- ---------------------------------------------------------------------                   Red Hat Security Advisory

Synopsis:          Moderate: JBoss Enterprise Application Platform security update
Advisory ID:       RHSA-2007:0950-01
Advisory URL:      https://access.redhat.com/errata/RHSA-2007:0950.html
Issue date:        2007-11-05
Updated on:        2007-11-05
Product:           Red Hat Application Stack
CVE Names:         CVE-2007-3382 CVE-2007-3385 
- ---------------------------------------------------------------------1. Summary:

Updated JBoss Enterprise Application Platform packages that fix several
security issues and bugs are now available for Red Hat Application Stack v1
and v2.

This update has been rated as having moderate security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - noarch
Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - noarch
Red Hat Application Stack v2 for Enterprise Linux (v.5) - noarch

3. Problem description:

The updated packages address the following security vulnerabilities:

Tomcat incorrectly treated a single quote character (') in a cookie value
as a delimiter. In some circumstances this lead to the leaking of
information such as session ID to an attacker (CVE-2007-3382).

Tomcat incorrectly handled the character sequence \" in a cookie value. In
some circumstances this lead to the leaking of information such as session
ID to an attacker (CVE-2007-3385).

In addition to these security fixes, this update also fixes several bugs in
JBoss Enterprise Application Platform. Please see the referenced release
notes for the list of bugs fixed.

Users of JBoss Enterprise Application Platform should upgrade to these
updated packages which contain fixes to correct these issues.

For users of Red Hat Application Stack v1, installation of this errata will
automatically bring the system up to V.1.2.  Please note the following
changes that may affect you:

- - Stacks V.1.2 has a new version of JBoss Application Server which
requires Java version 1.5 to run.

- - Unless the JBOSS_IP variable is explicitly set in the configuration
file, JBoss Application Server services are now bound to localhost.

- - Unless the JBOSSCONF variable is explicitly set in the configuration
file, JBoss Application Server will start with the production config
when started via the init script.

Refer to the release notes for more information on how to set the
JBOSS_IP and JBOSSCONF variables.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at

5. Bug IDs fixed (http://bugzilla.redhat.com/):

247972 - CVE-2007-3382 tomcat handling of cookies
247976 - CVE-2007-3385 tomcat handling of cookie values

6. RPMs required:

Red Hat Application Stack v1 for Enterprise Linux AS (v.4):

SRPMS:
3e6d36d2288f3119b14d0e3dd25599c9  berkeleydb-2.0.90-1jpp.ep1.1.src.rpm
c45bea49f9a9460400a2da68565b49cb  hibernate3-annotations-3.2.1-1.patch01.1jpp.ep1.2.src.rpm
3e32c2ce08a2f07dd027ff86446af6d8  hibernate3-ejb-persistence-3.0-api-3.2.1-1jpp.ep1.1.src.rpm
3b350d7de3b713a06221d2edb18abbc4  hibernate3-entitymanager-3.2.1-1jpp.ep1.5.src.rpm
ff1beb2147c7a5aad8e64de2b83ba0aa  jacorb-2.3.0-1jpp.ep1.1.src.rpm
15e5b40fbc9f3e41dbf0b74cdf7b0017  jboss-aop-1.5.5-0jpp.ep1.2.1.src.rpm
c638e8e39f4524bfddbf07c914024c0b  jboss-cache-1.4.1-1.SP3.1jpp.ep1.1.src.rpm
d56036f4b74525ae351030f4c1a8eb9a  jboss-remoting-2.2.2-1jpp.ep1.4.src.rpm
0c5d62cc1e37bb8dd47b2e17b96b7149  jboss-seam-1.2.1-1.ep1.2.src.rpm
862809bc4e78e5a8777c0c31fcd3a555  jboss-serialization-1.0.3-1jpp.ep1.3.src.rpm
d137454d4f562778a0cfd9475ed3bbf0  jbossas-4.2.0-2.CP01.ep1.4.src.rpm
cba7829b13f79de64b4cbd0422acbaa2  jbossweb-2.0.0-2.CP01.0jpp.ep1.4.src.rpm
16a51b52b0d53b65d474c1c104c125e9  jbossxb-1.0.0-1.CP01.0jpp.ep1.1.src.rpm
92c34a206cecaf59e62d7a3eb38fdc1f  jcommon-0.9.7-1jpp.el4ep1.1.src.rpm
d474fd5e30d873738eec028c88164bab  jfreechart-0.9.21-2jpp.el4ep1.1.src.rpm
723a3f1afb218740be1f5d782e80cc25  rh-eap-docs-4.2.0-2.CP01.ep1.2.src.rpm

