Headline
RHSA-2022:1519: Red Hat Security Advisory: Red Hat JBoss Web Server 5.6.2 Security Update
Updated Red Hat JBoss Web Server 5.6.2 packages are now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-0778: openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-05-02
Updated:
2022-05-02
RHSA-2022:1519 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: Red Hat JBoss Web Server 5.6.2 Security Update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
Updated Red Hat JBoss Web Server 5.6.2 packages are now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 5.6.2 serves as a replacement for Red Hat JBoss Web Server 5.6.1. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References.
Security Fix(es):
- openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Affected Products
- JBoss Enterprise Web Server 5 for RHEL 8 x86_64
- JBoss Enterprise Web Server 5 for RHEL 7 x86_64
Fixes
- BZ - 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
JBoss Enterprise Web Server 5 for RHEL 8
SRPM
jws5-tomcat-9.0.50-5.redhat_00007.1.el8jws.src.rpm
SHA-256: dbee5bd3719d10515a5e5047a1a871c2e850858cac1746959b29c93ad5c7f9d7
jws5-tomcat-native-1.2.30-4.redhat_4.el8jws.src.rpm
SHA-256: 675fa4246b1111abcfb3b6d428ebae6a735b802a462715207fa67f526a505bf5
x86_64
jws5-tomcat-9.0.50-5.redhat_00007.1.el8jws.noarch.rpm
SHA-256: f32fc31c3c74a73fa5b8004f62e5e0f7d1f997ef15e1ce37192103d51b96b341
jws5-tomcat-admin-webapps-9.0.50-5.redhat_00007.1.el8jws.noarch.rpm
SHA-256: 6700a4b5871cecfad08643bd0766c4cac75cae38ecfaa50af1be90aa1b544db9
jws5-tomcat-docs-webapp-9.0.50-5.redhat_00007.1.el8jws.noarch.rpm
SHA-256: 13bdee869f4c973f4e8132df4880204527da6aed912ab12e7deec9f85fd90737
jws5-tomcat-el-3.0-api-9.0.50-5.redhat_00007.1.el8jws.noarch.rpm
SHA-256: 325bd8049aeb783ba1b6e580f9231f762e6c7337f1bfb52a6d4b5c896cb0314c
jws5-tomcat-javadoc-9.0.50-5.redhat_00007.1.el8jws.noarch.rpm
SHA-256: 32e2e36c1aaed1e6772f117b537e9e817d364c98f91f36914152898c02482d64
jws5-tomcat-jsp-2.3-api-9.0.50-5.redhat_00007.1.el8jws.noarch.rpm
SHA-256: c72c49acdfa7338f3db4c88094c5ecb92d4d48146a5d86173d4cd990c62dd18a
jws5-tomcat-lib-9.0.50-5.redhat_00007.1.el8jws.noarch.rpm
SHA-256: 47035219598a259356e60da3a83c4a6540125c7a2009302c50c99e83f852ff5f
jws5-tomcat-native-1.2.30-4.redhat_4.el8jws.x86_64.rpm
SHA-256: 4e5d812eb1f29a39c07efa7f35e495d2d7127bc5d8ecb24d9fd707c15e352292
jws5-tomcat-native-debuginfo-1.2.30-4.redhat_4.el8jws.x86_64.rpm
SHA-256: e409a46b30aa5406ee1c3f9229c40bddaae0b11813a8dbfe4da7a854782919e4
jws5-tomcat-selinux-9.0.50-5.redhat_00007.1.el8jws.noarch.rpm
SHA-256: 745292b989d4e193c4712c4cfc36bca7c6e94a8fe8465e15848cd3e94688950a
jws5-tomcat-servlet-4.0-api-9.0.50-5.redhat_00007.1.el8jws.noarch.rpm
SHA-256: 72450f0cc25a14315d8cd4b55dfd91aec1144e41109adf1154a80d66220c704b
jws5-tomcat-webapps-9.0.50-5.redhat_00007.1.el8jws.noarch.rpm
SHA-256: 9b4da4276c5b52e068c1471ce2197e53f4e5bfb2f7aee3e14a57db85396e7c26
JBoss Enterprise Web Server 5 for RHEL 7
SRPM
jws5-tomcat-9.0.50-5.redhat_00007.1.el7jws.src.rpm
SHA-256: f2a6c110e4dede606bd03c4cff5512eaf2ed1d5fd17b61d7384f602ff752fdf7
jws5-tomcat-native-1.2.30-4.redhat_4.el7jws.src.rpm
SHA-256: e3f16d27aac09bccc2275bcc0d93c1eb159725f9e7abd09ced95eed8c5c3172f
x86_64
jws5-tomcat-9.0.50-5.redhat_00007.1.el7jws.noarch.rpm
SHA-256: 215825b87980844b037327c40bfc84fab655f369f1032aa3f9692b990035fd02
jws5-tomcat-admin-webapps-9.0.50-5.redhat_00007.1.el7jws.noarch.rpm
SHA-256: 3ea6078a72d51c7b5a45b98a3b1c2ded6a85567b0c860df08b6642bae3c96090
jws5-tomcat-docs-webapp-9.0.50-5.redhat_00007.1.el7jws.noarch.rpm
SHA-256: 2705c0d855c26a0c040e0531a83b965ec2c86b7e7e2282faa6665221fd7c6548
jws5-tomcat-el-3.0-api-9.0.50-5.redhat_00007.1.el7jws.noarch.rpm
SHA-256: f97f8b5c588e24292ac0e42b15121ba2b1e6cc9908a548ecb5bd1be17883ade3
jws5-tomcat-java-jdk11-9.0.50-5.redhat_00007.1.el7jws.noarch.rpm
SHA-256: f1c3662494ad68232f9309f063bfed52b0c92d912852916436ca82d827a98653
