Updated packages for Red Hat JBoss Enterprise Web Platform 5.2.0 that fixone security issue are now available for Red Hat Enterprise Linux 4, 5,and 6.The Red Hat Security Response Team has rated this update as havingImportant security impact. A Common Vulnerability Scoring System (CVSS)base score, which gives a detailed severity rating, is available from theCVE link in the References section.

Red Hat JBoss Enterprise Web Platform is a platform for Java applications,which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam.It was found that the org.jboss.seam.web.AuthenticationFilter classimplementation did not properly use Seam logging. A remote attacker couldsend specially crafted authentication headers to an application, whichcould result in arbitrary code execution with the privileges of the userrunning that application. (CVE-2014-0248)The CVE-2014-0248 issue was discovered by Marek Schmidt of Red Hat.All users of Red Hat JBoss Enterprise Web Platform 5.2.0 on Red HatEnterprise Linux 4, 5, and 6 are advised to upgrade to these updatedpackages. The JBoss server process must be restarted for the update to takeeffect.
Before applying this update, make sure all previously released erratarelevant to your system have been applied. Also, back up your existing RedHat JBoss Enterprise Web Platform 5 installation (including allapplications and configuration files).This update is available via the Red Hat Network. Details on how to use theRed Hat Network to apply this update are available athttps://access.redhat.com/knowledge/articles/11258JBoss Enterprise Web Platform 5 EL4

SRPMS:
jboss-seam2-2.2.6.EAP5-10.ep5.el4.src.rpm
    MD5: ada21889e7548b751ecc6bbdd5ec09a3SHA-256: 881194856979fb3f512cd7f8819b2bc67490bc01493fa8e3bb2aa13a40456c86
 
IA-32:
jboss-seam2-2.2.6.EAP5-10.ep5.el4.noarch.rpm
    MD5: 1248f52c5837034feb291b164be710baSHA-256: 9112f9b4685dd549586806fabe632cd1d2c7a32758a4733e51162925c8a4200b
jboss-seam2-docs-2.2.6.EAP5-10.ep5.el4.noarch.rpm
    MD5: 0384ffa9c99d5dd743c327bdbafc5328SHA-256: 975402539725414e4e053845b230dd7626fc73bf1568745e50b5a31e14c95d33
jboss-seam2-examples-2.2.6.EAP5-10.ep5.el4.noarch.rpm
    MD5: 11a4214d76c3abc4b52052a37486c01aSHA-256: 917c658eca741e3d6bf320d718bae179fab68f59865b09287e9a87aaf5ed7ffb
jboss-seam2-runtime-2.2.6.EAP5-10.ep5.el4.noarch.rpm
    MD5: f756c4cd166cc984cbf6f4c023ea4132SHA-256: e77e5b4f3f8756478a53b6be3bc18724548c1c800c776e5be006864201184194
 
x86_64:
jboss-seam2-2.2.6.EAP5-10.ep5.el4.noarch.rpm
    MD5: 1248f52c5837034feb291b164be710baSHA-256: 9112f9b4685dd549586806fabe632cd1d2c7a32758a4733e51162925c8a4200b
jboss-seam2-docs-2.2.6.EAP5-10.ep5.el4.noarch.rpm
    MD5: 0384ffa9c99d5dd743c327bdbafc5328SHA-256: 975402539725414e4e053845b230dd7626fc73bf1568745e50b5a31e14c95d33
jboss-seam2-examples-2.2.6.EAP5-10.ep5.el4.noarch.rpm
    MD5: 11a4214d76c3abc4b52052a37486c01aSHA-256: 917c658eca741e3d6bf320d718bae179fab68f59865b09287e9a87aaf5ed7ffb
jboss-seam2-runtime-2.2.6.EAP5-10.ep5.el4.noarch.rpm
    MD5: f756c4cd166cc984cbf6f4c023ea4132SHA-256: e77e5b4f3f8756478a53b6be3bc18724548c1c800c776e5be006864201184194
 
JBoss Enterprise Web Platform 5 EL5

SRPMS:
jboss-seam2-2.2.6.EAP5-12.ep5.el5.src.rpm
    MD5: 73e373eff5f5738fe0f895b56e5e9525SHA-256: 08bfbb0b59448560e3fd126387ab50fa62b4a538515b8a08589f608795fa1e3e
 
IA-32:
jboss-seam2-2.2.6.EAP5-12.ep5.el5.noarch.rpm
    MD5: de8291cd6b8d27657bf85e0d04dae9e0SHA-256: ce4d9bc3b7d247209498384fa7e240172b1977873fe331963bb495180384f97f
jboss-seam2-docs-2.2.6.EAP5-12.ep5.el5.noarch.rpm
    MD5: faf139472f2e3f42f7eeaee0510321b6SHA-256: f941a46a37ae0558662177dfe73a55a5399355d047124be5c4d380f401fa9024
jboss-seam2-examples-2.2.6.EAP5-12.ep5.el5.noarch.rpm
    MD5: 29fbd0ee9315bf83b0ad027d7018db81SHA-256: 77cba9a4dcba2ec04adfc845a5552e1ad721cd7c2b4bfb21d3bc287c24a7f76f
jboss-seam2-runtime-2.2.6.EAP5-12.ep5.el5.noarch.rpm
    MD5: 8aa9f2b2a8a3bcbd989f5f6cadbb647cSHA-256: f0e5891e5893b8a7ac6c318beecdb8e820448834239322cfe2e3b7f8b13f9103
 
x86_64:
jboss-seam2-2.2.6.EAP5-12.ep5.el5.noarch.rpm
    MD5: de8291cd6b8d27657bf85e0d04dae9e0SHA-256: ce4d9bc3b7d247209498384fa7e240172b1977873fe331963bb495180384f97f
jboss-seam2-docs-2.2.6.EAP5-12.ep5.el5.noarch.rpm
    MD5: faf139472f2e3f42f7eeaee0510321b6SHA-256: f941a46a37ae0558662177dfe73a55a5399355d047124be5c4d380f401fa9024
jboss-seam2-examples-2.2.6.EAP5-12.ep5.el5.noarch.rpm
    MD5: 29fbd0ee9315bf83b0ad027d7018db81SHA-256: 77cba9a4dcba2ec04adfc845a5552e1ad721cd7c2b4bfb21d3bc287c24a7f76f
jboss-seam2-runtime-2.2.6.EAP5-12.ep5.el5.noarch.rpm
    MD5: 8aa9f2b2a8a3bcbd989f5f6cadbb647cSHA-256: f0e5891e5893b8a7ac6c318beecdb8e820448834239322cfe2e3b7f8b13f9103
 
JBoss Enterprise Web Platform 5 EL6

SRPMS:
jboss-seam2-2.2.6.EAP5-16.el6_5.src.rpm
    MD5: e52781b3c20389c839c9a70e6e9dab88SHA-256: 584f792d9e3eeef873cded077d59879a2035719b395055963235badca812b1ac
 
IA-32:
jboss-seam2-2.2.6.EAP5-16.el6_5.noarch.rpm
    MD5: 0b2ae32772648c0b2baa4d97364ed5cdSHA-256: a545e8a0cd313311a9da889705cee366f5709102ab3db993baeaa88f981f7f7b
jboss-seam2-docs-2.2.6.EAP5-16.el6_5.noarch.rpm
    MD5: e50d167c392286b32ce3aac0deee509bSHA-256: 42104d0be4619fc8c726a4f16b035143b6f8dd9aff321e68ce0ad38e817bf58f
jboss-seam2-examples-2.2.6.EAP5-16.el6_5.noarch.rpm
    MD5: 1ec3de17dd44c02b38d61a69ee92bc16SHA-256: f3c43d6e38fb7c7921007267ae9c9d93d679e20db2a8999159ddbf2e5afd5f51
jboss-seam2-runtime-2.2.6.EAP5-16.el6_5.noarch.rpm
    MD5: 6bd604d2990cca63271ae8ee199ccf15SHA-256: 4c9421ac3669290015b5962cde4ace4601b0e42b385e341615d24b61e3a67a4b
 
x86_64:
jboss-seam2-2.2.6.EAP5-16.el6_5.noarch.rpm
    MD5: 0b2ae32772648c0b2baa4d97364ed5cdSHA-256: a545e8a0cd313311a9da889705cee366f5709102ab3db993baeaa88f981f7f7b
jboss-seam2-docs-2.2.6.EAP5-16.el6_5.noarch.rpm
    MD5: e50d167c392286b32ce3aac0deee509bSHA-256: 42104d0be4619fc8c726a4f16b035143b6f8dd9aff321e68ce0ad38e817bf58f
jboss-seam2-examples-2.2.6.EAP5-16.el6_5.noarch.rpm
    MD5: 1ec3de17dd44c02b38d61a69ee92bc16SHA-256: f3c43d6e38fb7c7921007267ae9c9d93d679e20db2a8999159ddbf2e5afd5f51
jboss-seam2-runtime-2.2.6.EAP5-16.el6_5.noarch.rpm
    MD5: 6bd604d2990cca63271ae8ee199ccf15SHA-256: 4c9421ac3669290015b5962cde4ace4601b0e42b385e341615d24b61e3a67a4b
 
(The unlinked packages above are only available from the Red Hat Network)
1101619 – CVE-2014-0248 JBoss Seam: RCE via unsafe logging in AuthenticationFilter

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply