat JBoss Enterprise Application Platform 7.3.4 security update
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.<br>This release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.4 Release Notes for information about the most significant bug fixes and enhancements included in this release.<br>Security Fix(es):<br><li> jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (CVE-2020-25649)</li> <li> hibernate-core: SQL injection vulnerability when both hibernate.usesqlcomments and JPQL String literals are used (CVE-2020-25638)</li> <li> wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL (CVE-2020-25644)</li> For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2020:5344?
The severity of RHSA-2020:5344 is classified as important.
How do I fix RHSA-2020:5344?
To fix RHSA-2020:5344, you should update to Red Hat JBoss Enterprise Application Platform 7.3.4.
What versions are affected by RHSA-2020:5344?
RHSA-2020:5344 affects Red Hat JBoss Enterprise Application Platform versions prior to 7.3.4.
Is RHSA-2020:5344 related to security vulnerabilities?
Yes, RHSA-2020:5344 addresses security vulnerabilities in Red Hat JBoss Enterprise Application Platform.
When was RHSA-2020:5344 released?
RHSA-2020:5344 was released on December 15, 2020.