(RHSA-2018:2276) Important: Red Hat JBoss Enterprise Application Platform 7.1 security update

2018-07-26T19:38:36
ID RHSA-2018:2276
Type redhat
Reporter RedHat
Modified 2018-07-26T19:39:45

Description

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on Wildfly.

This asynchronous patch is a security update for wildfly-core and apache-cxf packages in Red Hat JBoss Enterprise Application Platform 7.1

Security Fix(es):

  • apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039)

  • wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files. (CVE-2018-10862)