RHSA-2015:0773High
Red Hat Security Advisory: Red Hat JBoss Data Grid 6.4.1 update
🔗 CVE IDs covered (5)
📋 Description
CVE-2013-4002 — OpenJDK: XML parsing Denial of Service (JAXP, 8017298) CVE-2014-7839 — RESTeasy: External entities expanded by DocumentProvider CVE-2014-8122 — Weld: Limited information disclosure via stale thread state CVE-2015-0226 — wss4j: Apache WSS4J is vulnerable to Bleichenbacher's attack (incomplete fix for CVE-2011-2487) CVE-2015-0227 — wss4j: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property
🔗 References (10)
- selfhttps://access.redhat.com/errata/RHSA-2015:0773
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=data.grid&version=6.4.1
- externalhttps://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Data_Grid/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1019176
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1165328
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1169237
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1191446
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1191451
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_0773.json