An update for jboss-ec2-eap is now available for Red Hat JBoss EnterpriseApplication Platform 6.4 for Red Hat Enterprise Linux 6.Red Hat Product Security has rated this update as having a security impact ofModerate.

A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java EEapplications.
It is based on JBoss Application Server 7 and incorporatesmultiple open-source projects to provide a complete Java EE platform solution.Security Fix(es):* A denial of service vulnerability was identified in Commons FileUpload thatoccurred when the length of the multipart boundary was just below the size ofthe buffer (4096 bytes) used to read the uploaded file if the boundary was thetypical tens of bytes long. (CVE-2016-3092)Enhancement(s):* The jboss-ec2-eap packages provide scripts for Red Hat JBoss EnterpriseApplication Platform running on the Amazon Web Services (AWS) Elastic ComputeCloud (EC2). With this update, the packages have been updated to ensurecompatibility with Red Hat JBoss Enterprise Application Platform 6.4.11.Users of EAP 6.4.10 jboss-ec2-eap are advised to upgrade to these updatedpackages, which add this enhancement.
Before applying this update, back up your existing Red Hat JBoss EnterpriseApplication Platform installation and deployed applications.For details on how to apply this update, which includes the changes described inthis advisory, refer to:https://access.redhat.com/articles/11258JBoss Enterprise Application Platform 6 EL6

SRPMS:
jboss-ec2-eap-7.5.11-1.Final_redhat_1.ep6.el6.src.rpm
    MD5: b3b930d47ec84c708680ac864edd07e1SHA-256: 9c1beef79d0eb6c6f575676620ee09d8b87706c37cb997ef72987e01fd36f956
 
IA-32:
jboss-ec2-eap-7.5.11-1.Final_redhat_1.ep6.el6.noarch.rpm
    MD5: 85883dfb71ae9906aa774a6e2f81c4a6SHA-256: 844604a47400ff4a75c39559ce2a2025c370543f59a1bfc59e8cc2c21deb50f2
jboss-ec2-eap-samples-7.5.11-1.Final_redhat_1.ep6.el6.noarch.rpm
    MD5: 0a9aa29388095aade453e1ad4ade9fb2SHA-256: a760007ba70310f9ba7afa0abceb33a03e2bda393efc4451a79ff53792c427e5
 
x86_64:
jboss-ec2-eap-7.5.11-1.Final_redhat_1.ep6.el6.noarch.rpm
    MD5: 85883dfb71ae9906aa774a6e2f81c4a6SHA-256: 844604a47400ff4a75c39559ce2a2025c370543f59a1bfc59e8cc2c21deb50f2
jboss-ec2-eap-samples-7.5.11-1.Final_redhat_1.ep6.el6.noarch.rpm
    MD5: 0a9aa29388095aade453e1ad4ade9fb2SHA-256: a760007ba70310f9ba7afa0abceb33a03e2bda393efc4451a79ff53792c427e5
 
(The unlinked packages above are only available from the Red Hat Network)

1349468 – CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

Leave a Reply