红帽产品勘误 RHSA-2019:3082 - Security Advisory
发布:
2019-10-15
已更新:
2019-10-15

RHSA-2019:3082 - Security Advisory

概述

Moderate: Red Hat JBoss Enterprise Application Platform 7.2 security update

类型/严重性

Security Advisory: Moderate

Red Hat Insights 补丁分析

识别并修复受此公告影响的系统。

查看受影响的系统

标题

A security update is now available for Red Hat JBoss Enterprise Application Platform from the Customer Portal.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

描述

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on WildFly.

This asynchronous patch is a security update for the wildfly-core package in Red Hat JBoss Enterprise Application Platform 7.2.

Security Fix(es):

  • wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default (CVE-2019-14838)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

解决方案

Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.

The JBoss server process must be restarted for the update to take effect.

For details about how to apply this update, see:
https://access.redhat.com/articles/11258

受影响的产品

  • JBoss Enterprise Application Platform 7.4 for RHEL 8 x86_64
  • JBoss Enterprise Application Platform 7.4 for RHEL 7 x86_64
  • JBoss Enterprise Application Platform 7.3 for RHEL 8 x86_64
  • JBoss Enterprise Application Platform 7.3 for RHEL 7 x86_64
  • JBoss Enterprise Application Platform 7.3 for RHEL 6 x86_64
  • JBoss Enterprise Application Platform 7.2 for RHEL 8 x86_64
  • JBoss Enterprise Application Platform 7.2 for RHEL 7 x86_64
  • JBoss Enterprise Application Platform 7.2 for RHEL 6 x86_64

修复

  • BZ - 1751227 - CVE-2019-14838 wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default

JBoss Enterprise Application Platform 7.4 for RHEL 8

SRPM
eap7-wildfly-7.2.4-2.SP1_redhat_00001.1.el8eap.src.rpm SHA-256: 641d309b6eb18d0193ed141985c383b183aacd3899831bc777655dbda4423553
x86_64
eap7-wildfly-7.2.4-2.SP1_redhat_00001.1.el8eap.noarch.rpm SHA-256: 76ca9dd7ae4e6b7f257391823b1bf38185c2c47dfbc68acc7436b830dc125a8d
eap7-wildfly-javadocs-7.2.4-2.SP1_redhat_00001.1.el8eap.noarch.rpm SHA-256: 91b66ad43fa09f66df7fb637d015e0f6596cae90adcf6e2e4751a578be5cf7e2
eap7-wildfly-modules-7.2.4-2.SP1_redhat_00001.1.el8eap.noarch.rpm SHA-256: a6e2e90ba44ca0af01becab325086a5be5f91281070d7d839f258649630c144e

JBoss Enterprise Application Platform 7.4 for RHEL 7

SRPM
eap7-wildfly-7.2.4-2.SP1_redhat_00001.1.el7eap.src.rpm SHA-256: e7a4e1db8de9b9a870d3d12ae550a6ad7d55592b1954d46838df296b01bc1528
x86_64
eap7-wildfly-7.2.4-2.SP1_redhat_00001.1.el7eap.noarch.rpm SHA-256: fa360995c2684443003729ea536ab854277be0cb65f56bfea96e956b7fff46ec
eap7-wildfly-java-jdk11-7.2.4-2.SP1_redhat_00001.1.el7eap.noarch.rpm SHA-256: 806697c72d80b45d0c8db803fb491d4497bb1c57ed9e2c812e7a2a2e28005c2f
eap7-wildfly-java-jdk8-7.2.4-2.SP1_redhat_00001.1.el7eap.noarch.rpm SHA-256: ceea310eac48ca7c6c1da206e4fd9126e13a6c0a5f6de2e7065d95dc09f72906
eap7-wildfly-javadocs-7.2.4-2.SP1_redhat_00001.1.el7eap.noarch.rpm SHA-256: f9a1cd6260910a8eac8a670f3973e60085699c41e3ac0da4a81ab2adbcea0da4
eap7-wildfly-modules-7.2.4-2.SP1_redhat_00001.1.el7eap.noarch.rpm SHA-256: 7a7001dca2cc3290cc33070b6c6db3359bae0be9a33a2c0a0703662ba9a8f47a

JBoss Enterprise Application Platform 7.3 for RHEL 8

SRPM
eap7-wildfly-7.2.4-2.SP1_redhat_00001.1.el8eap.src.rpm SHA-256: 641d309b6eb18d0193ed141985c383b183aacd3899831bc777655dbda4423553
x86_64
eap7-wildfly-7.2.4-2.SP1_redhat_00001.1.el8eap.noarch.rpm SHA-256: 76ca9dd7ae4e6b7f257391823b1bf38185c2c47dfbc68acc7436b830dc125a8d
eap7-wildfly-javadocs-7.2.4-2.SP1_redhat_00001.1.el8eap.noarch.rpm SHA-256: 91b66ad43fa09f66df7fb637d015e0f6596cae90adcf6e2e4751a578be5cf7e2
eap7-wildfly-modules-7.2.4-2.SP1_redhat_00001.1.el8eap.noarch.rpm SHA-256: a6e2e90ba44ca0af01becab325086a5be5f91281070d7d839f258649630c144e

