(RHSA-2018:2277) Important: Red Hat JBoss Enterprise Application Platform 7.1 security update

2018-07-26T19:38:41
ID RHSA-2018:2277
Type redhat
Reporter RedHat
Modified 2018-07-26T19:39:13

Description

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on Wildfly.

This asynchronous patch is a security update for apache-cxf package in Red Hat JBoss Enterprise Application Platform 7.1

Security Fix(es):

  • apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039)

  • wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files. (CVE-2018-10862)