Red Hat 8826 Published by

A Red Hat JBoss Enterprise Application Platform 7.4.9 XP 4.0.0.GA security release is available.



RHSA-2023:0756-01: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 XP 4.0.0.GA Security release



=====================================================================
Red Hat Security Advisory

Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 XP 4.0.0.GA Security release
Advisory ID: RHSA-2023:0756-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL:   https://access.redhat.com/errata/RHSA-2023:0756
Issue date: 2023-02-14
CVE Names: CVE-2021-0341 CVE-2022-47629
=====================================================================

1. Summary:

JBoss EAP XP 4.0.0.GA Security release on the EAP 7.4.9 base. See
references for release notes.
Red Hat Product Security has rated this update as having a security impact
of
Important. A Common Vulnerability Scoring System (CVSS) base score, which
gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

2. Description:

This is a cumulative patch release zip for the JBoss EAP XP 4.0.0 runtime
distribution for use with EAP 7.4.9.

Security Fix(es):

* libksba: integer overflow to code execution (CVE-2022-47629)

* okhttp: information disclosure via improperly used cryptographic function
(CVE-2021-0341)

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

  https://access.redhat.com/articles/11258

4. Bugs fixed (  https://bugzilla.redhat.com/):

2154086 - CVE-2021-0341 okhttp: information disclosure via improperly used cryptographic function
2161571 - CVE-2022-47629 libksba: integer overflow to code execution

5. JIRA issues fixed (  https://issues.jboss.org/):

JBEAP-24408 - EAP XP 4.0.0.GA for EAP 7.4.9

6. References:

  https://access.redhat.com/security/cve/CVE-2021-0341
  https://access.redhat.com/security/cve/CVE-2022-47629
  https://access.redhat.com/security/updates/classification/#important
  https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/red_hat_jboss_eap_xp_4.0.0_release_notes/
  https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html/jboss_eap_xp_4.0_upgrade_and_migration_guide/index
  https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/using_jboss_eap_xp_4.0.0/index

7. Contact:

The Red Hat security contact is . More contact
details at   https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.