noarch:
9603b96542df9e138e252ee5a701aed4  berkeleydb-2.0.90-1jpp.ep1.1.noarch.rpm
379f1308aa47160a341c35e9bf45aa65  hibernate3-annotations-3.2.1-1.patch01.1jpp.ep1.2.noarch.rpm
5e39db41c091e098c95edd53c94d3c2d  hibernate3-annotations-javadoc-3.2.1-1.patch01.1jpp.ep1.2.noarch.rpm
53896bfbb3bb3f874e160e237b30e2ca  hibernate3-ejb-persistence-3.0-api-3.2.1-1jpp.ep1.1.noarch.rpm
c54b366b96e62fee6ea225d802c0e3d2  hibernate3-ejb-persistence-3.0-api-javadoc-3.2.1-1jpp.ep1.1.noarch.rpm
8635620bce0bef87a8256ec82577f804  hibernate3-entitymanager-3.2.1-1jpp.ep1.5.noarch.rpm
11076de6fc94fe5fc92ededfa22b46a6  hibernate3-entitymanager-javadoc-3.2.1-1jpp.ep1.5.noarch.rpm
05b568ffc52cefb9abad01678b8cd7ef  jacorb-2.3.0-1jpp.ep1.1.noarch.rpm
75f791f3a359dac015d7159e1fdee9ce  jboss-aop-1.5.5-0jpp.ep1.2.1.noarch.rpm
dc933213e3041cbe05a61685913b234b  jboss-cache-1.4.1-1.SP3.1jpp.ep1.1.noarch.rpm
30d63ec755235f595dd4fc8207926fa7  jboss-remoting-2.2.2-1jpp.ep1.4.noarch.rpm
63b040353b821f8cbc5ccd186cd4d792  jboss-seam-1.2.1-1.ep1.2.noarch.rpm
5543500f72d98d57105e45e33f227fea  jboss-seam-docs-1.2.1-1.ep1.2.noarch.rpm
6b3266b5951ed27bedf610e47c619bb1  jboss-serialization-1.0.3-1jpp.ep1.3.noarch.rpm
672f485649dcfbb7a2720939a946893b  jbossas-4.2.0-2.CP01.ep1.4.noarch.rpm
fb3cc11b0a1719c625820d63c3eb0d5d  jbossweb-2.0.0-2.CP01.0jpp.ep1.4.noarch.rpm
3a03da161c9148892c706332f97cc53d  jbossxb-1.0.0-1.CP01.0jpp.ep1.1.noarch.rpm
ec2d3af5e0a2dbc092e334444d31f2f4  jcommon-0.9.7-1jpp.el4ep1.1.noarch.rpm
e064470349b6cc22b1ce1a5bb0b91034  jfreechart-0.9.21-2jpp.el4ep1.1.noarch.rpm
18e8c6084efaa0be97865e3f97b13db2  rh-eap-docs-4.2.0-2.CP01.ep1.2.noarch.rpm

Red Hat Application Stack v1 for Enterprise Linux ES (v.4):

SRPMS:
3e6d36d2288f3119b14d0e3dd25599c9  berkeleydb-2.0.90-1jpp.ep1.1.src.rpm
c45bea49f9a9460400a2da68565b49cb  hibernate3-annotations-3.2.1-1.patch01.1jpp.ep1.2.src.rpm
3e32c2ce08a2f07dd027ff86446af6d8  hibernate3-ejb-persistence-3.0-api-3.2.1-1jpp.ep1.1.src.rpm
3b350d7de3b713a06221d2edb18abbc4  hibernate3-entitymanager-3.2.1-1jpp.ep1.5.src.rpm
ff1beb2147c7a5aad8e64de2b83ba0aa  jacorb-2.3.0-1jpp.ep1.1.src.rpm
15e5b40fbc9f3e41dbf0b74cdf7b0017  jboss-aop-1.5.5-0jpp.ep1.2.1.src.rpm
c638e8e39f4524bfddbf07c914024c0b  jboss-cache-1.4.1-1.SP3.1jpp.ep1.1.src.rpm
d56036f4b74525ae351030f4c1a8eb9a  jboss-remoting-2.2.2-1jpp.ep1.4.src.rpm
0c5d62cc1e37bb8dd47b2e17b96b7149  jboss-seam-1.2.1-1.ep1.2.src.rpm
862809bc4e78e5a8777c0c31fcd3a555  jboss-serialization-1.0.3-1jpp.ep1.3.src.rpm
d137454d4f562778a0cfd9475ed3bbf0  jbossas-4.2.0-2.CP01.ep1.4.src.rpm
cba7829b13f79de64b4cbd0422acbaa2  jbossweb-2.0.0-2.CP01.0jpp.ep1.4.src.rpm
16a51b52b0d53b65d474c1c104c125e9  jbossxb-1.0.0-1.CP01.0jpp.ep1.1.src.rpm
92c34a206cecaf59e62d7a3eb38fdc1f  jcommon-0.9.7-1jpp.el4ep1.1.src.rpm
d474fd5e30d873738eec028c88164bab  jfreechart-0.9.21-2jpp.el4ep1.1.src.rpm
723a3f1afb218740be1f5d782e80cc25  rh-eap-docs-4.2.0-2.CP01.ep1.2.src.rpm

