Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2016:2604
HistoryNov 25, 2016 - 4:02 p.m.

resteasy security update

2016-11-2516:02:08
CentOS Project
lists.centos.org
42

0.005 Low

EPSS

Percentile

76.6%

JSON

CentOS Errata and Security Advisory CESA-2016:2604

RESTEasy contains a JBoss project that provides frameworks to help build RESTful Web Services and RESTful Java applications. It is a fully certified and portable implementation of the JAX-RS specification.

Security Fix(es):

  • It was discovered that under certain conditions RESTEasy could be forced to parse a request with SerializableProvider, resulting in deserialization of potentially untrusted data. An attacker could possibly use this flaw to execute arbitrary code with the permissions of the application using RESTEasy. (CVE-2016-7050)

Red Hat would like to thank Mikhail Egorov (Odin) for reporting this issue.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2016-November/029922.html

Affected packages:
resteasy-base
resteasy-base-atom-provider
resteasy-base-client
resteasy-base-jackson-provider
resteasy-base-javadoc
resteasy-base-jaxb-provider
resteasy-base-jaxrs
resteasy-base-jaxrs-all
resteasy-base-jaxrs-api
resteasy-base-jettison-provider
resteasy-base-providers-pom
resteasy-base-resteasy-pom
resteasy-base-tjws

Upstream details at:
https://access.redhat.com/errata/RHSA-2016:2604

OSVersionArchitecturePackageVersionFilename
CentOS7noarchresteasy-base< 3.0.6-4.el7resteasy-base-3.0.6-4.el7.noarch.rpm
CentOS7noarchresteasy-base-atom-provider< 3.0.6-4.el7resteasy-base-atom-provider-3.0.6-4.el7.noarch.rpm
CentOS7noarchresteasy-base-client< 3.0.6-4.el7resteasy-base-client-3.0.6-4.el7.noarch.rpm
CentOS7noarchresteasy-base-jackson-provider< 3.0.6-4.el7resteasy-base-jackson-provider-3.0.6-4.el7.noarch.rpm
CentOS7noarchresteasy-base-javadoc< 3.0.6-4.el7resteasy-base-javadoc-3.0.6-4.el7.noarch.rpm
CentOS7noarchresteasy-base-jaxb-provider< 3.0.6-4.el7resteasy-base-jaxb-provider-3.0.6-4.el7.noarch.rpm
CentOS7noarchresteasy-base-jaxrs< 3.0.6-4.el7resteasy-base-jaxrs-3.0.6-4.el7.noarch.rpm
CentOS7noarchresteasy-base-jaxrs-all< 3.0.6-4.el7resteasy-base-jaxrs-all-3.0.6-4.el7.noarch.rpm
CentOS7noarchresteasy-base-jaxrs-api< 3.0.6-4.el7resteasy-base-jaxrs-api-3.0.6-4.el7.noarch.rpm
CentOS7noarchresteasy-base-jettison-provider< 3.0.6-4.el7resteasy-base-jettison-provider-3.0.6-4.el7.noarch.rpm
Rows per page:
1-10 of 131

Related

redhatcve 1
nessus 5
mageia 1
oraclelinux 1
cvelist 1
prion 1
openvas 3
redhat 1
debiancve 1
cve 1
ubuntucve 1
redhatcve
redhatcve
CVE-2016-7050
2016-12-15 20:20:11
nessus
nessus
Scientific Linux Security Update : resteasy-base on SL7.x (noarch) (20161103)
2016-12-15 00:00:00
CentOS 7 : resteasy-base (CESA-2016:2604)
2016-11-28 00:00:00
Oracle Linux 7 : resteasy-base (ELSA-2016-2604)
2016-11-11 00:00:00
mageia
mageia
Updated resteasy packages fix security vulnerability
2016-11-17 19:37:05
oraclelinux
oraclelinux
resteasy-base security and bug fix update
2016-11-09 00:00:00
cvelist
cvelist
CVE-2016-7050
2017-06-08 19:00:00
prion
prion
Code injection
2017-06-08 19:29:00
openvas
openvas
RedHat Update for resteasy-base RHSA-2016:2604-02
2016-11-04 00:00:00
Huawei EulerOS: Security Advisory for resteasy-base (EulerOS-SA-2016-1057)
2020-01-23 00:00:00
Mageia: Security Advisory (MGASA-2016-0382)
2022-01-28 00:00:00
redhat
redhat
(RHSA-2016:2604) Important: resteasy-base security and bug fix update
2016-11-03 06:07:16
debiancve
debiancve
CVE-2016-7050
2017-06-08 19:29:00
cve
cve
CVE-2016-7050
2017-06-08 19:29:00
ubuntucve
ubuntucve
CVE-2016-7050
2017-06-08 00:00:00

0.005 Low

EPSS

Percentile

76.6%

JSON
Related for CESA-2016:2604
redhatcve1nessus5mageia1oraclelinux1cvelist1prion1openvas3redhat1debiancve1cve1ubuntucve1