JBoss Enterprise Application Platform 7.3 for RHEL 7

SRPM
eap7-wildfly-7.2.4-2.SP1_redhat_00001.1.el7eap.src.rpm SHA-256: e7a4e1db8de9b9a870d3d12ae550a6ad7d55592b1954d46838df296b01bc1528
x86_64
eap7-wildfly-7.2.4-2.SP1_redhat_00001.1.el7eap.noarch.rpm SHA-256: fa360995c2684443003729ea536ab854277be0cb65f56bfea96e956b7fff46ec
eap7-wildfly-java-jdk11-7.2.4-2.SP1_redhat_00001.1.el7eap.noarch.rpm SHA-256: 806697c72d80b45d0c8db803fb491d4497bb1c57ed9e2c812e7a2a2e28005c2f
eap7-wildfly-java-jdk8-7.2.4-2.SP1_redhat_00001.1.el7eap.noarch.rpm SHA-256: ceea310eac48ca7c6c1da206e4fd9126e13a6c0a5f6de2e7065d95dc09f72906
eap7-wildfly-javadocs-7.2.4-2.SP1_redhat_00001.1.el7eap.noarch.rpm SHA-256: f9a1cd6260910a8eac8a670f3973e60085699c41e3ac0da4a81ab2adbcea0da4
eap7-wildfly-modules-7.2.4-2.SP1_redhat_00001.1.el7eap.noarch.rpm SHA-256: 7a7001dca2cc3290cc33070b6c6db3359bae0be9a33a2c0a0703662ba9a8f47a

JBoss Enterprise Application Platform 7.3 for RHEL 6

SRPM
eap7-wildfly-7.2.4-2.SP1_redhat_00001.1.el6eap.src.rpm SHA-256: 23c0ccce24ea02051df5e31ab8fbc6fb54f7169bedf07c8fd4928c447e7c927c
x86_64
eap7-wildfly-7.2.4-2.SP1_redhat_00001.1.el6eap.noarch.rpm SHA-256: 8a23ee56169312bec56a620b12341a63e6a4609db921602a5af69b96d822cfd9
eap7-wildfly-javadocs-7.2.4-2.SP1_redhat_00001.1.el6eap.noarch.rpm SHA-256: 375134fbb0da6ee715f48c8b8d9dca489967869d09b0877c7de103356ffdc081
eap7-wildfly-modules-7.2.4-2.SP1_redhat_00001.1.el6eap.noarch.rpm SHA-256: 2ca78a6d9bcd09ca8338c16df30742705ad82f951dbb26bb0a530bbbf241d4c7

JBoss Enterprise Application Platform 7.2 for RHEL 8

SRPM
eap7-wildfly-7.2.4-2.SP1_redhat_00001.1.el8eap.src.rpm SHA-256: 641d309b6eb18d0193ed141985c383b183aacd3899831bc777655dbda4423553
x86_64
eap7-wildfly-7.2.4-2.SP1_redhat_00001.1.el8eap.noarch.rpm SHA-256: 76ca9dd7ae4e6b7f257391823b1bf38185c2c47dfbc68acc7436b830dc125a8d
eap7-wildfly-javadocs-7.2.4-2.SP1_redhat_00001.1.el8eap.noarch.rpm SHA-256: 91b66ad43fa09f66df7fb637d015e0f6596cae90adcf6e2e4751a578be5cf7e2
eap7-wildfly-modules-7.2.4-2.SP1_redhat_00001.1.el8eap.noarch.rpm SHA-256: a6e2e90ba44ca0af01becab325086a5be5f91281070d7d839f258649630c144e

JBoss Enterprise Application Platform 7.2 for RHEL 7

SRPM
eap7-wildfly-7.2.4-2.SP1_redhat_00001.1.el7eap.src.rpm SHA-256: e7a4e1db8de9b9a870d3d12ae550a6ad7d55592b1954d46838df296b01bc1528
x86_64
eap7-wildfly-7.2.4-2.SP1_redhat_00001.1.el7eap.noarch.rpm SHA-256: fa360995c2684443003729ea536ab854277be0cb65f56bfea96e956b7fff46ec
eap7-wildfly-java-jdk11-7.2.4-2.SP1_redhat_00001.1.el7eap.noarch.rpm SHA-256: 806697c72d80b45d0c8db803fb491d4497bb1c57ed9e2c812e7a2a2e28005c2f
eap7-wildfly-java-jdk8-7.2.4-2.SP1_redhat_00001.1.el7eap.noarch.rpm SHA-256: ceea310eac48ca7c6c1da206e4fd9126e13a6c0a5f6de2e7065d95dc09f72906
eap7-wildfly-javadocs-7.2.4-2.SP1_redhat_00001.1.el7eap.noarch.rpm SHA-256: f9a1cd6260910a8eac8a670f3973e60085699c41e3ac0da4a81ab2adbcea0da4
eap7-wildfly-modules-7.2.4-2.SP1_redhat_00001.1.el7eap.noarch.rpm SHA-256: 7a7001dca2cc3290cc33070b6c6db3359bae0be9a33a2c0a0703662ba9a8f47a

JBoss Enterprise Application Platform 7.2 for RHEL 6

SRPM
eap7-wildfly-7.2.4-2.SP1_redhat_00001.1.el6eap.src.rpm SHA-256: 23c0ccce24ea02051df5e31ab8fbc6fb54f7169bedf07c8fd4928c447e7c927c
x86_64
eap7-wildfly-7.2.4-2.SP1_redhat_00001.1.el6eap.noarch.rpm SHA-256: 8a23ee56169312bec56a620b12341a63e6a4609db921602a5af69b96d822cfd9
eap7-wildfly-javadocs-7.2.4-2.SP1_redhat_00001.1.el6eap.noarch.rpm SHA-256: 375134fbb0da6ee715f48c8b8d9dca489967869d09b0877c7de103356ffdc081
eap7-wildfly-modules-7.2.4-2.SP1_redhat_00001.1.el6eap.noarch.rpm SHA-256: 2ca78a6d9bcd09ca8338c16df30742705ad82f951dbb26bb0a530bbbf241d4c7

Red Hat 安全团队联络方式为 [email protected]。 更多联络细节请参考 https://access.redhat.com/security/team/contact/