noarch:
9603b96542df9e138e252ee5a701aed4  berkeleydb-2.0.90-1jpp.ep1.1.noarch.rpm
379f1308aa47160a341c35e9bf45aa65  hibernate3-annotations-3.2.1-1.patch01.1jpp.ep1.2.noarch.rpm
5e39db41c091e098c95edd53c94d3c2d  hibernate3-annotations-javadoc-3.2.1-1.patch01.1jpp.ep1.2.noarch.rpm
53896bfbb3bb3f874e160e237b30e2ca  hibernate3-ejb-persistence-3.0-api-3.2.1-1jpp.ep1.1.noarch.rpm
c54b366b96e62fee6ea225d802c0e3d2  hibernate3-ejb-persistence-3.0-api-javadoc-3.2.1-1jpp.ep1.1.noarch.rpm
8635620bce0bef87a8256ec82577f804  hibernate3-entitymanager-3.2.1-1jpp.ep1.5.noarch.rpm
11076de6fc94fe5fc92ededfa22b46a6  hibernate3-entitymanager-javadoc-3.2.1-1jpp.ep1.5.noarch.rpm
05b568ffc52cefb9abad01678b8cd7ef  jacorb-2.3.0-1jpp.ep1.1.noarch.rpm
75f791f3a359dac015d7159e1fdee9ce  jboss-aop-1.5.5-0jpp.ep1.2.1.noarch.rpm
dc933213e3041cbe05a61685913b234b  jboss-cache-1.4.1-1.SP3.1jpp.ep1.1.noarch.rpm
30d63ec755235f595dd4fc8207926fa7  jboss-remoting-2.2.2-1jpp.ep1.4.noarch.rpm
63b040353b821f8cbc5ccd186cd4d792  jboss-seam-1.2.1-1.ep1.2.noarch.rpm
5543500f72d98d57105e45e33f227fea  jboss-seam-docs-1.2.1-1.ep1.2.noarch.rpm
6b3266b5951ed27bedf610e47c619bb1  jboss-serialization-1.0.3-1jpp.ep1.3.noarch.rpm
672f485649dcfbb7a2720939a946893b  jbossas-4.2.0-2.CP01.ep1.4.noarch.rpm
fb3cc11b0a1719c625820d63c3eb0d5d  jbossweb-2.0.0-2.CP01.0jpp.ep1.4.noarch.rpm
3a03da161c9148892c706332f97cc53d  jbossxb-1.0.0-1.CP01.0jpp.ep1.1.noarch.rpm
ec2d3af5e0a2dbc092e334444d31f2f4  jcommon-0.9.7-1jpp.el4ep1.1.noarch.rpm
e064470349b6cc22b1ce1a5bb0b91034  jfreechart-0.9.21-2jpp.el4ep1.1.noarch.rpm
18e8c6084efaa0be97865e3f97b13db2  rh-eap-docs-4.2.0-2.CP01.ep1.2.noarch.rpm

Red Hat Application Stack v2 for Enterprise Linux (v.5):

