(RHSA-2012:1376) Low: jboss-ec2-eap security update

jboss-ec2-eap provides JBoss Operations Network (JBoss ON) scripts for
JBoss Enterprise Application Platform running on the Amazon Web
Services (AWS) Elastic Compute Cloud (EC2).

It was found that the “/var/cache/jboss-ec2-eap/” directory had world
readable permissions when using the EC2 AMI (Amazon Machine Image) for
JBoss Enterprise Application Platform 5.1.2 on Red Hat Enterprise Linux
6. A local attacker could use this flaw to read potentially sensitive
information from this directory, such as Amazon Web Services (AWS)
credentials. (CVE-2012-3427)

Note: This flaw only affected the EC2 AMI for JBoss Enterprise Application
Platform 5.1.2.

This issue was discovered by Aleksandar Kostadinov of the Red Hat QE Team.

Warning: Before applying this update, back up your JBoss Enterprise
Application Platform’s “server/[PROFILE]/deploy/” directory, along with all
other customized configuration files.

Users of JBoss Enterprise Application Platform 5.1.2 on Red Hat Enterprise
Linux 6 running on EC2 should upgrade to this updated package, which
corrects this issue. The JBoss server process must be restarted for this
update to take effect.