Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:1519: Red Hat Security Advisory: Red Hat JBoss Web Server 5.6.2 Security Update

Updated Red Hat JBoss Web Server 5.6.2 packages are now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-0778: openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
Red Hat Security Data
#vulnerability#web#linux#red_hat#apache#nodejs#js#java#kubernetes#aws#ssl

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-05-02

Updated:

2022-05-02

RHSA-2022:1519 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: Red Hat JBoss Web Server 5.6.2 Security Update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated Red Hat JBoss Web Server 5.6.2 packages are now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.

This release of Red Hat JBoss Web Server 5.6.2 serves as a replacement for Red Hat JBoss Web Server 5.6.1. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References.

Security Fix(es):

  • openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • JBoss Enterprise Web Server 5 for RHEL 8 x86_64
  • JBoss Enterprise Web Server 5 for RHEL 7 x86_64

Fixes

  • BZ - 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates

JBoss Enterprise Web Server 5 for RHEL 8

SRPM

jws5-tomcat-9.0.50-5.redhat_00007.1.el8jws.src.rpm

SHA-256: dbee5bd3719d10515a5e5047a1a871c2e850858cac1746959b29c93ad5c7f9d7

jws5-tomcat-native-1.2.30-4.redhat_4.el8jws.src.rpm

SHA-256: 675fa4246b1111abcfb3b6d428ebae6a735b802a462715207fa67f526a505bf5

x86_64

jws5-tomcat-9.0.50-5.redhat_00007.1.el8jws.noarch.rpm

SHA-256: f32fc31c3c74a73fa5b8004f62e5e0f7d1f997ef15e1ce37192103d51b96b341

jws5-tomcat-admin-webapps-9.0.50-5.redhat_00007.1.el8jws.noarch.rpm

SHA-256: 6700a4b5871cecfad08643bd0766c4cac75cae38ecfaa50af1be90aa1b544db9

jws5-tomcat-docs-webapp-9.0.50-5.redhat_00007.1.el8jws.noarch.rpm

SHA-256: 13bdee869f4c973f4e8132df4880204527da6aed912ab12e7deec9f85fd90737

jws5-tomcat-el-3.0-api-9.0.50-5.redhat_00007.1.el8jws.noarch.rpm

SHA-256: 325bd8049aeb783ba1b6e580f9231f762e6c7337f1bfb52a6d4b5c896cb0314c

jws5-tomcat-javadoc-9.0.50-5.redhat_00007.1.el8jws.noarch.rpm

SHA-256: 32e2e36c1aaed1e6772f117b537e9e817d364c98f91f36914152898c02482d64

jws5-tomcat-jsp-2.3-api-9.0.50-5.redhat_00007.1.el8jws.noarch.rpm

SHA-256: c72c49acdfa7338f3db4c88094c5ecb92d4d48146a5d86173d4cd990c62dd18a

jws5-tomcat-lib-9.0.50-5.redhat_00007.1.el8jws.noarch.rpm

SHA-256: 47035219598a259356e60da3a83c4a6540125c7a2009302c50c99e83f852ff5f

jws5-tomcat-native-1.2.30-4.redhat_4.el8jws.x86_64.rpm

SHA-256: 4e5d812eb1f29a39c07efa7f35e495d2d7127bc5d8ecb24d9fd707c15e352292

jws5-tomcat-native-debuginfo-1.2.30-4.redhat_4.el8jws.x86_64.rpm

SHA-256: e409a46b30aa5406ee1c3f9229c40bddaae0b11813a8dbfe4da7a854782919e4

jws5-tomcat-selinux-9.0.50-5.redhat_00007.1.el8jws.noarch.rpm

SHA-256: 745292b989d4e193c4712c4cfc36bca7c6e94a8fe8465e15848cd3e94688950a

jws5-tomcat-servlet-4.0-api-9.0.50-5.redhat_00007.1.el8jws.noarch.rpm

SHA-256: 72450f0cc25a14315d8cd4b55dfd91aec1144e41109adf1154a80d66220c704b

jws5-tomcat-webapps-9.0.50-5.redhat_00007.1.el8jws.noarch.rpm

SHA-256: 9b4da4276c5b52e068c1471ce2197e53f4e5bfb2f7aee3e14a57db85396e7c26

JBoss Enterprise Web Server 5 for RHEL 7

SRPM

jws5-tomcat-9.0.50-5.redhat_00007.1.el7jws.src.rpm

SHA-256: f2a6c110e4dede606bd03c4cff5512eaf2ed1d5fd17b61d7384f602ff752fdf7

jws5-tomcat-native-1.2.30-4.redhat_4.el7jws.src.rpm

SHA-256: e3f16d27aac09bccc2275bcc0d93c1eb159725f9e7abd09ced95eed8c5c3172f

x86_64

jws5-tomcat-9.0.50-5.redhat_00007.1.el7jws.noarch.rpm

SHA-256: 215825b87980844b037327c40bfc84fab655f369f1032aa3f9692b990035fd02

jws5-tomcat-admin-webapps-9.0.50-5.redhat_00007.1.el7jws.noarch.rpm

SHA-256: 3ea6078a72d51c7b5a45b98a3b1c2ded6a85567b0c860df08b6642bae3c96090

jws5-tomcat-docs-webapp-9.0.50-5.redhat_00007.1.el7jws.noarch.rpm

SHA-256: 2705c0d855c26a0c040e0531a83b965ec2c86b7e7e2282faa6665221fd7c6548

jws5-tomcat-el-3.0-api-9.0.50-5.redhat_00007.1.el7jws.noarch.rpm

SHA-256: f97f8b5c588e24292ac0e42b15121ba2b1e6cc9908a548ecb5bd1be17883ade3

jws5-tomcat-java-jdk11-9.0.50-5.redhat_00007.1.el7jws.noarch.rpm

SHA-256: f1c3662494ad68232f9309f063bfed52b0c92d912852916436ca82d827a98653

jws5-tomcat-java-jdk8-9.0.50-5.redhat_00007.1.el7jws.noarch.rpm

SHA-256: 283b674b094b3c224b1e2377f07319a36797a8e648140f74fb6419c5119e87ce

jws5-tomcat-javadoc-9.0.50-5.redhat_00007.1.el7jws.noarch.rpm

SHA-256: 3960c82029ee8a74d1e4aef602973d4b1492d4cdb77d80ea150869c3c7933768

jws5-tomcat-jsp-2.3-api-9.0.50-5.redhat_00007.1.el7jws.noarch.rpm

SHA-256: f0a5c8a31f7451a3a10b38eceada56c2d0ab1ac12c4afe68b4a5e7bce7e2fd56

jws5-tomcat-lib-9.0.50-5.redhat_00007.1.el7jws.noarch.rpm

SHA-256: b8496ecc763ae61b0a4d1e7d0b36757137a816088fc2af39b00a21abc75b1e04

jws5-tomcat-native-1.2.30-4.redhat_4.el7jws.x86_64.rpm

SHA-256: 71a128bbf99d58e8f7ec81843a5b252c0edd03a720c14dfd1ed1851cba3dfd30

jws5-tomcat-native-debuginfo-1.2.30-4.redhat_4.el7jws.x86_64.rpm

SHA-256: f04b3072774a1eb87292dc74260a3536133bef8aa63b746592877babb7ad9c19

jws5-tomcat-selinux-9.0.50-5.redhat_00007.1.el7jws.noarch.rpm

SHA-256: f1bee71db76ab0576abe6b8b04e6973d5d329f93d001a5cc53b8b845f5cb4af4

jws5-tomcat-servlet-4.0-api-9.0.50-5.redhat_00007.1.el7jws.noarch.rpm

SHA-256: 79543bde8b61a3846a2e9d20dc0eee178998eabc84dcd45215ea0c263af6e5b1

jws5-tomcat-webapps-9.0.50-5.redhat_00007.1.el7jws.noarch.rpm

SHA-256: 57fb34db49e7730c1069fdf3cd06230101c7bf72f141ec5257d55390e98ca32e

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

CVE-2022-26326: Access Manager 5.0 Service Pack 2 Release Notes

Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2

RHSA-2022:1600: Red Hat Security Advisory: OpenShift Container Platform 4.10.12 security update

Red Hat OpenShift Container Platform release 4.10.12 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27652: cri-o: Default inheritable capabilities for linux container should be empty

Red Hat Security Advisory 2022-1661-01

Red Hat Security Advisory 2022-1661-01 - The zlib packages provide a general-purpose lossless data compression library that is used by many different programs.

Red Hat Security Advisory 2022-1663-01

Red Hat Security Advisory 2022-1663-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-1662-01

Red Hat Security Advisory 2022-1662-01 - The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2022-1646-01

Red Hat Security Advisory 2022-1646-01 - Twisted is a networking engine written in Python, supporting numerous protocols. It contains a web server, numerous chat clients, chat servers, mail servers and more. Issues addressed include a HTTP request smuggling vulnerability.

CVE-2022-27982: Ruijie-NBR has a Command Execution vulnerability – Adminxe's Blog

RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain a remote code execution (RCE) vulnerability via the fileName parameter at /guest_auth/cfg/upLoadCfg.php.

CVE-2022-28054: Security Advisory - February 2022

Improper sanitization of trigger action scripts in VanDyke Software VShell for Windows v4.6.2 allows attackers to execute arbitrary code via a crafted value.

RHSA-2022:1520: Red Hat Security Advisory: Red Hat JBoss Web Server 5.6.2 Security Update

Red Hat JBoss Web Server 5.6.2 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0778: openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates

RHSA-2022:1665: Red Hat Security Advisory: gzip security update

An update for gzip is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability

RHSA-2022:1664: Red Hat Security Advisory: Red Hat Software Collections security update

An update for rh-python38-python, rh-python38-python-lxml, and rh-python38-python-pip is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43818: python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through

RHSA-2022:1663: Red Hat Security Advisory: python27-python and python27-python-pip security update

An update for python27-python and python27-python-pip is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3733: python: urllib: Regular expression DoS in AbstractBasicAuthHandler * CVE-2021-3737: python: urllib: HTTP client possible infinite loop on a 100 Continue response * CVE-2021-4189: python: ftplib should not use the host from the PASV response * CVE-2022-0391: python: urllib.parse does not sanitize URLs containing AS...

RHSA-2022:1662: Red Hat Security Advisory: rh-maven36-maven-shared-utils security update

An update for rh-maven36-maven-shared-utils is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29599: maven-shared-utils: Command injection via Commandline class

RHSA-2022:1661: Red Hat Security Advisory: zlib security update

An update for zlib is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-25032: zlib: A flaw found in zlib when compressing (not decompressing) certain inputs

RHSA-2022:1660: Red Hat Security Advisory: Red Hat OpenShift support for Windows Containers 2.0.5 [security update]

The components for Red Hat OpenShift support for Windows Containers 2.0.5 are now available. This product release includes a moderate security update for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-20206: containernetworking-cni: Arbitrary path injection via type field in CNI configuration