RHSA-2023:7641HighCVSS 7.5
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.14 security update
🔗 CVE IDs covered (6)
📋 Description
CVE-2023-2976 — guava: insecure temporary directory creation CVE-2023-4503 — eap-galleon: custom provisioning creates unsecured http-invoker CVE-2023-5685 — xnio: StackOverflowException when the chain of notifier states becomes problematically big CVE-2023-35887 — apache-mina-sshd: information exposure in SFTP server implementations CVE-2023-39410 — apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK CVE-2023-44487 — HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
🔗 References (35)
- selfhttps://access.redhat.com/errata/RHSA-2023:7641
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=7.4
- externalhttps://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4
- externalhttps://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2184751
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2215229
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2240036
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2241822
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2242521
- externalhttps://issues.redhat.com/browse/JBEAP-25004
- externalhttps://issues.redhat.com/browse/JBEAP-25085
- externalhttps://issues.redhat.com/browse/JBEAP-25086
- externalhttps://issues.redhat.com/browse/JBEAP-25378
- externalhttps://issues.redhat.com/browse/JBEAP-25380
- externalhttps://issues.redhat.com/browse/JBEAP-25419
- externalhttps://issues.redhat.com/browse/JBEAP-25451
- externalhttps://issues.redhat.com/browse/JBEAP-25457
- externalhttps://issues.redhat.com/browse/JBEAP-25541
- externalhttps://issues.redhat.com/browse/JBEAP-25547
- externalhttps://issues.redhat.com/browse/JBEAP-25576
- externalhttps://issues.redhat.com/browse/JBEAP-25594
- externalhttps://issues.redhat.com/browse/JBEAP-25627
- externalhttps://issues.redhat.com/browse/JBEAP-25657
- externalhttps://issues.redhat.com/browse/JBEAP-25685
- externalhttps://issues.redhat.com/browse/JBEAP-25700
- externalhttps://issues.redhat.com/browse/JBEAP-25716
- externalhttps://issues.redhat.com/browse/JBEAP-25726
- externalhttps://issues.redhat.com/browse/JBEAP-25772
- externalhttps://issues.redhat.com/browse/JBEAP-25779
- externalhttps://issues.redhat.com/browse/JBEAP-25803
- externalhttps://issues.redhat.com/browse/JBEAP-25838
- externalhttps://issues.redhat.com/browse/JBEAP-26041
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7641.json