-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Low: Red Hat JBoss Enterprise Application Platform 7.4 security update
Advisory ID:       RHSA-2021:5140-01
Product:           Red Hat JBoss Enterprise Application Platform
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:5140
Issue date:        2021-12-15
CVE Names:         CVE-2021-44228 
====================================================================
1. Summary:

A security update is now available for Red Hat JBoss Enterprise Application
Platform 7.4.

Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java
applications based on the WildFly application runtime.

This asynchronous patch is a security update for Red Hat JBoss Enterprise
Application Platform 7.4.

Security Fix(es):

* log4j-core: Remote code execution in Log4j 2.x when logs contain an
attacker-controlled string value (CVE-2021-44228)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, see the CVE page(s) listed in the
References section.

3. Solution:

Before applying this update, back up your existing Red Hat JBoss Enterprise
Application Platform installation and deployed applications.

The References section of this erratum contains a download link (you must
log in to download the update).

4. Bugs fixed (https://bugzilla.redhat.com/):

2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value

5. References:

https://access.redhat.com/security/cve/CVE-2021-44228
https://access.redhat.com/security/updates/classification/#low
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=7.4
https://access.redhat.com/solutions/6577421
https://access.redhat.com/security/vulnerabilities/RHSB-2021-009
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYbmdF9zjgjWX9erEAQg7Bg//QTWXVl6Au/rNu96FO/u13bKZFX6Rj1Ev
6q++z9GpMumsxMxpXAkNGLk8rsB23XXC0gnOJjP8u0cZ+qN9l+Z1KG25bvJywm8t
VrRcwsxlvxzOODp8ongvkJ20rARAHEyMtSjTy/NkSNiZUBHWTqw0u7LDwaaO+r8T
fEmRC3t4GJ1gUiqjMeLWjpi7bvl4GcXDHD+Jbf4a10PHYZAC5I0Oh4j/DJYH31CT
cbKOd4CCiuERnbR1Y/ZCWNxpgonwCD12Q+bXbmTc+/oGW0zmqI5OwXgy2w56yCdy
EYXUfPK2e0EoFCcQxa4yC2YmRS6VRix1KYLy5XKaHFaV4RRqkbsL2yDCr4/EUeRy
a7jeJK7wcbpbR0iKijQJuF00+pqpOmBn5sqV5P+IUyD7Iwt6C5OqsRinLS6OWP7D
85iS55Vf7bY8ZLvz8x7v3IsFx6vuLV6YD8S504oKrX5aQI/pUYz9XVH7hMAlhFdB
wlETMdxdk6oiEpPwi9/DBse0/aFGLuXW9vDD5X6BzW9ZZs+cpyJGtWH6ep5lVear
Fi4N7Easy+iT/K8g9tJOiTy9O2SIr5S2AJvmu7j9YqXtm2qOPuY8U8FjaXXFVDgF
maPElBFrg9V46XaBp1IQXH3UZ6869nP9XMt2kh8rCm3zHbA6R5kzaXW93hbzKJcl
abX8PaJHiOs=v55Q
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com

RedHat: RHSA-2021-5140:04 Low: Red Hat JBoss Enterprise Application

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4

Summary

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.
Security Fix(es):
* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.



Summary


Solution

Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.
The References section of this erratum contains a download link (you must log in to download the update).

References

https://access.redhat.com/security/cve/CVE-2021-44228 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=7.4 https://access.redhat.com/solutions/6577421 https://access.redhat.com/security/vulnerabilities/RHSB-2021-009 https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/

Package List


Severity
Advisory ID: RHSA-2021:5140-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2021:5140
Issued Date: : 2021-12-15
CVE Names: CVE-2021-44228

Topic

A security update is now available for Red Hat JBoss Enterprise ApplicationPlatform 7.4.Red Hat Product Security has rated this update as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures


Bugs Fixed

2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value


Related News

Parrot OS 6.3: Elevating Security with Enhanced Features & Tools
3 - 5 min read
Parrot OS 6.3 has just arrived , bringing crucial updates that security admins should note. This latest version of the popular secure Linux
Linux Kernel 6.14 Released: Top Security Features You Need to Know
3 - 6 min read
With the release of Linux kernel 6.14 , admins and Linux users have many new features and enhancements to look forward to - especially in the realm
Don
2 - 4 min read
Google recently issued a crucial Chrome update that those using a version of the browser prior to version 132.0.6834.110 should implement
Intel Brings Next-Level Security to Linux with Partner Security Engine
3 - 6 min read
Intel recently introduced a game-changer in hardware security with its new Partner Security Engine integrated into the Core Ultra Series 2. This
A Tiny Linux Kernel Tweak with Massive Implications for Datacenter Efficiency
3 - 6 min read
In a groundbreaking development, security researchers have introduced a small but mighty tweak to the Linux kernel that promises to cut data center
Best Practices for Securing Linux Systems Against Malicious Bots
3 - 6 min read
Linux systems have long been an indispensable asset to businesses and individuals alike. From running servers and cloud infrastructure to powering
Securing Open-Source Projects with Automated Testing on Linux
4 - 7 min read
Open-source project security testing focuses on many components, ensuring there are no safety vulnerabilities. These components include physical
KaOS Linux 2025.01: Merging Security with Practicality
3 - 6 min read
As the realm of Linux distribution expands, security admins find themselves faced with choosing a system that fits operational needs and upholds

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved