Issued:
2021-08-18
Updated:
2021-08-18

RHSA-2021:3219 - Important: Red Hat JBoss Enterprise Application Platform 7.4 security update

Synopsis

Important: Red Hat JBoss Enterprise Application Platform 7.4 security update

Type/Severity

Security Advisory Important

Topic

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7 and 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.

This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7 and 8.

Security Fix(es):

  • undertow: buffer leak on incoming websocket PONG message may lead to DoS (CVE-2021-3690)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

ProductVersionArch
JBoss Enterprise Application Platform7.4x86_64
JBoss Enterprise Application Platform7.4x86_64

Updated Packages

  • eap7-undertow-2.2.5-2.SP1_redhat_00001.1.el7eap.noarch.rpm
  • eap7-undertow-2.2.5-2.SP1_redhat_00001.1.el8eap.noarch.rpm
  • eap7-undertow-2.2.5-2.SP1_redhat_00001.1.el7eap.src.rpm
  • eap7-undertow-2.2.5-2.SP1_redhat_00001.1.el8eap.src.rpm

Fixes

CVEs

References

Additional information