jws5-tomcat-java-jdk8-9.0.50-5.redhat_00007.1.el7jws.noarch.rpm
SHA-256: 283b674b094b3c224b1e2377f07319a36797a8e648140f74fb6419c5119e87ce
jws5-tomcat-javadoc-9.0.50-5.redhat_00007.1.el7jws.noarch.rpm
SHA-256: 3960c82029ee8a74d1e4aef602973d4b1492d4cdb77d80ea150869c3c7933768
jws5-tomcat-jsp-2.3-api-9.0.50-5.redhat_00007.1.el7jws.noarch.rpm
SHA-256: f0a5c8a31f7451a3a10b38eceada56c2d0ab1ac12c4afe68b4a5e7bce7e2fd56
jws5-tomcat-lib-9.0.50-5.redhat_00007.1.el7jws.noarch.rpm
SHA-256: b8496ecc763ae61b0a4d1e7d0b36757137a816088fc2af39b00a21abc75b1e04
jws5-tomcat-native-1.2.30-4.redhat_4.el7jws.x86_64.rpm
SHA-256: 71a128bbf99d58e8f7ec81843a5b252c0edd03a720c14dfd1ed1851cba3dfd30
jws5-tomcat-native-debuginfo-1.2.30-4.redhat_4.el7jws.x86_64.rpm
SHA-256: f04b3072774a1eb87292dc74260a3536133bef8aa63b746592877babb7ad9c19
jws5-tomcat-selinux-9.0.50-5.redhat_00007.1.el7jws.noarch.rpm
SHA-256: f1bee71db76ab0576abe6b8b04e6973d5d329f93d001a5cc53b8b845f5cb4af4
jws5-tomcat-servlet-4.0-api-9.0.50-5.redhat_00007.1.el7jws.noarch.rpm
SHA-256: 79543bde8b61a3846a2e9d20dc0eee178998eabc84dcd45215ea0c263af6e5b1
jws5-tomcat-webapps-9.0.50-5.redhat_00007.1.el7jws.noarch.rpm
SHA-256: 57fb34db49e7730c1069fdf3cd06230101c7bf72f141ec5257d55390e98ca32e
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2
Red Hat OpenShift Container Platform release 4.10.12 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27652: cri-o: Default inheritable capabilities for linux container should be empty
Red Hat Security Advisory 2022-1661-01 - The zlib packages provide a general-purpose lossless data compression library that is used by many different programs.
Red Hat Security Advisory 2022-1663-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-1662-01 - The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2022-1646-01 - Twisted is a networking engine written in Python, supporting numerous protocols. It contains a web server, numerous chat clients, chat servers, mail servers and more. Issues addressed include a HTTP request smuggling vulnerability.
RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain a remote code execution (RCE) vulnerability via the fileName parameter at /guest_auth/cfg/upLoadCfg.php.
Improper sanitization of trigger action scripts in VanDyke Software VShell for Windows v4.6.2 allows attackers to execute arbitrary code via a crafted value.
Red Hat JBoss Web Server 5.6.2 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0778: openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
An update for gzip is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability
An update for rh-python38-python, rh-python38-python-lxml, and rh-python38-python-pip is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43818: python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through
An update for python27-python and python27-python-pip is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3733: python: urllib: Regular expression DoS in AbstractBasicAuthHandler * CVE-2021-3737: python: urllib: HTTP client possible infinite loop on a 100 Continue response * CVE-2021-4189: python: ftplib should not use the host from the PASV response * CVE-2022-0391: python: urllib.parse does not sanitize URLs containing AS...
An update for rh-maven36-maven-shared-utils is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29599: maven-shared-utils: Command injection via Commandline class
An update for zlib is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-25032: zlib: A flaw found in zlib when compressing (not decompressing) certain inputs
The components for Red Hat OpenShift support for Windows Containers 2.0.5 are now available. This product release includes a moderate security update for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-20206: containernetworking-cni: Arbitrary path injection via type field in CNI configuration