-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat JBoss Enterprise Application Platform 7.4.9 XP 4.0.0.GA Security release
Advisory ID:       RHSA-2023:0756-01
Product:           Red Hat JBoss Enterprise Application Platform
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0756
Issue date:        2023-02-14
CVE Names:         CVE-2021-0341 CVE-2022-47629 
=====================================================================

1. Summary:

JBoss EAP XP 4.0.0.GA Security release on the EAP 7.4.9 base. See
references for release notes.
Red Hat Product Security has rated this update as having a security impact
of
Important. A Common Vulnerability Scoring System (CVSS) base score, which
gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

2. Description:

This is a cumulative patch release zip for the JBoss EAP XP 4.0.0 runtime
distribution for use with EAP 7.4.9.

Security Fix(es):

* libksba: integer overflow to code execution (CVE-2022-47629)

* okhttp: information disclosure via improperly used cryptographic function
(CVE-2021-0341)

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2154086 - CVE-2021-0341 okhttp: information disclosure via improperly used cryptographic function
2161571 - CVE-2022-47629 libksba: integer overflow to code execution

5. JIRA issues fixed (https://issues.jboss.org/):

JBEAP-24408 - EAP XP 4.0.0.GA for EAP 7.4.9

6. References:

https://access.redhat.com/security/cve/CVE-2021-0341
https://access.redhat.com/security/cve/CVE-2022-47629
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/red_hat_jboss_eap_xp_4.0.0_release_notes/
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html/jboss_eap_xp_4.0_upgrade_and_migration_guide/index
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/using_jboss_eap_xp_4.0.0/index

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY+vS39zjgjWX9erEAQgT8g//aLuYwP7xted5GVKPQVWt0BMKviNDUygt
vqaasjwsQlm8QAmKU2UQgZ85GP/GovItewMHHHyTO765v568PQjb7KgNAFpZBWGt
idVuh47fGpUiFWc0fnunToE0HlqsSzzdgb4pzZEGwMrSJuDkP8sNIWkwcJR5sHVA
zV6o0pBYyjnWZLB3tW6L0Kzaseh1rI3TXogyTvqT6L64y06B5qxnr1OHP6QAPmRa
sHsjxlotvSqDnbUN0cWPPhC6QNYEWO0PLOol7DRcNbMlR7887snzaO/2Bgk3Gba6
jxfHW1KMvEYwFWcDuq4mO0X0u7ebYKrGS0CYsQG1MJcqVYrurGXZHPAmkKDVz9+p
Ob97W2a8262vqA88DNzs69Dz6S/NcAPwLLeJ00cMQa3vc4J7wKGsJNNwj6gvBl/q
sXgJUBIlkYmuwzoNPoXR+mepiT6qyW4PrDt3y7SY9Yr2zEv+Nb2pwIA/6V0cgoDC
oySQG/SqUMDZdQzLd18xP6dJornd5GooQqrEJyY6uUCLqE85HQaFbXKcz9yX57IP
6MPN5cRuje9oTvy7j4PAqvxbVPkfgvpYIl3/yGd2vwZEnAG17ll6GOaYzVfTA3Ta
YXyY+gvUxAy1uUU959g9F+Aa07SzNlQBFj1ant+NfbdZBGTP5xyrnQcwSX4gCVPx
rsOwLU04OSM=
=wpU0
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce