(RHSA-2020:2562) Important: EAP Continuous Delivery Technical Preview Release 13 security update

2020-06-15T20:09:25
ID RHSA-2020:2562
Type redhat
Reporter RedHat
Modified 2020-06-15T20:10:17

Description

Red Hat JBoss Enterprise Application Platform CD13 is a platform for Java applications based on the WildFly application runtime.

This release of Red Hat JBoss Enterprise Application Platform CD13 includes bug fixes and enhancements.

Security Fix(es):

  • guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service (CVE-2018-10237)
  • undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993) (CVE-2018-1067)
  • jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries (CVE-2018-7489)
  • wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip) (CVE-2018-10862)
  • undertow: client can use bogus uri in digest authentication (CVE-2017-12196)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.