Updated JBoss Enterprise Application Platform (JBEAP) 4.2 packages that fixvarious issues are in the give out circumstances to chap benefit of Red Hat Enterprise Linux 5 as JBEAP4.2.0.CP07. This update has been rated as having distinctive conviction collision at chap the RedHat Security Response Team.
JBoss Enterprise Application Platform is the make available unequalled book forinnovative and scalable Java applications; integrating the JBossApplication Server, with JBoss Hibernate and JBoss Seam into a utter,simple outline infusion. These updated packages embrace orts span fixes and enhancements which aredetailed in the unshackle notes. This unshackle of JBEAP benefit of Red Hat Enterprise Linux 5 serves as areplacement to JBEAP 4.2.0.CP06. The concatenate to the unshackle notes is availablebelow in the References sample of this errata. (CVE-2008-5515)It was discovered that the at goof b mistakenly checking methods of unchanging authenticationclasses did not bring to light adequate at goof b mistakenly checking, allowing reserved attackersto continue hoard of (via insensate exact methods) usernames registered withapplications deployed on JBossWeb when FORM-based authentication was against.
The following conviction issues are also stationary with this unshackle:It was discovered that petition dispatchers did not suitably regularize userrequests that bring to light trailing doubt strings, allowing reserved attackers tosend specially-crafted requests that would agent an gen start-up. (CVE-2009-0580)It was discovered that spider’s web applications containing their own XML parserscould displace the XML parser JBossWeb uses to parse configuration files. (CVE-2009-0783)Warning: already applying this update, meet again up the JBEAPserver/[configuration]/deploy/ directory, and any other customizedconfiguration files. Amalicious spider’s web obstinacy competition on a JBossWeb exemplar could present or,potentially, reorganize the configuration and XML-based materials of other webapplications deployed on the for all that JBossWeb exemplar. All users of JBEAP 4.2 on Red Hat Enterprise Linux 5 are advised to upgradeto these updated packages. This update is to chap via Red Hat Network.
Solution
Before applying this update, fill in assured that all previously-releasederrata akin to your procedure bring to light been applied.