SRPMS:
1364824c1ee97e7f0fcb241328e9df69  berkeleydb-2.0.90-1jpp.ep1.1.el5.src.rpm
40d5faea59fd9e5f9436fd45523c8070  bsh2-2.0-0.b4.1jpp.ep1.1.el5.src.rpm
8f6f712b7a2253f1d6b29ae35f8b7c94  hibernate3-annotations-3.2.1-1.patch01.1jpp.ep1.3.el5.src.rpm
9cdd12f342aa59b7107739ee4d8705be  hibernate3-ejb-persistence-3.0-api-3.2.1-1jpp.ep1.1.el5.src.rpm
aae323eb86189e960036688084c3fe44  hibernate3-entitymanager-3.2.1-1jpp.ep1.5.el5.src.rpm
8fbbf0b14100f6321d390b8778ef4c1e  jboss-cache-1.4.1-1.SP3.1jpp.ep1.1.el5.src.rpm
ce29506939a744277b93b37c7dafec83  jboss-remoting-2.2.2-1jpp.ep1.5.el5.src.rpm
e563128ec97b2be57b56b9997711f36b  jboss-seam-1.2.1-1.ep1.2.el5.src.rpm
60d15223c3215e23627723e5603da12b  jboss-serialization-1.0.3-1jpp.ep1.4.el5.src.rpm
e7f2185315348598788131da1c83dec8  jbossas-4.2.0-2.CP01.ep1.3.el5.src.rpm
d82e72da9bac49c8ba90ab425cbaa894  jbossweb-2.0.0-2.CP01.0jpp.ep1.4.el5.src.rpm
07c5344200f93a07e8e46619a8b0d469  jbossxb-1.0.0-1.CP01.0jpp.ep1.2.el5.src.rpm
854f94d9d2d8816ab556233173e262d2  jcommon-0.9.7-1jpp.ep1.1.el5.src.rpm
61d66b662ef265be93c48a09b30dde4d  jfreechart-0.9.21-2jpp.ep1.1.el5.2.src.rpm
7c8b1e2360100685e1b0ac4b4e05cc26  rh-eap-docs-4.2.0-2.CP01.ep1.2.el5.src.rpm

noarch:
ff70a7c2ece755ce4ce357b484eda115  berkeleydb-2.0.90-1jpp.ep1.1.el5.noarch.rpm
c6ca766ab43cca7b1988989c87c8024e  bsh2-2.0-0.b4.1jpp.ep1.1.el5.noarch.rpm
39220cf779de34db59de5f911dc83fe4  hibernate3-annotations-3.2.1-1.patch01.1jpp.ep1.3.el5.noarch.rpm
38d14e60c80432ae28d64c55df8263f0  hibernate3-annotations-javadoc-3.2.1-1.patch01.1jpp.ep1.3.el5.noarch.rpm
b66229122a3a9c50a738734dc3b52543  hibernate3-ejb-persistence-3.0-api-3.2.1-1jpp.ep1.1.el5.noarch.rpm
96e5571896595832aa0f03d4bdac01d7  hibernate3-ejb-persistence-3.0-api-javadoc-3.2.1-1jpp.ep1.1.el5.noarch.rpm
1f12ab51909c31709d1322a8b425997b  hibernate3-entitymanager-3.2.1-1jpp.ep1.5.el5.noarch.rpm
d084bb0e4cf54d4a2ac3c0a520310dbd  hibernate3-entitymanager-javadoc-3.2.1-1jpp.ep1.5.el5.noarch.rpm
55e29258406c1decddc23793152dd497  jboss-cache-1.4.1-1.SP3.1jpp.ep1.1.el5.noarch.rpm
a836aa273e7af578292fc7327db7c005  jboss-remoting-2.2.2-1jpp.ep1.5.el5.noarch.rpm
37aefe6fa970e840ed69ed5b0169cd92  jboss-seam-1.2.1-1.ep1.2.el5.noarch.rpm
56032018c262062aec27e7909b526e39  jboss-seam-docs-1.2.1-1.ep1.2.el5.noarch.rpm
a1f90135b91310cbbc57dcb983684022  jboss-serialization-1.0.3-1jpp.ep1.4.el5.noarch.rpm
2baed88bbd3d80ca3f9835f50d44dec2  jbossas-4.2.0-2.CP01.ep1.3.el5.noarch.rpm
f0fb7530810ea9edff633c6080b09116  jbossweb-2.0.0-2.CP01.0jpp.ep1.4.el5.noarch.rpm
8aa3b658479515e7caae1eb304c3f6a1  jbossxb-1.0.0-1.CP01.0jpp.ep1.2.el5.noarch.rpm
be2f08599120e22b74e37b360c984348  jcommon-0.9.7-1jpp.ep1.1.el5.noarch.rpm
33366ca9ba0a15acb3d77e884d58675e  jfreechart-0.9.21-2jpp.ep1.1.el5.2.noarch.rpm
6ac949ba8f4dd30894a2260e038c30c8  rh-eap-docs-4.2.0-2.CP01.ep1.2.el5.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385
http://www.redhat.com/docs/manuals/jboss/jboss-eap-4.2.0.cp01/readme.html
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.

RedHat: Moderate: JBoss Enterprise Application Platform

Updated JBoss Enterprise Application Platform packages that fix several security issues and bugs are now available for Red Hat Application Stack v1 and v2

Summary



Summary

The updated packages address the following security vulnerabilities: Tomcat incorrectly treated a single quote character (') in a cookie value as a delimiter. In some circumstances this lead to the leaking of information such as session ID to an attacker (CVE-2007-3382). Tomcat incorrectly handled the character sequence \" in a cookie value. In some circumstances this lead to the leaking of information such as session ID to an attacker (CVE-2007-3385). In addition to these security fixes, this update also fixes several bugs in JBoss Enterprise Application Platform. Please see the referenced release notes for the list of bugs fixed. Users of JBoss Enterprise Application Platform should upgrade to these updated packages which contain fixes to correct these issues. For users of Red Hat Application Stack v1, installation of this errata will automatically bring the system up to V.1.2. Please note the following changes that may affect you: - - Stacks V.1.2 has a new version of JBoss Application Server which requires Java version 1.5 to run. - - Unless the JBOSS_IP variable is explicitly set in the configuration file, JBoss Application Server services are now bound to localhost. - - Unless the JBOSSCONF variable is explicitly set in the configuration file, JBoss Application Server will start with the production config when started via the init script. Refer to the release notes for more information on how to set the JBOSS_IP and JBOSSCONF variables.


Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at
5. Bug IDs fixed (http://bugzilla.redhat.com/):
247972 - CVE-2007-3382 tomcat handling of cookies 247976 - CVE-2007-3385 tomcat handling of cookie values
6. RPMs required:
Red Hat Application Stack v1 for Enterprise Linux AS (v.4):
SRPMS: 3e6d36d2288f3119b14d0e3dd25599c9 berkeleydb-2.0.90-1jpp.ep1.1.src.rpm c45bea49f9a9460400a2da68565b49cb hibernate3-annotations-3.2.1-1.patch01.1jpp.ep1.2.src.rpm 3e32c2ce08a2f07dd027ff86446af6d8 hibernate3-ejb-persistence-3.0-api-3.2.1-1jpp.ep1.1.src.rpm 3b350d7de3b713a06221d2edb18abbc4 hibernate3-entitymanager-3.2.1-1jpp.ep1.5.src.rpm ff1beb2147c7a5aad8e64de2b83ba0aa jacorb-2.3.0-1jpp.ep1.1.src.rpm 15e5b40fbc9f3e41dbf0b74cdf7b0017 jboss-aop-1.5.5-0jpp.ep1.2.1.src.rpm c638e8e39f4524bfddbf07c914024c0b jboss-cache-1.4.1-1.SP3.1jpp.ep1.1.src.rpm d56036f4b74525ae351030f4c1a8eb9a jboss-remoting-2.2.2-1jpp.ep1.4.src.rpm 0c5d62cc1e37bb8dd47b2e17b96b7149 jboss-seam-1.2.1-1.ep1.2.src.rpm 862809bc4e78e5a8777c0c31fcd3a555 jboss-serialization-1.0.3-1jpp.ep1.3.src.rpm d137454d4f562778a0cfd9475ed3bbf0 jbossas-4.2.0-2.CP01.ep1.4.src.rpm cba7829b13f79de64b4cbd0422acbaa2 jbossweb-2.0.0-2.CP01.0jpp.ep1.4.src.rpm 16a51b52b0d53b65d474c1c104c125e9 jbossxb-1.0.0-1.CP01.0jpp.ep1.1.src.rpm 92c34a206cecaf59e62d7a3eb38fdc1f jcommon-0.9.7-1jpp.el4ep1.1.src.rpm d474fd5e30d873738eec028c88164bab jfreechart-0.9.21-2jpp.el4ep1.1.src.rpm 723a3f1afb218740be1f5d782e80cc25 rh-eap-docs-4.2.0-2.CP01.ep1.2.src.rpm
noarch: 9603b96542df9e138e252ee5a701aed4 berkeleydb-2.0.90-1jpp.ep1.1.noarch.rpm 379f1308aa47160a341c35e9bf45aa65 hibernate3-annotations-3.2.1-1.patch01.1jpp.ep1.2.noarch.rpm 5e39db41c091e098c95edd53c94d3c2d hibernate3-annotations-javadoc-3.2.1-1.patch01.1jpp.ep1.2.noarch.rpm 53896bfbb3bb3f874e160e237b30e2ca hibernate3-ejb-persistence-3.0-api-3.2.1-1jpp.ep1.1.noarch.rpm c54b366b96e62fee6ea225d802c0e3d2 hibernate3-ejb-persistence-3.0-api-javadoc-3.2.1-1jpp.ep1.1.noarch.rpm 8635620bce0bef87a8256ec82577f804 hibernate3-entitymanager-3.2.1-1jpp.ep1.5.noarch.rpm 11076de6fc94fe5fc92ededfa22b46a6 hibernate3-entitymanager-javadoc-3.2.1-1jpp.ep1.5.noarch.rpm 05b568ffc52cefb9abad01678b8cd7ef jacorb-2.3.0-1jpp.ep1.1.noarch.rpm 75f791f3a359dac015d7159e1fdee9ce jboss-aop-1.5.5-0jpp.ep1.2.1.noarch.rpm dc933213e3041cbe05a61685913b234b jboss-cache-1.4.1-1.SP3.1jpp.ep1.1.noarch.rpm 30d63ec755235f595dd4fc8207926fa7 jboss-remoting-2.2.2-1jpp.ep1.4.noarch.rpm 63b040353b821f8cbc5ccd186cd4d792 jboss-seam-1.2.1-1.ep1.2.noarch.rpm 5543500f72d98d57105e45e33f227fea jboss-seam-docs-1.2.1-1.ep1.2.noarch.rpm 6b3266b5951ed27bedf610e47c619bb1 jboss-serialization-1.0.3-1jpp.ep1.3.noarch.rpm 672f485649dcfbb7a2720939a946893b jbossas-4.2.0-2.CP01.ep1.4.noarch.rpm fb3cc11b0a1719c625820d63c3eb0d5d jbossweb-2.0.0-2.CP01.0jpp.ep1.4.noarch.rpm 3a03da161c9148892c706332f97cc53d jbossxb-1.0.0-1.CP01.0jpp.ep1.1.noarch.rpm ec2d3af5e0a2dbc092e334444d31f2f4 jcommon-0.9.7-1jpp.el4ep1.1.noarch.rpm e064470349b6cc22b1ce1a5bb0b91034 jfreechart-0.9.21-2jpp.el4ep1.1.noarch.rpm 18e8c6084efaa0be97865e3f97b13db2 rh-eap-docs-4.2.0-2.CP01.ep1.2.noarch.rpm
Red Hat Application Stack v1 for Enterprise Linux ES (v.4):
SRPMS: 3e6d36d2288f3119b14d0e3dd25599c9 berkeleydb-2.0.90-1jpp.ep1.1.src.rpm c45bea49f9a9460400a2da68565b49cb hibernate3-annotations-3.2.1-1.patch01.1jpp.ep1.2.src.rpm 3e32c2ce08a2f07dd027ff86446af6d8 hibernate3-ejb-persistence-3.0-api-3.2.1-1jpp.ep1.1.src.rpm 3b350d7de3b713a06221d2edb18abbc4 hibernate3-entitymanager-3.2.1-1jpp.ep1.5.src.rpm ff1beb2147c7a5aad8e64de2b83ba0aa jacorb-2.3.0-1jpp.ep1.1.src.rpm 15e5b40fbc9f3e41dbf0b74cdf7b0017 jboss-aop-1.5.5-0jpp.ep1.2.1.src.rpm c638e8e39f4524bfddbf07c914024c0b jboss-cache-1.4.1-1.SP3.1jpp.ep1.1.src.rpm d56036f4b74525ae351030f4c1a8eb9a jboss-remoting-2.2.2-1jpp.ep1.4.src.rpm 0c5d62cc1e37bb8dd47b2e17b96b7149 jboss-seam-1.2.1-1.ep1.2.src.rpm 862809bc4e78e5a8777c0c31fcd3a555 jboss-serialization-1.0.3-1jpp.ep1.3.src.rpm d137454d4f562778a0cfd9475ed3bbf0 jbossas-4.2.0-2.CP01.ep1.4.src.rpm cba7829b13f79de64b4cbd0422acbaa2 jbossweb-2.0.0-2.CP01.0jpp.ep1.4.src.rpm 16a51b52b0d53b65d474c1c104c125e9 jbossxb-1.0.0-1.CP01.0jpp.ep1.1.src.rpm 92c34a206cecaf59e62d7a3eb38fdc1f jcommon-0.9.7-1jpp.el4ep1.1.src.rpm d474fd5e30d873738eec028c88164bab jfreechart-0.9.21-2jpp.el4ep1.1.src.rpm 723a3f1afb218740be1f5d782e80cc25 rh-eap-docs-4.2.0-2.CP01.ep1.2.src.rpm
noarch: 9603b96542df9e138e252ee5a701aed4 berkeleydb-2.0.90-1jpp.ep1.1.noarch.rpm 379f1308aa47160a341c35e9bf45aa65 hibernate3-annotations-3.2.1-1.patch01.1jpp.ep1.2.noarch.rpm 5e39db41c091e098c95edd53c94d3c2d hibernate3-annotations-javadoc-3.2.1-1.patch01.1jpp.ep1.2.noarch.rpm 53896bfbb3bb3f874e160e237b30e2ca hibernate3-ejb-persistence-3.0-api-3.2.1-1jpp.ep1.1.noarch.rpm c54b366b96e62fee6ea225d802c0e3d2 hibernate3-ejb-persistence-3.0-api-javadoc-3.2.1-1jpp.ep1.1.noarch.rpm 8635620bce0bef87a8256ec82577f804 hibernate3-entitymanager-3.2.1-1jpp.ep1.5.noarch.rpm 11076de6fc94fe5fc92ededfa22b46a6 hibernate3-entitymanager-javadoc-3.2.1-1jpp.ep1.5.noarch.rpm 05b568ffc52cefb9abad01678b8cd7ef jacorb-2.3.0-1jpp.ep1.1.noarch.rpm 75f791f3a359dac015d7159e1fdee9ce jboss-aop-1.5.5-0jpp.ep1.2.1.noarch.rpm dc933213e3041cbe05a61685913b234b jboss-cache-1.4.1-1.SP3.1jpp.ep1.1.noarch.rpm 30d63ec755235f595dd4fc8207926fa7 jboss-remoting-2.2.2-1jpp.ep1.4.noarch.rpm 63b040353b821f8cbc5ccd186cd4d792 jboss-seam-1.2.1-1.ep1.2.noarch.rpm 5543500f72d98d57105e45e33f227fea jboss-seam-docs-1.2.1-1.ep1.2.noarch.rpm 6b3266b5951ed27bedf610e47c619bb1 jboss-serialization-1.0.3-1jpp.ep1.3.noarch.rpm 672f485649dcfbb7a2720939a946893b jbossas-4.2.0-2.CP01.ep1.4.noarch.rpm fb3cc11b0a1719c625820d63c3eb0d5d jbossweb-2.0.0-2.CP01.0jpp.ep1.4.noarch.rpm 3a03da161c9148892c706332f97cc53d jbossxb-1.0.0-1.CP01.0jpp.ep1.1.noarch.rpm ec2d3af5e0a2dbc092e334444d31f2f4 jcommon-0.9.7-1jpp.el4ep1.1.noarch.rpm e064470349b6cc22b1ce1a5bb0b91034 jfreechart-0.9.21-2jpp.el4ep1.1.noarch.rpm 18e8c6084efaa0be97865e3f97b13db2 rh-eap-docs-4.2.0-2.CP01.ep1.2.noarch.rpm
Red Hat Application Stack v2 for Enterprise Linux (v.5):
SRPMS: 1364824c1ee97e7f0fcb241328e9df69 berkeleydb-2.0.90-1jpp.ep1.1.el5.src.rpm 40d5faea59fd9e5f9436fd45523c8070 bsh2-2.0-0.b4.1jpp.ep1.1.el5.src.rpm 8f6f712b7a2253f1d6b29ae35f8b7c94 hibernate3-annotations-3.2.1-1.patch01.1jpp.ep1.3.el5.src.rpm 9cdd12f342aa59b7107739ee4d8705be hibernate3-ejb-persistence-3.0-api-3.2.1-1jpp.ep1.1.el5.src.rpm aae323eb86189e960036688084c3fe44 hibernate3-entitymanager-3.2.1-1jpp.ep1.5.el5.src.rpm 8fbbf0b14100f6321d390b8778ef4c1e jboss-cache-1.4.1-1.SP3.1jpp.ep1.1.el5.src.rpm ce29506939a744277b93b37c7dafec83 jboss-remoting-2.2.2-1jpp.ep1.5.el5.src.rpm e563128ec97b2be57b56b9997711f36b jboss-seam-1.2.1-1.ep1.2.el5.src.rpm 60d15223c3215e23627723e5603da12b jboss-serialization-1.0.3-1jpp.ep1.4.el5.src.rpm e7f2185315348598788131da1c83dec8 jbossas-4.2.0-2.CP01.ep1.3.el5.src.rpm d82e72da9bac49c8ba90ab425cbaa894 jbossweb-2.0.0-2.CP01.0jpp.ep1.4.el5.src.rpm 07c5344200f93a07e8e46619a8b0d469 jbossxb-1.0.0-1.CP01.0jpp.ep1.2.el5.src.rpm 854f94d9d2d8816ab556233173e262d2 jcommon-0.9.7-1jpp.ep1.1.el5.src.rpm 61d66b662ef265be93c48a09b30dde4d jfreechart-0.9.21-2jpp.ep1.1.el5.2.src.rpm 7c8b1e2360100685e1b0ac4b4e05cc26 rh-eap-docs-4.2.0-2.CP01.ep1.2.el5.src.rpm
noarch: ff70a7c2ece755ce4ce357b484eda115 berkeleydb-2.0.90-1jpp.ep1.1.el5.noarch.rpm c6ca766ab43cca7b1988989c87c8024e bsh2-2.0-0.b4.1jpp.ep1.1.el5.noarch.rpm 39220cf779de34db59de5f911dc83fe4 hibernate3-annotations-3.2.1-1.patch01.1jpp.ep1.3.el5.noarch.rpm 38d14e60c80432ae28d64c55df8263f0 hibernate3-annotations-javadoc-3.2.1-1.patch01.1jpp.ep1.3.el5.noarch.rpm b66229122a3a9c50a738734dc3b52543 hibernate3-ejb-persistence-3.0-api-3.2.1-1jpp.ep1.1.el5.noarch.rpm 96e5571896595832aa0f03d4bdac01d7 hibernate3-ejb-persistence-3.0-api-javadoc-3.2.1-1jpp.ep1.1.el5.noarch.rpm 1f12ab51909c31709d1322a8b425997b hibernate3-entitymanager-3.2.1-1jpp.ep1.5.el5.noarch.rpm d084bb0e4cf54d4a2ac3c0a520310dbd hibernate3-entitymanager-javadoc-3.2.1-1jpp.ep1.5.el5.noarch.rpm 55e29258406c1decddc23793152dd497 jboss-cache-1.4.1-1.SP3.1jpp.ep1.1.el5.noarch.rpm a836aa273e7af578292fc7327db7c005 jboss-remoting-2.2.2-1jpp.ep1.5.el5.noarch.rpm 37aefe6fa970e840ed69ed5b0169cd92 jboss-seam-1.2.1-1.ep1.2.el5.noarch.rpm 56032018c262062aec27e7909b526e39 jboss-seam-docs-1.2.1-1.ep1.2.el5.noarch.rpm a1f90135b91310cbbc57dcb983684022 jboss-serialization-1.0.3-1jpp.ep1.4.el5.noarch.rpm 2baed88bbd3d80ca3f9835f50d44dec2 jbossas-4.2.0-2.CP01.ep1.3.el5.noarch.rpm f0fb7530810ea9edff633c6080b09116 jbossweb-2.0.0-2.CP01.0jpp.ep1.4.el5.noarch.rpm 8aa3b658479515e7caae1eb304c3f6a1 jbossxb-1.0.0-1.CP01.0jpp.ep1.2.el5.noarch.rpm be2f08599120e22b74e37b360c984348 jcommon-0.9.7-1jpp.ep1.1.el5.noarch.rpm 33366ca9ba0a15acb3d77e884d58675e jfreechart-0.9.21-2jpp.ep1.1.el5.2.noarch.rpm 6ac949ba8f4dd30894a2260e038c30c8 rh-eap-docs-4.2.0-2.CP01.ep1.2.el5.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385 http://www.redhat.com/docs/manuals/jboss/jboss-eap-4.2.0.cp01/readme.html http://www.redhat.com/security/updates/classification/#moderate

Package List


Severity
Advisory ID: RHSA-2007:0950-01
Advisory URL: https://access.redhat.com/errata/RHSA-2007:0950.html
Issued Date: : 2007-11-05
Updated on: 2007-11-05
Product: Red Hat Application Stack
CVE Names: CVE-2007-3382 CVE-2007-3385 Updated JBoss Enterprise Application Platform packages that fix several security issues and bugs are now available for Red Hat Application Stack v1 and v2. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Topic


Topic


 

Relevant Releases Architectures

Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - noarch

Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - noarch

Red Hat Application Stack v2 for Enterprise Linux (v.5) - noarch


Bugs Fixed


Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved