Operating System:

[RedHat]

Published:

12 June 2020

Protect yourself against future threats.

//Service

Sensitive Information Alert

Alert notification provided via email for sensitive material found online by our analyst team which specifically targets your organisation.

Read more
Resources > Security Bulletins > ESB-2020.2050 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.2050
    Red Hat JBoss Enterprise Application Platform 7.3.1 Security update
                               12 June 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Red Hat JBoss Enterprise Application Platform 7.3.1
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 7
                   Red Hat Enterprise Linux WS/Desktop 7
                   Red Hat
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated      
                   Denial of Service               -- Remote/Unauthenticated      
                   Cross-site Scripting            -- Remote with User Interaction
                   Provide Misleading Information  -- Remote with User Interaction
                   Access Confidential Data        -- Remote/Unauthenticated      
                   Reduced Security                -- Remote/Unauthenticated      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-10719 CVE-2020-10688 CVE-2020-9548
                   CVE-2020-9547 CVE-2020-9546 CVE-2020-8840
                   CVE-2020-7226 CVE-2020-6950 CVE-2020-1757
                   CVE-2020-1745 CVE-2020-1729 CVE-2020-1695
                   CVE-2019-17573 CVE-2019-14887 CVE-2019-12423
                   CVE-2019-10172 CVE-2019-0210 CVE-2019-0205
                   CVE-2018-14371 CVE-2016-3720 

Reference:         ASB-2020.0025
                   ESB-2020.2042
                   ESB-2020.1882
                   ESB-2020.1662

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2020:2512
   https://access.redhat.com/errata/RHSA-2020:2513

Comment: This bulletin contains two (2) Red Hat security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update
Advisory ID:       RHSA-2020:2512-01
Product:           Red Hat JBoss Enterprise Application Platform
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:2512
Issue date:        2020-06-10
CVE Names:         CVE-2018-14371 CVE-2019-0205 CVE-2019-0210 
                   CVE-2019-10172 CVE-2019-12423 CVE-2019-14887 
                   CVE-2019-17573 CVE-2020-1695 CVE-2020-1729 
                   CVE-2020-1745 CVE-2020-1757 CVE-2020-6950 
                   CVE-2020-7226 CVE-2020-8840 CVE-2020-9546 
                   CVE-2020-9547 CVE-2020-9548 CVE-2020-10688 
                   CVE-2020-10719 
=====================================================================

1. Summary:

An update is now available for Red Hat JBoss Enterprise Application
Platform 7.3 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat JBoss EAP 7.3 for RHEL 7 Server - noarch

3. Description:

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java
applications based on the WildFly application runtime.

This release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves
as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.0,
and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise
Application Platform 7.3.1 Release Notes for information about the most
significant bug fixes and enhancements included in this release.

Security Fix(es):

* cxf: reflected XSS in the services listing page (CVE-2019-17573)

* cxf-core: cxf: OpenId Connect token service does not properly validate
the clientId (CVE-2019-12423)

* jackson-mapper-asl: XML external entity similar to CVE-2016-3720
(CVE-2019-10172)

* undertow: servletPath in normalized incorrectly leading to dangerous
application mapping which could result in security bypass (CVE-2020-1757)

* jackson-databind: XML external entity similar to CVE-2016-3720
(CVE-2019-10172)

* jackson-mapper-asl: XML external entity similar to CVE-2016-3720
(CVE-2019-10172)

* resteasy-jaxrs: resteasy: Improper validation of response header in
MediaTypeHeaderDelegate.java class (CVE-2020-1695)

* cryptacular: excessive memory allocation during a decode operation
(CVE-2020-7226)

* smallrye-config: SmallRye: SecuritySupport class is incorrectly public
and contains a static method to access the current threads context class
loader (CVE-2020-1729)

* resteasy: RESTEASY003870 exception in RESTEasy can lead to a reflected
XSS attack (CVE-2020-10688)

* jackson-databind: Lacks certain xbean-reflect/JNDI blocking
(CVE-2020-8840)

* undertow: invalid HTTP request with large chunk size (CVE-2020-10719)

* jackson-databind: Serialization gadgets in shaded-hikari-config
(CVE-2020-9546)

* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)

* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)

* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)

* libthrift: thrift: Endless loop when feed with specific input data
(CVE-2019-0205)

* libthrift: thrift: Out-of-bounds read related to TJSONProtocol or
TSimpleJSONProtocol (CVE-2019-0210)

* wildfly: The 'enabled-protocols' value in legacy security is not
respected if OpenSSL security provider is in use (CVE-2019-14887)

* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con
parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)

* jsf-impl: mojarra: Path traversal in
ResourceManager.java:getLocalePrefix() via the loc parameter
(CVE-2018-14371)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, see the CVE page(s) listed in the
References section.

4. Solution:

Before applying this update, ensure all previously released errata relevant
to your system have been applied.

For details about how to apply this update, see:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1607709 - CVE-2018-14371 mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter
1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720
1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class
1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass
1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol
1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data
1772008 - CVE-2019-14887 wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use
1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId
1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page
1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation
1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader
1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371
1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability
1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack
1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking
1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config
1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap
1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core
1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size

6. JIRA issues fixed (https://issues.jboss.org/):

JBEAP-16114 - (7.3.z) Upgrade jboss-vfs to 3.2.15.Final
JBEAP-18060 - [GSS](7.3.z) Upgrade weld from 3.1.2.Final-redhat-00001 to 3.1.4.Final-redhat-00001
JBEAP-18163 - (7.3.z) Upgrade HAL from 3.2.3.Final-redhat-00001 to 3.2.8.Final-redhat-00001
JBEAP-18221 - (7.3.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00010 to 2.5.5.SP12-redhat-00012
JBEAP-18240 - (7.3.z) Update the Chinese translations in WildFly Core
JBEAP-18241 - (7.3.z) Update the Japanese translations in WildFly Core
JBEAP-18273 - (7.3.z) Upgrade IronJacamar from 1.4.19.Final to 1.4.20.Final
JBEAP-18277 - [GSS](7.3.z) Upgrade JBoss JSF API from 3.0.0.SP01-redhat-00001 to 3.0.0.SP02-redhat-00001
JBEAP-18288 - [GSS](7.3.z) Upgrade FasterXML from 2.10.0 to 2.10.3
JBEAP-18294 - (7.3.z) Upgrade JAXB from 2.3.1 to 2.3.3-b02 and com.sun.istack from 3.0.7 to 3.0.10
JBEAP-18302 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.18 to 1.0.20
JBEAP-18315 - [GSS](7.3.z) Upgrade Artemis from 2.9.0.redhat-00005 to 2.9.0.redhat-00010
JBEAP-18346 - [GSS](7.3.z) Upgrade jakarta.el from 3.0.2.redhat-00001 to 3.0.3.redhat-00002
JBEAP-18352 - [GSS](7.3.z) Upgrade JBoss Remoting from 5.0.16.Final-redhat-00001 to 5.0.18.Final-redhat-00001
JBEAP-18361 - [GSS](7.3.z) Upgrade Woodstox from 5.0.3 to 6.0.3
JBEAP-18367 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.15 to 5.3.16
JBEAP-18393 - [GSS](7.3.z) Update $JBOSS_HOME/docs/schema to show https schema URL instead of http
JBEAP-18398 - Tracker bug for the EAP 7.3.1 release for RHEL-7
JBEAP-18409 - [GSS](7.3.z) Upgrade Infinispan from 9.4.16.Final-redhat-00002 to 9.4.18.Final-redhat-00001
JBEAP-18527 - (7.3.z) Upgrade WildFly Naming Client from 1.0.10.Final to 1.0.12.Final
JBEAP-18528 - (7.3.z) Upgrade jboss-ejb-client from 4.0.27.Final to 4.0.31.Final-redhat-00001
JBEAP-18596 - [GSS](7.3.z) Upgrade JBoss Modules from 1.9.1 to 1.10.0
JBEAP-18598 - [GSS](7.3.z) Upgrade Bouncycastle from 1.60.0-redhat-00001 to 1.60.0-redhat-00002
JBEAP-18640 - [Runtimes] (7.3.x) Upgrade slf4j-jboss-logmanager from 1.0.3.GA.redhat-2 to 1.0.4.GA.redhat-00001
JBEAP-18653 - (7.3.z) Upgrade Apache CXF from 3.3.4.redhat-00001 to 3.3.5.redhat-00001
JBEAP-18706 - (7.3.z) Upgrade elytron-web from 1.6.0.Final to 1.6.1.Final
JBEAP-18770 - Upgrade Jandex to 2.1.2.Final-redhat-00001
JBEAP-18775 - (7.3.z) Upgrade WildFly Core to 10.1.4.Final-redhat-00001
JBEAP-18788 - (7.3.x) Upgrade wss4j from 2.2.4.redhat-00001 to 2.2.5.redhat-00001
JBEAP-18790 - (7.3.z) Upgrade cryptacular from 1.2.0.redhat-1 to 1.2.4.redhat-00001
JBEAP-18818 - (7.3.z) Upgrade PicketBox from 5.0.3.Final-redhat-00005 to 5.0.3.Final-redhat-00006
JBEAP-18836 - [GSS](7.3.z) Upgrade Remoting JMX from 3.0.3 to 3.0.4
JBEAP-18850 - (7.3.z) Upgrade smallrye-config from 1.4.1 to 1.6.2
JBEAP-18870 - Upgrade WildFly Common to 1.5.2.Final.redhat-00002
JBEAP-18875 - Upgrade MicroProfile Metrics API to 2.3 and smallrye-metrics to 2.4.0
JBEAP-18876 - Upgrade Smallrye Health to 2.2.0 and MP Health API to 2.2
JBEAP-18877 - (7.3.z) Upgrade Jaeger client to 0.34.3
JBEAP-18878 - Upgrade Smallrye Opentracing to 1.3.4 and MP Opentracing to 1.3.3
JBEAP-18879 - (7.3.z) Upgrade MicroProfile Config 1.4
JBEAP-18929 - (7.3.z) Upgrade WildFly Elytron from 1.10.5.Final-redhat-00001 to 1.10.6.Final
JBEAP-18990 - (7.3.z) Upgrade jasypt from 1.9.2 to 1.9.3-redhat-00001
JBEAP-18991 - (7.3.z) Upgrade opensaml from 3.3.0.redhat-1 to 3.3.1-redhat-00002
JBEAP-19035 - In Building Custom Layers, update pom.xml content for 7.3.1
JBEAP-19054 - Upgrade MP REST Client to 1.4.0.redhat-00004
JBEAP-19066 - Upgrade snakeyaml from 1.18.0.redhat-2 to 1.24.0.redhat-00001
JBEAP-19117 - [GSS](7.3.z) Upgrade org.jboss.genericjms from 2.0.2.Final-redhat-00001 to 2.0.4.Final-redhat-00001
JBEAP-19133 - [GSS](7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP08-redhat-00001 to 2.3.9.SP09-redhat-00001
JBEAP-19156 - (7.3.z) Upgrade RESTEasy from 3.11.1.Final.redhat-00001 to 3.11.2.Final.redhat-00001
JBEAP-19181 - (7.3.z) Upgrade WildFly Core to 10.1.5.Final-redhat-00001
JBEAP-19192 - (7.3.z) Update the Japanese translations
JBEAP-19232 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.7.Final-redhat-00001
JBEAP-19281 - (7.3.z) Upgrade undertow from 2.0.30.SP2-redhat-00001 to 2.0.30.SP3-redhat-00001
JBEAP-19456 - Upgrade wildfly-transaction-client to 1.1.11.Final

