Headline
RHSA-2022:0405: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-3859: undertow: client side invocation timeout raised when calling over HTTP2
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
- Red Hat CodeReady Studio
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-02-02
Updated:
2022-02-02
RHSA-2022:0405 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: Red Hat JBoss Enterprise Application Platform 7.3 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3.
Security Fix(es):
- undertow: client side invocation timeout raised when calling over HTTP2 (CVE-2021-3859)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Affected Products
- JBoss Enterprise Application Platform 7.3 for RHEL 8 x86_64
- JBoss Enterprise Application Platform 7.3 for RHEL 7 x86_64
- JBoss Enterprise Application Platform 7.3 for RHEL 6 x86_64
Fixes
- BZ - 2010378 - CVE-2021-3859 undertow: client side invocation timeout raised when calling over HTTP2
References
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/
- https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/
JBoss Enterprise Application Platform 7.3 for RHEL 8
SRPM
eap7-undertow-2.0.41-2.SP2_redhat_00001.1.el8eap.src.rpm
SHA-256: f3cbac407277c2f672dfce9b58e66afb2222ace221dc32cb1e5dd59935100ca8
x86_64
eap7-undertow-2.0.41-2.SP2_redhat_00001.1.el8eap.noarch.rpm
SHA-256: 690548fd516442d18cfb8989c422d5aa672dea4fcb72edc3d6dcc25d7444edf5
JBoss Enterprise Application Platform 7.3 for RHEL 7
SRPM
eap7-undertow-2.0.41-2.SP2_redhat_00001.1.el7eap.src.rpm
SHA-256: f90462c3063144b7969dd53d370525ad81fc51496d210213ab8df1315281f898
x86_64
eap7-undertow-2.0.41-2.SP2_redhat_00001.1.el7eap.noarch.rpm
SHA-256: b1616d8a45398a163eeea51c16968c1c85e4818141ad60c12feff9ee113dc259
JBoss Enterprise Application Platform 7.3 for RHEL 6
SRPM
eap7-undertow-2.0.41-2.SP2_redhat_00001.1.el6eap.src.rpm
SHA-256: 15893f0ef7c4597dde23883964eff58fe522dd56284233fb4a4459c73e054e14
x86_64
eap7-undertow-2.0.41-2.SP2_redhat_00001.1.el6eap.noarch.rpm
SHA-256: b4bfaae27a7efb4ac242d14405d9348d1e82e231f26d142ca6d7beacb1a109a8
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.