7. Package List:

Red Hat JBoss EAP 7.3 for RHEL 7 Server:

Source:
eap7-activemq-artemis-2.9.0-4.redhat_00010.1.el7eap.src.rpm
eap7-apache-cxf-3.3.5-1.redhat_00001.1.el7eap.src.rpm
eap7-bouncycastle-1.60.0-2.redhat_00002.1.el7eap.src.rpm
eap7-codehaus-jackson-1.9.13-10.redhat_00007.1.el7eap.src.rpm
eap7-cryptacular-1.2.4-1.redhat_00001.1.el7eap.src.rpm
eap7-elytron-web-1.6.1-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-glassfish-jaxb-2.3.3-4.b02_redhat_00001.1.el7eap.src.rpm
eap7-glassfish-jsf-2.3.9-10.SP09_redhat_00001.1.el7eap.src.rpm
eap7-hal-console-3.2.8-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-hibernate-5.3.16-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-infinispan-9.4.18-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-ironjacamar-1.4.20-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-jackson-annotations-2.10.3-1.redhat_00001.1.el7eap.src.rpm
eap7-jackson-core-2.10.3-1.redhat_00001.1.el7eap.src.rpm
eap7-jackson-databind-2.10.3-1.redhat_00001.1.el7eap.src.rpm
eap7-jackson-jaxrs-providers-2.10.3-1.redhat_00001.1.el7eap.src.rpm
eap7-jackson-modules-base-2.10.3-1.redhat_00001.1.el7eap.src.rpm
eap7-jackson-modules-java8-2.10.3-1.redhat_00001.1.el7eap.src.rpm
eap7-jaegertracing-jaeger-client-java-0.34.3-1.redhat_00001.1.el7eap.src.rpm
eap7-jakarta-el-3.0.3-1.redhat_00002.1.el7eap.src.rpm
eap7-jandex-2.1.2-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-jasypt-1.9.3-1.redhat_00001.1.el7eap.src.rpm
eap7-jboss-ejb-client-4.0.31-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-jboss-genericjms-2.0.4-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-jboss-jsf-api_2.3_spec-3.0.0-3.SP02_redhat_00001.1.el7eap.src.rpm
eap7-jboss-modules-1.10.0-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-jboss-remoting-5.0.18-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-jboss-remoting-jmx-3.0.4-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-jboss-server-migration-1.7.1-5.Final_redhat_00006.1.el7eap.src.rpm
eap7-jboss-vfs-3.2.15-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-jboss-weld-3.1-api-3.1.0-6.SP2_redhat_00001.1.el7eap.src.rpm
eap7-microprofile-config-1.4.0-1.redhat_00003.1.el7eap.src.rpm
eap7-microprofile-health-2.2.0-1.redhat_00001.1.el7eap.src.rpm
eap7-microprofile-metrics-2.3.0-1.redhat_00001.1.el7eap.src.rpm
eap7-microprofile-opentracing-1.3.3-1.redhat_00001.1.el7eap.src.rpm
eap7-microprofile-rest-client-1.4.0-1.redhat_00004.1.el7eap.src.rpm
eap7-opensaml-3.3.1-1.redhat_00002.1.el7eap.src.rpm
eap7-picketbox-5.0.3-7.Final_redhat_00006.1.el7eap.src.rpm
eap7-picketlink-bindings-2.5.5-23.SP12_redhat_00012.1.el7eap.src.rpm
eap7-resteasy-3.11.2-3.Final_redhat_00002.1.el7eap.src.rpm
eap7-slf4j-jboss-logmanager-1.0.4-1.GA_redhat_00001.1.el7eap.src.rpm
eap7-smallrye-config-1.6.2-3.redhat_00004.1.el7eap.src.rpm
eap7-smallrye-health-2.2.0-1.redhat_00004.1.el7eap.src.rpm
eap7-smallrye-metrics-2.4.0-1.redhat_00004.1.el7eap.src.rpm
eap7-smallrye-opentracing-1.3.4-1.redhat_00004.1.el7eap.src.rpm
eap7-snakeyaml-1.24.0-2.redhat_00001.1.el7eap.src.rpm
eap7-stax2-api-4.2.0-1.redhat_00001.1.el7eap.src.rpm
eap7-sun-istack-commons-3.0.10-1.redhat_00001.1.el7eap.src.rpm
eap7-undertow-2.0.30-3.SP3_redhat_00001.1.el7eap.src.rpm
eap7-weld-core-3.1.4-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-wildfly-7.3.1-5.GA_redhat_00003.1.el7eap.src.rpm
eap7-wildfly-elytron-1.10.6-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-wildfly-http-client-1.0.20-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-wildfly-naming-client-1.0.12-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-wildfly-transaction-client-1.1.11-1.Final_redhat_00001.1.el7eap.src.rpm
eap7-woodstox-core-6.0.3-1.redhat_00001.1.el7eap.src.rpm
eap7-wss4j-2.2.5-1.redhat_00001.1.el7eap.src.rpm

noarch:
eap7-activemq-artemis-2.9.0-4.redhat_00010.1.el7eap.noarch.rpm
eap7-activemq-artemis-cli-2.9.0-4.redhat_00010.1.el7eap.noarch.rpm
eap7-activemq-artemis-commons-2.9.0-4.redhat_00010.1.el7eap.noarch.rpm
eap7-activemq-artemis-core-client-2.9.0-4.redhat_00010.1.el7eap.noarch.rpm
eap7-activemq-artemis-dto-2.9.0-4.redhat_00010.1.el7eap.noarch.rpm
eap7-activemq-artemis-hornetq-protocol-2.9.0-4.redhat_00010.1.el7eap.noarch.rpm
eap7-activemq-artemis-hqclient-protocol-2.9.0-4.redhat_00010.1.el7eap.noarch.rpm
eap7-activemq-artemis-jdbc-store-2.9.0-4.redhat_00010.1.el7eap.noarch.rpm
eap7-activemq-artemis-jms-client-2.9.0-4.redhat_00010.1.el7eap.noarch.rpm
eap7-activemq-artemis-jms-server-2.9.0-4.redhat_00010.1.el7eap.noarch.rpm
eap7-activemq-artemis-journal-2.9.0-4.redhat_00010.1.el7eap.noarch.rpm
eap7-activemq-artemis-ra-2.9.0-4.redhat_00010.1.el7eap.noarch.rpm
eap7-activemq-artemis-selector-2.9.0-4.redhat_00010.1.el7eap.noarch.rpm
eap7-activemq-artemis-server-2.9.0-4.redhat_00010.1.el7eap.noarch.rpm
eap7-activemq-artemis-service-extensions-2.9.0-4.redhat_00010.1.el7eap.noarch.rpm
eap7-activemq-artemis-tools-2.9.0-4.redhat_00010.1.el7eap.noarch.rpm
eap7-apache-cxf-3.3.5-1.redhat_00001.1.el7eap.noarch.rpm
eap7-apache-cxf-rt-3.3.5-1.redhat_00001.1.el7eap.noarch.rpm
eap7-apache-cxf-services-3.3.5-1.redhat_00001.1.el7eap.noarch.rpm
eap7-apache-cxf-tools-3.3.5-1.redhat_00001.1.el7eap.noarch.rpm
eap7-bouncycastle-1.60.0-2.redhat_00002.1.el7eap.noarch.rpm
eap7-bouncycastle-mail-1.60.0-2.redhat_00002.1.el7eap.noarch.rpm
eap7-bouncycastle-pkix-1.60.0-2.redhat_00002.1.el7eap.noarch.rpm
eap7-bouncycastle-prov-1.60.0-2.redhat_00002.1.el7eap.noarch.rpm
eap7-codehaus-jackson-1.9.13-10.redhat_00007.1.el7eap.noarch.rpm
eap7-codehaus-jackson-core-asl-1.9.13-10.redhat_00007.1.el7eap.noarch.rpm
eap7-codehaus-jackson-jaxrs-1.9.13-10.redhat_00007.1.el7eap.noarch.rpm
eap7-codehaus-jackson-mapper-asl-1.9.13-10.redhat_00007.1.el7eap.noarch.rpm
eap7-codehaus-jackson-xc-1.9.13-10.redhat_00007.1.el7eap.noarch.rpm
eap7-codemodel-2.3.3-4.b02_redhat_00001.1.el7eap.noarch.rpm
eap7-cryptacular-1.2.4-1.redhat_00001.1.el7eap.noarch.rpm
eap7-glassfish-jaxb-2.3.3-4.b02_redhat_00001.1.el7eap.noarch.rpm
eap7-glassfish-jsf-2.3.9-10.SP09_redhat_00001.1.el7eap.noarch.rpm
eap7-hal-console-3.2.8-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-hibernate-5.3.16-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-hibernate-core-5.3.16-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-hibernate-entitymanager-5.3.16-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-hibernate-envers-5.3.16-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-hibernate-java8-5.3.16-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-infinispan-9.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-infinispan-cachestore-jdbc-9.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-infinispan-cachestore-remote-9.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-infinispan-client-hotrod-9.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-infinispan-commons-9.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-infinispan-core-9.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-infinispan-hibernate-cache-commons-9.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-infinispan-hibernate-cache-spi-9.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-infinispan-hibernate-cache-v53-9.4.18-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-ironjacamar-1.4.20-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-ironjacamar-common-api-1.4.20-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-ironjacamar-common-impl-1.4.20-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-ironjacamar-common-spi-1.4.20-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-ironjacamar-core-api-1.4.20-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-ironjacamar-core-impl-1.4.20-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-ironjacamar-deployers-common-1.4.20-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-ironjacamar-jdbc-1.4.20-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-ironjacamar-validator-1.4.20-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-istack-commons-runtime-3.0.10-1.redhat_00001.1.el7eap.noarch.rpm
eap7-istack-commons-tools-3.0.10-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-annotations-2.10.3-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-core-2.10.3-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-databind-2.10.3-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-datatype-jdk8-2.10.3-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-datatype-jsr310-2.10.3-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-jaxrs-base-2.10.3-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-jaxrs-json-provider-2.10.3-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-module-jaxb-annotations-2.10.3-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-modules-base-2.10.3-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jackson-modules-java8-2.10.3-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jaegertracing-jaeger-client-java-0.34.3-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jaegertracing-jaeger-client-java-core-0.34.3-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jaegertracing-jaeger-client-java-thrift-0.34.3-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jakarta-el-3.0.3-1.redhat_00002.1.el7eap.noarch.rpm
eap7-jandex-2.1.2-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-jasypt-1.9.3-1.redhat_00001.1.el7eap.noarch.rpm
eap7-jaxb-jxc-2.3.3-4.b02_redhat_00001.1.el7eap.noarch.rpm
eap7-jaxb-runtime-2.3.3-4.b02_redhat_00001.1.el7eap.noarch.rpm
eap7-jaxb-xjc-2.3.3-4.b02_redhat_00001.1.el7eap.noarch.rpm
eap7-jboss-ejb-client-4.0.31-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-jboss-genericjms-2.0.4-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-jboss-jsf-api_2.3_spec-3.0.0-3.SP02_redhat_00001.1.el7eap.noarch.rpm
eap7-jboss-modules-1.10.0-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-jboss-remoting-5.0.18-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-jboss-remoting-jmx-3.0.4-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-jboss-server-migration-1.7.1-5.Final_redhat_00006.1.el7eap.noarch.rpm
eap7-jboss-server-migration-cli-1.7.1-5.Final_redhat_00006.1.el7eap.noarch.rpm
eap7-jboss-server-migration-core-1.7.1-5.Final_redhat_00006.1.el7eap.noarch.rpm
eap7-jboss-server-migration-eap6.4-1.7.1-5.Final_redhat_00006.1.el7eap.noarch.rpm
eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.1-5.Final_redhat_00006.1.el7eap.noarch.rpm
eap7-jboss-server-migration-eap7.0-1.7.1-5.Final_redhat_00006.1.el7eap.noarch.rpm
eap7-jboss-server-migration-eap7.1-1.7.1-5.Final_redhat_00006.1.el7eap.noarch.rpm
eap7-jboss-server-migration-eap7.2-1.7.1-5.Final_redhat_00006.1.el7eap.noarch.rpm
eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.1-5.Final_redhat_00006.1.el7eap.noarch.rpm
eap7-jboss-server-migration-eap7.3-server-1.7.1-5.Final_redhat_00006.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly10.0-1.7.1-5.Final_redhat_00006.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly10.1-1.7.1-5.Final_redhat_00006.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly11.0-1.7.1-5.Final_redhat_00006.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly12.0-1.7.1-5.Final_redhat_00006.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly13.0-server-1.7.1-5.Final_redhat_00006.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly14.0-server-1.7.1-5.Final_redhat_00006.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly15.0-server-1.7.1-5.Final_redhat_00006.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly16.0-server-1.7.1-5.Final_redhat_00006.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly17.0-server-1.7.1-5.Final_redhat_00006.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly18.0-server-1.7.1-5.Final_redhat_00006.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly8.2-1.7.1-5.Final_redhat_00006.1.el7eap.noarch.rpm
eap7-jboss-server-migration-wildfly9.0-1.7.1-5.Final_redhat_00006.1.el7eap.noarch.rpm
eap7-jboss-vfs-3.2.15-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-jboss-weld-3.1-api-3.1.0-6.SP2_redhat_00001.1.el7eap.noarch.rpm
eap7-jboss-weld-3.1-api-weld-api-3.1.0-6.SP2_redhat_00001.1.el7eap.noarch.rpm
eap7-jboss-weld-3.1-api-weld-spi-3.1.0-6.SP2_redhat_00001.1.el7eap.noarch.rpm
eap7-microprofile-config-1.4.0-1.redhat_00003.1.el7eap.noarch.rpm
eap7-microprofile-config-api-1.4.0-1.redhat_00003.1.el7eap.noarch.rpm
eap7-microprofile-health-2.2.0-1.redhat_00001.1.el7eap.noarch.rpm
eap7-microprofile-metrics-2.3.0-1.redhat_00001.1.el7eap.noarch.rpm
eap7-microprofile-metrics-api-2.3.0-1.redhat_00001.1.el7eap.noarch.rpm
eap7-microprofile-opentracing-1.3.3-1.redhat_00001.1.el7eap.noarch.rpm
eap7-microprofile-opentracing-api-1.3.3-1.redhat_00001.1.el7eap.noarch.rpm
eap7-microprofile-rest-client-1.4.0-1.redhat_00004.1.el7eap.noarch.rpm
eap7-microprofile-rest-client-api-1.4.0-1.redhat_00004.1.el7eap.noarch.rpm
eap7-opensaml-3.3.1-1.redhat_00002.1.el7eap.noarch.rpm
eap7-opensaml-core-3.3.1-1.redhat_00002.1.el7eap.noarch.rpm
eap7-opensaml-profile-api-3.3.1-1.redhat_00002.1.el7eap.noarch.rpm
eap7-opensaml-saml-api-3.3.1-1.redhat_00002.1.el7eap.noarch.rpm
eap7-opensaml-saml-impl-3.3.1-1.redhat_00002.1.el7eap.noarch.rpm
eap7-opensaml-security-api-3.3.1-1.redhat_00002.1.el7eap.noarch.rpm
eap7-opensaml-security-impl-3.3.1-1.redhat_00002.1.el7eap.noarch.rpm
eap7-opensaml-soap-api-3.3.1-1.redhat_00002.1.el7eap.noarch.rpm
eap7-opensaml-xacml-api-3.3.1-1.redhat_00002.1.el7eap.noarch.rpm
eap7-opensaml-xacml-impl-3.3.1-1.redhat_00002.1.el7eap.noarch.rpm
eap7-opensaml-xacml-saml-api-3.3.1-1.redhat_00002.1.el7eap.noarch.rpm
eap7-opensaml-xacml-saml-impl-3.3.1-1.redhat_00002.1.el7eap.noarch.rpm
eap7-opensaml-xmlsec-api-3.3.1-1.redhat_00002.1.el7eap.noarch.rpm
eap7-opensaml-xmlsec-impl-3.3.1-1.redhat_00002.1.el7eap.noarch.rpm
eap7-picketbox-5.0.3-7.Final_redhat_00006.1.el7eap.noarch.rpm
eap7-picketbox-infinispan-5.0.3-7.Final_redhat_00006.1.el7eap.noarch.rpm
eap7-picketlink-bindings-2.5.5-23.SP12_redhat_00012.1.el7eap.noarch.rpm
eap7-picketlink-wildfly8-2.5.5-23.SP12_redhat_00012.1.el7eap.noarch.rpm
eap7-relaxng-datatype-2.3.3-4.b02_redhat_00001.1.el7eap.noarch.rpm
eap7-resteasy-3.11.2-3.Final_redhat_00002.1.el7eap.noarch.rpm
eap7-resteasy-atom-provider-3.11.2-3.Final_redhat_00002.1.el7eap.noarch.rpm
eap7-resteasy-cdi-3.11.2-3.Final_redhat_00002.1.el7eap.noarch.rpm
eap7-resteasy-client-3.11.2-3.Final_redhat_00002.1.el7eap.noarch.rpm
eap7-resteasy-client-microprofile-3.11.2-3.Final_redhat_00002.1.el7eap.noarch.rpm
eap7-resteasy-crypto-3.11.2-3.Final_redhat_00002.1.el7eap.noarch.rpm
eap7-resteasy-jackson-provider-3.11.2-3.Final_redhat_00002.1.el7eap.noarch.rpm
eap7-resteasy-jackson2-provider-3.11.2-3.Final_redhat_00002.1.el7eap.noarch.rpm
eap7-resteasy-jaxb-provider-3.11.2-3.Final_redhat_00002.1.el7eap.noarch.rpm
eap7-resteasy-jaxrs-3.11.2-3.Final_redhat_00002.1.el7eap.noarch.rpm
eap7-resteasy-jettison-provider-3.11.2-3.Final_redhat_00002.1.el7eap.noarch.rpm
eap7-resteasy-jose-jwt-3.11.2-3.Final_redhat_00002.1.el7eap.noarch.rpm
eap7-resteasy-jsapi-3.11.2-3.Final_redhat_00002.1.el7eap.noarch.rpm
eap7-resteasy-json-binding-provider-3.11.2-3.Final_redhat_00002.1.el7eap.noarch.rpm
eap7-resteasy-json-p-provider-3.11.2-3.Final_redhat_00002.1.el7eap.noarch.rpm
eap7-resteasy-multipart-provider-3.11.2-3.Final_redhat_00002.1.el7eap.noarch.rpm
eap7-resteasy-rxjava2-3.11.2-3.Final_redhat_00002.1.el7eap.noarch.rpm
eap7-resteasy-spring-3.11.2-3.Final_redhat_00002.1.el7eap.noarch.rpm
eap7-resteasy-validator-provider-11-3.11.2-3.Final_redhat_00002.1.el7eap.noarch.rpm
eap7-resteasy-yaml-provider-3.11.2-3.Final_redhat_00002.1.el7eap.noarch.rpm
eap7-rngom-2.3.3-4.b02_redhat_00001.1.el7eap.noarch.rpm
eap7-slf4j-jboss-logmanager-1.0.4-1.GA_redhat_00001.1.el7eap.noarch.rpm
eap7-smallrye-config-1.6.2-3.redhat_00004.1.el7eap.noarch.rpm
eap7-smallrye-health-2.2.0-1.redhat_00004.1.el7eap.noarch.rpm
eap7-smallrye-metrics-2.4.0-1.redhat_00004.1.el7eap.noarch.rpm
eap7-smallrye-opentracing-1.3.4-1.redhat_00004.1.el7eap.noarch.rpm
eap7-snakeyaml-1.24.0-2.redhat_00001.1.el7eap.noarch.rpm
eap7-stax2-api-4.2.0-1.redhat_00001.1.el7eap.noarch.rpm
eap7-sun-istack-commons-3.0.10-1.redhat_00001.1.el7eap.noarch.rpm
eap7-txw2-2.3.3-4.b02_redhat_00001.1.el7eap.noarch.rpm
eap7-undertow-2.0.30-3.SP3_redhat_00001.1.el7eap.noarch.rpm
eap7-undertow-server-1.6.1-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-weld-core-3.1.4-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-weld-core-impl-3.1.4-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-weld-core-jsf-3.1.4-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-weld-ejb-3.1.4-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-weld-jta-3.1.4-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-weld-probe-core-3.1.4-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-weld-web-3.1.4-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-wildfly-7.3.1-5.GA_redhat_00003.1.el7eap.noarch.rpm
eap7-wildfly-elytron-1.10.6-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-wildfly-elytron-tool-1.10.6-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-wildfly-http-client-common-1.0.20-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-wildfly-http-ejb-client-1.0.20-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-wildfly-http-naming-client-1.0.20-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-wildfly-http-transaction-client-1.0.20-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-wildfly-java-jdk11-7.3.1-5.GA_redhat_00003.1.el7eap.noarch.rpm
eap7-wildfly-java-jdk8-7.3.1-5.GA_redhat_00003.1.el7eap.noarch.rpm
eap7-wildfly-javadocs-7.3.1-5.GA_redhat_00003.1.el7eap.noarch.rpm
eap7-wildfly-modules-7.3.1-5.GA_redhat_00003.1.el7eap.noarch.rpm
eap7-wildfly-naming-client-1.0.12-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-wildfly-transaction-client-1.1.11-1.Final_redhat_00001.1.el7eap.noarch.rpm
eap7-woodstox-core-6.0.3-1.redhat_00001.1.el7eap.noarch.rpm
eap7-wss4j-2.2.5-1.redhat_00001.1.el7eap.noarch.rpm
eap7-wss4j-bindings-2.2.5-1.redhat_00001.1.el7eap.noarch.rpm
eap7-wss4j-policy-2.2.5-1.redhat_00001.1.el7eap.noarch.rpm
eap7-wss4j-ws-security-common-2.2.5-1.redhat_00001.1.el7eap.noarch.rpm
eap7-wss4j-ws-security-dom-2.2.5-1.redhat_00001.1.el7eap.noarch.rpm
eap7-wss4j-ws-security-policy-stax-2.2.5-1.redhat_00001.1.el7eap.noarch.rpm
eap7-wss4j-ws-security-stax-2.2.5-1.redhat_00001.1.el7eap.noarch.rpm
eap7-xsom-2.3.3-4.b02_redhat_00001.1.el7eap.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

8. References:

https://access.redhat.com/security/cve/CVE-2018-14371
https://access.redhat.com/security/cve/CVE-2019-0205
https://access.redhat.com/security/cve/CVE-2019-0210
https://access.redhat.com/security/cve/CVE-2019-10172
https://access.redhat.com/security/cve/CVE-2019-12423
https://access.redhat.com/security/cve/CVE-2019-14887
https://access.redhat.com/security/cve/CVE-2019-17573
https://access.redhat.com/security/cve/CVE-2020-1695
https://access.redhat.com/security/cve/CVE-2020-1729
https://access.redhat.com/security/cve/CVE-2020-1745
https://access.redhat.com/security/cve/CVE-2020-1757
https://access.redhat.com/security/cve/CVE-2020-6950
https://access.redhat.com/security/cve/CVE-2020-7226
https://access.redhat.com/security/cve/CVE-2020-8840
https://access.redhat.com/security/cve/CVE-2020-9546
https://access.redhat.com/security/cve/CVE-2020-9547
https://access.redhat.com/security/cve/CVE-2020-9548
https://access.redhat.com/security/cve/CVE-2020-10688
https://access.redhat.com/security/cve/CVE-2020-10719
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/

9. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXuHcw9zjgjWX9erEAQh0/w//WCP+lyWNO4PYWG/1MPkiCmf9kc3lABZ/
zn5l0eEXpeV248b6iJ+xq4vgT3+7akvE4u0XOd0yV+dxoLXHGeNoNa5RDeRGFtEJ
MbFhSdoOMYJDB14vBcZ6Zwc3lGQX8CrBjACI8mrGOpJIniP4H5dBB+Kb8QhXue82
FhdEppkBiTzMe0t1yWP6pIRgmtLcBGrPG8a5v1R/c8n/1ADIJiXaS8xQGI1x+z17
dJIwoQoF1QacJkDq5AqFHdN8cUqsiqsKNKDbm3B5JR6JEwlMSVGtlrMlxsXX2N9F
QMB5LuOOUUfSsm2V1C1PCQ3bBPaXFNJk6upZjeRDQtyP0CxQHASrCgT+kkZAof6F
SvflzocaHI/umyATKJkJua3WffJm1YXTGMQSGGgkvUdTxKz6RqAWGN5hOU+oced+
sCYp6gieKvwR4a+ubDfXLoyQ01g1/+f+g5EabKJkVKvsEEFxHPzL4w7cWA6ESG88
DnJ+fgf1tycBJD7Lw7IsmN1ckGWHtY+NzOV6btr+4UC4+qeC9D7b9n7UxSK2gGCE
zAMEW88O3RYVB6QofV3Ysx/SHbQrdSfuVVGhzgSDHmYTLRjr31xXaQvFP4QAJS9a
bD/W2ZVeN3/nSPduC18i1ZYzDmeP3+A+KS2S4/VWjMs5NSMNlF03RX2KDvegbi9J
ULGZnlcYAXQ=
=cfE3
- -----END PGP SIGNATURE-----


- --------------------------------------------------------------------------------


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update
Advisory ID:       RHSA-2020:2513-01
Product:           Red Hat JBoss Enterprise Application Platform
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:2513
Issue date:        2020-06-10
CVE Names:         CVE-2018-14371 CVE-2019-0205 CVE-2019-0210 
                   CVE-2019-10172 CVE-2019-12423 CVE-2019-14887 
                   CVE-2019-17573 CVE-2020-1695 CVE-2020-1729 
                   CVE-2020-1745 CVE-2020-1757 CVE-2020-6950 
                   CVE-2020-7226 CVE-2020-8840 CVE-2020-9546 
                   CVE-2020-9547 CVE-2020-9548 CVE-2020-10688 
                   CVE-2020-10719 
=====================================================================

1. Summary:

An update is now available for Red Hat JBoss Enterprise Application
Platform 7.3 for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat JBoss EAP 7.3 for BaseOS-8 - noarch

3. Description:

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java
applications based on the WildFly application runtime.

This release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves
as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.0,
and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise
Application Platform 7.3.1 Release Notes for information about the most
significant bug fixes and enhancements included in this release.

Security Fix(es):

* cxf: reflected XSS in the services listing page (CVE-2019-17573)

* cxf-core: cxf: OpenId Connect token service does not properly validate
the clientId (CVE-2019-12423)

* jackson-mapper-asl: XML external entity similar to CVE-2016-3720
(CVE-2019-10172)

* undertow: servletPath in normalized incorrectly leading to dangerous
application mapping which could result in security bypass (CVE-2020-1757)

* jackson-databind: XML external entity similar to CVE-2016-3720
(CVE-2019-10172)

* jackson-mapper-asl: XML external entity similar to CVE-2016-3720
(CVE-2019-10172)

* resteasy-jaxrs: resteasy: Improper validation of response header in
MediaTypeHeaderDelegate.java class (CVE-2020-1695)

* cryptacular: excessive memory allocation during a decode operation
(CVE-2020-7226)

* smallrye-config: SmallRye: SecuritySupport class is incorrectly public
and contains a static method to access the current threads context class
loader (CVE-2020-1729)

* resteasy: RESTEASY003870 exception in RESTEasy can lead to a reflected
XSS attack (CVE-2020-10688)

* jackson-databind: Lacks certain xbean-reflect/JNDI blocking
(CVE-2020-8840)

* undertow: invalid HTTP request with large chunk size (CVE-2020-10719)

* jackson-databind: Serialization gadgets in shaded-hikari-config
(CVE-2020-9546)

* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)

* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)

* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)

* libthrift: thrift: Endless loop when feed with specific input data
(CVE-2019-0205)

* libthrift: thrift: Out-of-bounds read related to TJSONProtocol or
TSimpleJSONProtocol (CVE-2019-0210)

* wildfly: The 'enabled-protocols' value in legacy security is not
respected if OpenSSL security provider is in use (CVE-2019-14887)

* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con
parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)

* jsf-impl: mojarra: Path traversal in
ResourceManager.java:getLocalePrefix() via the loc parameter
(CVE-2018-14371)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, see the CVE page(s) listed in the
References section.

4. Solution:

Before applying this update, ensure all previously released errata relevant
to your system have been applied.

For details about how to apply this update, see:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1607709 - CVE-2018-14371 mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter
1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720
1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class
1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass
1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol
1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data
1772008 - CVE-2019-14887 wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use
1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId
1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page
1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation
1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader
1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371
1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability
1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack
1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking
1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config
1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap
1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core
1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size

6. JIRA issues fixed (https://issues.jboss.org/):

JBEAP-16114 - (7.3.z) Upgrade jboss-vfs to 3.2.15.Final
JBEAP-18060 - [GSS](7.3.z) Upgrade weld from 3.1.2.Final-redhat-00001 to 3.1.4.Final-redhat-00001
JBEAP-18163 - (7.3.z) Upgrade HAL from 3.2.3.Final-redhat-00001 to 3.2.8.Final-redhat-00001
JBEAP-18221 - (7.3.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00010 to 2.5.5.SP12-redhat-00012
JBEAP-18240 - (7.3.z) Update the Chinese translations in WildFly Core
JBEAP-18241 - (7.3.z) Update the Japanese translations in WildFly Core
JBEAP-18273 - (7.3.z) Upgrade IronJacamar from 1.4.19.Final to 1.4.20.Final
JBEAP-18277 - [GSS](7.3.z) Upgrade JBoss JSF API from 3.0.0.SP01-redhat-00001 to 3.0.0.SP02-redhat-00001
JBEAP-18288 - [GSS](7.3.z) Upgrade FasterXML from 2.10.0 to 2.10.3
JBEAP-18294 - (7.3.z) Upgrade JAXB from 2.3.1 to 2.3.3-b02 and com.sun.istack from 3.0.7 to 3.0.10
JBEAP-18302 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.18 to 1.0.20
JBEAP-18315 - [GSS](7.3.z) Upgrade Artemis from 2.9.0.redhat-00005 to 2.9.0.redhat-00010
JBEAP-18346 - [GSS](7.3.z) Upgrade jakarta.el from 3.0.2.redhat-00001 to 3.0.3.redhat-00002
JBEAP-18352 - [GSS](7.3.z) Upgrade JBoss Remoting from 5.0.16.Final-redhat-00001 to 5.0.18.Final-redhat-00001
JBEAP-18361 - [GSS](7.3.z) Upgrade Woodstox from 5.0.3 to 6.0.3
JBEAP-18367 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.15 to 5.3.16
JBEAP-18393 - [GSS](7.3.z) Update $JBOSS_HOME/docs/schema to show https schema URL instead of http
JBEAP-18399 - Tracker bug for the EAP 7.3.1 release for RHEL-8
JBEAP-18409 - [GSS](7.3.z) Upgrade Infinispan from 9.4.16.Final-redhat-00002 to 9.4.18.Final-redhat-00001
JBEAP-18527 - (7.3.z) Upgrade WildFly Naming Client from 1.0.10.Final to 1.0.12.Final
JBEAP-18528 - (7.3.z) Upgrade jboss-ejb-client from 4.0.27.Final to 4.0.31.Final-redhat-00001
JBEAP-18596 - [GSS](7.3.z) Upgrade JBoss Modules from 1.9.1 to 1.10.0
JBEAP-18598 - [GSS](7.3.z) Upgrade Bouncycastle from 1.60.0-redhat-00001 to 1.60.0-redhat-00002
JBEAP-18640 - [Runtimes] (7.3.x) Upgrade slf4j-jboss-logmanager from 1.0.3.GA.redhat-2 to 1.0.4.GA.redhat-00001
JBEAP-18653 - (7.3.z) Upgrade Apache CXF from 3.3.4.redhat-00001 to 3.3.5.redhat-00001
JBEAP-18706 - (7.3.z) Upgrade elytron-web from 1.6.0.Final to 1.6.1.Final
JBEAP-18770 - Upgrade Jandex to 2.1.2.Final-redhat-00001
JBEAP-18775 - (7.3.z) Upgrade WildFly Core to 10.1.4.Final-redhat-00001
JBEAP-18788 - (7.3.x) Upgrade wss4j from 2.2.4.redhat-00001 to 2.2.5.redhat-00001
JBEAP-18790 - (7.3.z) Upgrade cryptacular from 1.2.0.redhat-1 to 1.2.4.redhat-00001
JBEAP-18818 - (7.3.z) Upgrade PicketBox from 5.0.3.Final-redhat-00005 to 5.0.3.Final-redhat-00006
JBEAP-18836 - [GSS](7.3.z) Upgrade Remoting JMX from 3.0.3 to 3.0.4
JBEAP-18850 - (7.3.z) Upgrade smallrye-config from 1.4.1 to 1.6.2
JBEAP-18870 - Upgrade WildFly Common to 1.5.2.Final.redhat-00002
JBEAP-18875 - Upgrade MicroProfile Metrics API to 2.3 and smallrye-metrics to 2.4.0
JBEAP-18876 - Upgrade Smallrye Health to 2.2.0 and MP Health API to 2.2
JBEAP-18877 - (7.3.z) Upgrade Jaeger client to 0.34.3
JBEAP-18878 - Upgrade Smallrye Opentracing to 1.3.4 and MP Opentracing to 1.3.3
JBEAP-18879 - (7.3.z) Upgrade MicroProfile Config 1.4
JBEAP-18929 - (7.3.z) Upgrade WildFly Elytron from 1.10.5.Final-redhat-00001 to 1.10.6.Final
JBEAP-18990 - (7.3.z) Upgrade jasypt from 1.9.2 to 1.9.3-redhat-00001
JBEAP-18991 - (7.3.z) Upgrade opensaml from 3.3.0.redhat-1 to 3.3.1-redhat-00002
JBEAP-19035 - In Building Custom Layers, update pom.xml content for 7.3.1
JBEAP-19054 - Upgrade MP REST Client to 1.4.0.redhat-00004
JBEAP-19066 - Upgrade snakeyaml from 1.18.0.redhat-2 to 1.24.0.redhat-00001
JBEAP-19117 - [GSS](7.3.z) Upgrade org.jboss.genericjms from 2.0.2.Final-redhat-00001 to 2.0.4.Final-redhat-00001
JBEAP-19133 - [GSS](7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP08-redhat-00001 to 2.3.9.SP09-redhat-00001
JBEAP-19156 - (7.3.z) Upgrade RESTEasy from 3.11.1.Final.redhat-00001 to 3.11.2.Final.redhat-00001
JBEAP-19181 - (7.3.z) Upgrade WildFly Core to 10.1.5.Final-redhat-00001
JBEAP-19192 - (7.3.z) Update the Japanese translations
JBEAP-19232 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.7.Final-redhat-00001
JBEAP-19281 - (7.3.z) Upgrade undertow from 2.0.30.SP2-redhat-00001 to 2.0.30.SP3-redhat-00001
JBEAP-19456 - Upgrade wildfly-transaction-client to 1.1.11.Final

7. Package List:

Red Hat JBoss EAP 7.3 for BaseOS-8:

Source:
eap7-activemq-artemis-2.9.0-4.redhat_00010.1.el8eap.src.rpm
eap7-apache-cxf-3.3.5-1.redhat_00001.1.el8eap.src.rpm
eap7-bouncycastle-1.60.0-2.redhat_00002.1.el8eap.src.rpm
eap7-codehaus-jackson-1.9.13-10.redhat_00007.1.el8eap.src.rpm
eap7-cryptacular-1.2.4-1.redhat_00001.1.el8eap.src.rpm
eap7-elytron-web-1.6.1-1.Final_redhat_00001.1.el8eap.src.rpm
eap7-glassfish-jaxb-2.3.3-4.b02_redhat_00001.1.el8eap.src.rpm
eap7-glassfish-jsf-2.3.9-10.SP09_redhat_00001.1.el8eap.src.rpm
eap7-hal-console-3.2.8-1.Final_redhat_00001.1.el8eap.src.rpm
eap7-hibernate-5.3.16-1.Final_redhat_00001.1.el8eap.src.rpm
eap7-infinispan-9.4.18-1.Final_redhat_00001.1.el8eap.src.rpm
eap7-ironjacamar-1.4.20-1.Final_redhat_00001.1.el8eap.src.rpm
eap7-jackson-annotations-2.10.3-1.redhat_00001.1.el8eap.src.rpm
eap7-jackson-core-2.10.3-1.redhat_00001.1.el8eap.src.rpm
eap7-jackson-databind-2.10.3-1.redhat_00001.1.el8eap.src.rpm
eap7-jackson-jaxrs-providers-2.10.3-1.redhat_00001.1.el8eap.src.rpm
eap7-jackson-modules-base-2.10.3-1.redhat_00001.1.el8eap.src.rpm
eap7-jackson-modules-java8-2.10.3-1.redhat_00001.1.el8eap.src.rpm
eap7-jaegertracing-jaeger-client-java-0.34.3-1.redhat_00001.1.el8eap.src.rpm
eap7-jakarta-el-3.0.3-1.redhat_00002.1.el8eap.src.rpm
eap7-jandex-2.1.2-1.Final_redhat_00001.1.el8eap.src.rpm
eap7-jasypt-1.9.3-1.redhat_00001.1.el8eap.src.rpm
eap7-jboss-ejb-client-4.0.31-1.Final_redhat_00001.1.el8eap.src.rpm
eap7-jboss-genericjms-2.0.4-1.Final_redhat_00001.1.el8eap.src.rpm
eap7-jboss-jsf-api_2.3_spec-3.0.0-3.SP02_redhat_00001.1.el8eap.src.rpm
eap7-jboss-modules-1.10.0-1.Final_redhat_00001.1.el8eap.src.rpm
eap7-jboss-remoting-5.0.18-1.Final_redhat_00001.1.el8eap.src.rpm
eap7-jboss-remoting-jmx-3.0.4-1.Final_redhat_00001.1.el8eap.src.rpm
eap7-jboss-server-migration-1.7.1-5.Final_redhat_00006.1.el8eap.src.rpm
eap7-jboss-vfs-3.2.15-1.Final_redhat_00001.1.el8eap.src.rpm
eap7-jboss-weld-3.1-api-3.1.0-6.SP2_redhat_00001.1.el8eap.src.rpm
eap7-microprofile-config-1.4.0-1.redhat_00003.1.el8eap.src.rpm
eap7-microprofile-health-2.2.0-1.redhat_00001.1.el8eap.src.rpm
eap7-microprofile-metrics-2.3.0-1.redhat_00001.1.el8eap.src.rpm
eap7-microprofile-opentracing-1.3.3-1.redhat_00001.1.el8eap.src.rpm
eap7-microprofile-rest-client-1.4.0-1.redhat_00004.1.el8eap.src.rpm
eap7-opensaml-3.3.1-1.redhat_00002.1.el8eap.src.rpm
eap7-picketbox-5.0.3-7.Final_redhat_00006.1.el8eap.src.rpm
eap7-picketlink-bindings-2.5.5-23.SP12_redhat_00012.1.el8eap.src.rpm
eap7-resteasy-3.11.2-3.Final_redhat_00002.1.el8eap.src.rpm
eap7-slf4j-jboss-logmanager-1.0.4-1.GA_redhat_00001.1.el8eap.src.rpm
eap7-smallrye-config-1.6.2-3.redhat_00004.1.el8eap.src.rpm
eap7-smallrye-health-2.2.0-1.redhat_00004.1.el8eap.src.rpm
eap7-smallrye-metrics-2.4.0-1.redhat_00004.1.el8eap.src.rpm
eap7-smallrye-opentracing-1.3.4-1.redhat_00004.1.el8eap.src.rpm
eap7-snakeyaml-1.24.0-2.redhat_00001.1.el8eap.src.rpm
eap7-stax2-api-4.2.0-1.redhat_00001.1.el8eap.src.rpm
eap7-sun-istack-commons-3.0.10-1.redhat_00001.1.el8eap.src.rpm
eap7-undertow-2.0.30-3.SP3_redhat_00001.1.el8eap.src.rpm
eap7-weld-core-3.1.4-1.Final_redhat_00001.1.el8eap.src.rpm
eap7-wildfly-7.3.1-5.GA_redhat_00003.1.el8eap.src.rpm
eap7-wildfly-elytron-1.10.6-1.Final_redhat_00001.1.el8eap.src.rpm
eap7-wildfly-http-client-1.0.20-1.Final_redhat_00001.1.el8eap.src.rpm
eap7-wildfly-naming-client-1.0.12-1.Final_redhat_00001.1.el8eap.src.rpm
eap7-wildfly-transaction-client-1.1.11-1.Final_redhat_00001.1.el8eap.src.rpm
eap7-woodstox-core-6.0.3-1.redhat_00001.1.el8eap.src.rpm
eap7-wss4j-2.2.5-1.redhat_00001.1.el8eap.src.rpm

noarch:
eap7-activemq-artemis-2.9.0-4.redhat_00010.1.el8eap.noarch.rpm
eap7-activemq-artemis-cli-2.9.0-4.redhat_00010.1.el8eap.noarch.rpm
eap7-activemq-artemis-commons-2.9.0-4.redhat_00010.1.el8eap.noarch.rpm
eap7-activemq-artemis-core-client-2.9.0-4.redhat_00010.1.el8eap.noarch.rpm
eap7-activemq-artemis-dto-2.9.0-4.redhat_00010.1.el8eap.noarch.rpm
eap7-activemq-artemis-hornetq-protocol-2.9.0-4.redhat_00010.1.el8eap.noarch.rpm
eap7-activemq-artemis-hqclient-protocol-2.9.0-4.redhat_00010.1.el8eap.noarch.rpm
eap7-activemq-artemis-jdbc-store-2.9.0-4.redhat_00010.1.el8eap.noarch.rpm
eap7-activemq-artemis-jms-client-2.9.0-4.redhat_00010.1.el8eap.noarch.rpm
eap7-activemq-artemis-jms-server-2.9.0-4.redhat_00010.1.el8eap.noarch.rpm
eap7-activemq-artemis-journal-2.9.0-4.redhat_00010.1.el8eap.noarch.rpm
eap7-activemq-artemis-ra-2.9.0-4.redhat_00010.1.el8eap.noarch.rpm
eap7-activemq-artemis-selector-2.9.0-4.redhat_00010.1.el8eap.noarch.rpm
eap7-activemq-artemis-server-2.9.0-4.redhat_00010.1.el8eap.noarch.rpm
eap7-activemq-artemis-service-extensions-2.9.0-4.redhat_00010.1.el8eap.noarch.rpm
eap7-activemq-artemis-tools-2.9.0-4.redhat_00010.1.el8eap.noarch.rpm
eap7-apache-cxf-3.3.5-1.redhat_00001.1.el8eap.noarch.rpm
eap7-apache-cxf-rt-3.3.5-1.redhat_00001.1.el8eap.noarch.rpm
eap7-apache-cxf-services-3.3.5-1.redhat_00001.1.el8eap.noarch.rpm
eap7-apache-cxf-tools-3.3.5-1.redhat_00001.1.el8eap.noarch.rpm
eap7-bouncycastle-1.60.0-2.redhat_00002.1.el8eap.noarch.rpm
eap7-bouncycastle-mail-1.60.0-2.redhat_00002.1.el8eap.noarch.rpm
eap7-bouncycastle-pkix-1.60.0-2.redhat_00002.1.el8eap.noarch.rpm
eap7-bouncycastle-prov-1.60.0-2.redhat_00002.1.el8eap.noarch.rpm
eap7-codehaus-jackson-1.9.13-10.redhat_00007.1.el8eap.noarch.rpm
eap7-codehaus-jackson-core-asl-1.9.13-10.redhat_00007.1.el8eap.noarch.rpm
eap7-codehaus-jackson-jaxrs-1.9.13-10.redhat_00007.1.el8eap.noarch.rpm
eap7-codehaus-jackson-mapper-asl-1.9.13-10.redhat_00007.1.el8eap.noarch.rpm
eap7-codehaus-jackson-xc-1.9.13-10.redhat_00007.1.el8eap.noarch.rpm
eap7-codemodel-2.3.3-4.b02_redhat_00001.1.el8eap.noarch.rpm
eap7-cryptacular-1.2.4-1.redhat_00001.1.el8eap.noarch.rpm
eap7-glassfish-jaxb-2.3.3-4.b02_redhat_00001.1.el8eap.noarch.rpm
eap7-glassfish-jsf-2.3.9-10.SP09_redhat_00001.1.el8eap.noarch.rpm
eap7-hal-console-3.2.8-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-hibernate-5.3.16-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-hibernate-core-5.3.16-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-hibernate-entitymanager-5.3.16-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-hibernate-envers-5.3.16-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-hibernate-java8-5.3.16-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-infinispan-9.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-infinispan-cachestore-jdbc-9.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-infinispan-cachestore-remote-9.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-infinispan-client-hotrod-9.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-infinispan-commons-9.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-infinispan-core-9.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-infinispan-hibernate-cache-commons-9.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-infinispan-hibernate-cache-spi-9.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-infinispan-hibernate-cache-v53-9.4.18-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-ironjacamar-1.4.20-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-ironjacamar-common-api-1.4.20-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-ironjacamar-common-impl-1.4.20-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-ironjacamar-common-spi-1.4.20-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-ironjacamar-core-api-1.4.20-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-ironjacamar-core-impl-1.4.20-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-ironjacamar-deployers-common-1.4.20-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-ironjacamar-jdbc-1.4.20-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-ironjacamar-validator-1.4.20-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-istack-commons-runtime-3.0.10-1.redhat_00001.1.el8eap.noarch.rpm
eap7-istack-commons-tools-3.0.10-1.redhat_00001.1.el8eap.noarch.rpm
eap7-jackson-annotations-2.10.3-1.redhat_00001.1.el8eap.noarch.rpm
eap7-jackson-core-2.10.3-1.redhat_00001.1.el8eap.noarch.rpm
eap7-jackson-databind-2.10.3-1.redhat_00001.1.el8eap.noarch.rpm
eap7-jackson-datatype-jdk8-2.10.3-1.redhat_00001.1.el8eap.noarch.rpm
eap7-jackson-datatype-jsr310-2.10.3-1.redhat_00001.1.el8eap.noarch.rpm
eap7-jackson-jaxrs-base-2.10.3-1.redhat_00001.1.el8eap.noarch.rpm
eap7-jackson-jaxrs-json-provider-2.10.3-1.redhat_00001.1.el8eap.noarch.rpm
eap7-jackson-module-jaxb-annotations-2.10.3-1.redhat_00001.1.el8eap.noarch.rpm
eap7-jackson-modules-base-2.10.3-1.redhat_00001.1.el8eap.noarch.rpm
eap7-jackson-modules-java8-2.10.3-1.redhat_00001.1.el8eap.noarch.rpm
eap7-jaegertracing-jaeger-client-java-0.34.3-1.redhat_00001.1.el8eap.noarch.rpm
eap7-jaegertracing-jaeger-client-java-core-0.34.3-1.redhat_00001.1.el8eap.noarch.rpm
eap7-jaegertracing-jaeger-client-java-thrift-0.34.3-1.redhat_00001.1.el8eap.noarch.rpm
eap7-jakarta-el-3.0.3-1.redhat_00002.1.el8eap.noarch.rpm
eap7-jandex-2.1.2-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-jasypt-1.9.3-1.redhat_00001.1.el8eap.noarch.rpm
eap7-jaxb-jxc-2.3.3-4.b02_redhat_00001.1.el8eap.noarch.rpm
eap7-jaxb-runtime-2.3.3-4.b02_redhat_00001.1.el8eap.noarch.rpm
eap7-jaxb-xjc-2.3.3-4.b02_redhat_00001.1.el8eap.noarch.rpm
eap7-jboss-ejb-client-4.0.31-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-jboss-genericjms-2.0.4-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-jboss-jsf-api_2.3_spec-3.0.0-3.SP02_redhat_00001.1.el8eap.noarch.rpm
eap7-jboss-modules-1.10.0-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-jboss-remoting-5.0.18-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-jboss-remoting-jmx-3.0.4-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-jboss-server-migration-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm
eap7-jboss-server-migration-cli-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm
eap7-jboss-server-migration-core-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm
eap7-jboss-server-migration-eap6.4-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm
eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm
eap7-jboss-server-migration-eap7.0-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm
eap7-jboss-server-migration-eap7.1-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm
eap7-jboss-server-migration-eap7.2-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm
eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm
eap7-jboss-server-migration-eap7.3-server-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm
eap7-jboss-server-migration-wildfly10.0-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm
eap7-jboss-server-migration-wildfly10.1-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm
eap7-jboss-server-migration-wildfly11.0-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm
eap7-jboss-server-migration-wildfly12.0-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm
eap7-jboss-server-migration-wildfly13.0-server-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm
eap7-jboss-server-migration-wildfly14.0-server-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm
eap7-jboss-server-migration-wildfly15.0-server-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm
eap7-jboss-server-migration-wildfly16.0-server-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm
eap7-jboss-server-migration-wildfly17.0-server-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm
eap7-jboss-server-migration-wildfly18.0-server-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm
eap7-jboss-server-migration-wildfly8.2-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm
eap7-jboss-server-migration-wildfly9.0-1.7.1-5.Final_redhat_00006.1.el8eap.noarch.rpm
eap7-jboss-vfs-3.2.15-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-jboss-weld-3.1-api-3.1.0-6.SP2_redhat_00001.1.el8eap.noarch.rpm
eap7-jboss-weld-3.1-api-weld-api-3.1.0-6.SP2_redhat_00001.1.el8eap.noarch.rpm
eap7-jboss-weld-3.1-api-weld-spi-3.1.0-6.SP2_redhat_00001.1.el8eap.noarch.rpm
eap7-microprofile-config-1.4.0-1.redhat_00003.1.el8eap.noarch.rpm
eap7-microprofile-config-api-1.4.0-1.redhat_00003.1.el8eap.noarch.rpm
eap7-microprofile-health-2.2.0-1.redhat_00001.1.el8eap.noarch.rpm
eap7-microprofile-metrics-2.3.0-1.redhat_00001.1.el8eap.noarch.rpm
eap7-microprofile-metrics-api-2.3.0-1.redhat_00001.1.el8eap.noarch.rpm
eap7-microprofile-opentracing-1.3.3-1.redhat_00001.1.el8eap.noarch.rpm
eap7-microprofile-opentracing-api-1.3.3-1.redhat_00001.1.el8eap.noarch.rpm
eap7-microprofile-rest-client-1.4.0-1.redhat_00004.1.el8eap.noarch.rpm
eap7-microprofile-rest-client-api-1.4.0-1.redhat_00004.1.el8eap.noarch.rpm
eap7-opensaml-3.3.1-1.redhat_00002.1.el8eap.noarch.rpm
eap7-opensaml-core-3.3.1-1.redhat_00002.1.el8eap.noarch.rpm
eap7-opensaml-profile-api-3.3.1-1.redhat_00002.1.el8eap.noarch.rpm
eap7-opensaml-saml-api-3.3.1-1.redhat_00002.1.el8eap.noarch.rpm
eap7-opensaml-saml-impl-3.3.1-1.redhat_00002.1.el8eap.noarch.rpm
eap7-opensaml-security-api-3.3.1-1.redhat_00002.1.el8eap.noarch.rpm
eap7-opensaml-security-impl-3.3.1-1.redhat_00002.1.el8eap.noarch.rpm
eap7-opensaml-soap-api-3.3.1-1.redhat_00002.1.el8eap.noarch.rpm
eap7-opensaml-xacml-api-3.3.1-1.redhat_00002.1.el8eap.noarch.rpm
eap7-opensaml-xacml-impl-3.3.1-1.redhat_00002.1.el8eap.noarch.rpm
eap7-opensaml-xacml-saml-api-3.3.1-1.redhat_00002.1.el8eap.noarch.rpm
eap7-opensaml-xacml-saml-impl-3.3.1-1.redhat_00002.1.el8eap.noarch.rpm
eap7-opensaml-xmlsec-api-3.3.1-1.redhat_00002.1.el8eap.noarch.rpm
eap7-opensaml-xmlsec-impl-3.3.1-1.redhat_00002.1.el8eap.noarch.rpm
eap7-picketbox-5.0.3-7.Final_redhat_00006.1.el8eap.noarch.rpm
eap7-picketbox-infinispan-5.0.3-7.Final_redhat_00006.1.el8eap.noarch.rpm
eap7-picketlink-bindings-2.5.5-23.SP12_redhat_00012.1.el8eap.noarch.rpm
eap7-picketlink-wildfly8-2.5.5-23.SP12_redhat_00012.1.el8eap.noarch.rpm
eap7-relaxng-datatype-2.3.3-4.b02_redhat_00001.1.el8eap.noarch.rpm
eap7-resteasy-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-resteasy-atom-provider-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-resteasy-cdi-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-resteasy-client-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-resteasy-client-microprofile-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-resteasy-crypto-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-resteasy-jackson-provider-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-resteasy-jackson2-provider-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-resteasy-jaxb-provider-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-resteasy-jaxrs-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-resteasy-jettison-provider-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-resteasy-jose-jwt-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-resteasy-jsapi-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-resteasy-json-binding-provider-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-resteasy-json-p-provider-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-resteasy-multipart-provider-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-resteasy-rxjava2-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-resteasy-spring-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-resteasy-validator-provider-11-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-resteasy-yaml-provider-3.11.2-3.Final_redhat_00002.1.el8eap.noarch.rpm
eap7-rngom-2.3.3-4.b02_redhat_00001.1.el8eap.noarch.rpm
eap7-slf4j-jboss-logmanager-1.0.4-1.GA_redhat_00001.1.el8eap.noarch.rpm
eap7-smallrye-config-1.6.2-3.redhat_00004.1.el8eap.noarch.rpm
eap7-smallrye-health-2.2.0-1.redhat_00004.1.el8eap.noarch.rpm
eap7-smallrye-metrics-2.4.0-1.redhat_00004.1.el8eap.noarch.rpm
eap7-smallrye-opentracing-1.3.4-1.redhat_00004.1.el8eap.noarch.rpm
eap7-snakeyaml-1.24.0-2.redhat_00001.1.el8eap.noarch.rpm
eap7-stax2-api-4.2.0-1.redhat_00001.1.el8eap.noarch.rpm
eap7-sun-istack-commons-3.0.10-1.redhat_00001.1.el8eap.noarch.rpm
eap7-txw2-2.3.3-4.b02_redhat_00001.1.el8eap.noarch.rpm
eap7-undertow-2.0.30-3.SP3_redhat_00001.1.el8eap.noarch.rpm
eap7-undertow-server-1.6.1-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-weld-core-3.1.4-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-weld-core-impl-3.1.4-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-weld-core-jsf-3.1.4-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-weld-ejb-3.1.4-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-weld-jta-3.1.4-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-weld-probe-core-3.1.4-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-weld-web-3.1.4-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-wildfly-7.3.1-5.GA_redhat_00003.1.el8eap.noarch.rpm
eap7-wildfly-elytron-1.10.6-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-wildfly-elytron-tool-1.10.6-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-wildfly-http-client-common-1.0.20-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-wildfly-http-ejb-client-1.0.20-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-wildfly-http-naming-client-1.0.20-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-wildfly-http-transaction-client-1.0.20-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-wildfly-javadocs-7.3.1-5.GA_redhat_00003.1.el8eap.noarch.rpm
eap7-wildfly-modules-7.3.1-5.GA_redhat_00003.1.el8eap.noarch.rpm
eap7-wildfly-naming-client-1.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-wildfly-transaction-client-1.1.11-1.Final_redhat_00001.1.el8eap.noarch.rpm
eap7-woodstox-core-6.0.3-1.redhat_00001.1.el8eap.noarch.rpm
eap7-wss4j-2.2.5-1.redhat_00001.1.el8eap.noarch.rpm
eap7-wss4j-bindings-2.2.5-1.redhat_00001.1.el8eap.noarch.rpm
eap7-wss4j-policy-2.2.5-1.redhat_00001.1.el8eap.noarch.rpm
eap7-wss4j-ws-security-common-2.2.5-1.redhat_00001.1.el8eap.noarch.rpm
eap7-wss4j-ws-security-dom-2.2.5-1.redhat_00001.1.el8eap.noarch.rpm
eap7-wss4j-ws-security-policy-stax-2.2.5-1.redhat_00001.1.el8eap.noarch.rpm
eap7-wss4j-ws-security-stax-2.2.5-1.redhat_00001.1.el8eap.noarch.rpm
eap7-xsom-2.3.3-4.b02_redhat_00001.1.el8eap.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

8. References:

https://access.redhat.com/security/cve/CVE-2018-14371
https://access.redhat.com/security/cve/CVE-2019-0205
https://access.redhat.com/security/cve/CVE-2019-0210
https://access.redhat.com/security/cve/CVE-2019-10172
https://access.redhat.com/security/cve/CVE-2019-12423
https://access.redhat.com/security/cve/CVE-2019-14887
https://access.redhat.com/security/cve/CVE-2019-17573
https://access.redhat.com/security/cve/CVE-2020-1695
https://access.redhat.com/security/cve/CVE-2020-1729
https://access.redhat.com/security/cve/CVE-2020-1745
https://access.redhat.com/security/cve/CVE-2020-1757
https://access.redhat.com/security/cve/CVE-2020-6950
https://access.redhat.com/security/cve/CVE-2020-7226
https://access.redhat.com/security/cve/CVE-2020-8840
https://access.redhat.com/security/cve/CVE-2020-9546
https://access.redhat.com/security/cve/CVE-2020-9547
https://access.redhat.com/security/cve/CVE-2020-9548
https://access.redhat.com/security/cve/CVE-2020-10688
https://access.redhat.com/security/cve/CVE-2020-10719
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/

9. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXuHcm9zjgjWX9erEAQit5g/+Jij4iahhnl06NfDOAoQbVvKobewyO7J4
NPDWt7Di146R1L23xMFXEBtuyCWg8RYLcpqS0VU3UKPkoStIOTJbgsNxQFRhbMEG
2HIPnQ5BOGM86WL2WnwpimfEgVwmSGwC23m8DTWZSDK5oMasfSmIqY/+wIOtGffn
mjdLdcm4AlhVHgy7x2FYn9/wYb2tQTZBuw0mBx5jhYm4PGDYAd2P/Zo75i0182Cu
t8guVtj8vuAAvLyZKVmCrW0I5oa95zp4O4tAqEPIfxK4A2ggoHx91OdcMjHrX9mg
7LwqTq2jf/hjhjktgeEeL2y4mDq4t/ZSaBdo7vNWiNXHfGwt3uSJeGPoGQBca6iC
sYuYhiH0F+HolBkC29IGXvh5NG6aHiWcUau868ymL0OW/LSZwEqsIDkBQo7njbYr
40l2lZEhf3evP5POi3Ifh5e3/syUu/aNpyZtvnhm3f/bMq82uDtl3qfQCiVdSbpo
3J65X218GQYThWEtz1WXqfo8sFb0CNGUm5bC11nMD9uWsUZqdl1T1wseQJU2/ns/
KV2GJhGz1HDOMxAtjMshg1Bu/ITNMIU2Wrat7q7HAH+iA5I9mpxmPk5cM6yK8RFL
Cv5GymrLNgxyJQ5LPO8Nae9mKnHzl3OXAcTEwTUcCcxqXZlYBSiESY/OoE1ClEQp
w6qY9yQ5bcI=
=3pbm
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXuLZEeNLKJtyKPYoAQgxHRAAoEOLOOy/jHP6h9Ac4Wogt04dSYMW3XOm
k3Sms1mK6bwfC6Q4x4ba3Q0fNKKVY1iRh00UB1TG6smCOXIYYhoBU7ZAN1P35Nhw
VZKsIcTTFW2UXdTyxErh5TzWkm5Xw1D9MIgsk6hnzinsZBkWyR4Njrit/VECIY2H
lEj+oitmmwPudWJ1vVYlSTXry2ssrBR3CNRjWWJTZUsHhCiYAr00PFgpDItSNq+V
7fV3ItrA2EnZ3E6j/YIOGYODa7/TKks8ubQdSxJb1guahx7+zZr83zXyZSlETv4H
HqpgNZX9sXeEotCX2I4yAlNlKA19SKjUMCZEj90i6Ksmjz1RMKiFCMVKzQldRU2q
DtSDUv06whbAupDi73JsMV2g65ASO8DkHynuW7n/NnyoO87gqDn5ztlkl0286TVf
+aWeEzybReLvcKCimUY8M5uIZuJg4B6rIsBWeN48ew04PvNZMtRnBoO7tIFWpoVR
9T4gt3YfW3PEiu2NumrFojg/FTV2ZpSp1+Pkm9YOYT8vH+eH9F733+YPr7sqmFts
3HgWKLz+Iz70HTgy24g33pm8oJER5GZsYUQl1FIwkKehq9vz+FDVV8JkTJNgPOCO
WvZl/EuN8KEISO+1mOrjJcp43kQ/Hco9/TjW/2CZgapfQMAQ3YYfs06OLraaPEyv
x2WACV9Z2p4=
=dypg
-----END PGP SIGNATURE-----