RHSA-2019:0367

Description

Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update

CVSS Metrics

• v3.0•HIGH•Score: 7.5CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Systems

• redhat•jbcs-httpd24

  < 0:1-6.jbcs.el6 | < 0:1-6.jbcs.el7

• redhat•jbcs-httpd24-apache-commons-daemon-jsvc

  < 1:1.1.0-3.redhat_2.jbcs.el6 | < 1:1.1.0-3.redhat_2.jbcs.el7

• redhat•jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo

  < 1:1.1.0-3.redhat_2.jbcs.el6 | < 1:1.1.0-3.redhat_2.jbcs.el7

• redhat•jbcs-httpd24-apr

  < 0:1.6.3-31.jbcs.el6 | < 0:1.6.3-31.jbcs.el7

• redhat•jbcs-httpd24-apr-debuginfo

  < 0:1.6.3-31.jbcs.el6 | < 0:1.6.3-31.jbcs.el7

• redhat•jbcs-httpd24-apr-devel

  < 0:1.6.3-31.jbcs.el6 | < 0:1.6.3-31.jbcs.el7

• redhat•jbcs-httpd24-apr-util

  < 0:1.6.1-24.jbcs.el6 | < 0:1.6.1-24.jbcs.el7

• redhat•jbcs-httpd24-apr-util-debuginfo

  < 0:1.6.1-24.jbcs.el6 | < 0:1.6.1-24.jbcs.el7

• redhat•jbcs-httpd24-apr-util-devel

  < 0:1.6.1-24.jbcs.el6 | < 0:1.6.1-24.jbcs.el7

• redhat•jbcs-httpd24-apr-util-ldap

  < 0:1.6.1-24.jbcs.el6 | < 0:1.6.1-24.jbcs.el7

• redhat•jbcs-httpd24-apr-util-mysql

  < 0:1.6.1-24.jbcs.el6 | < 0:1.6.1-24.jbcs.el7

• redhat•jbcs-httpd24-apr-util-nss

  < 0:1.6.1-24.jbcs.el6 | < 0:1.6.1-24.jbcs.el7

• redhat•jbcs-httpd24-apr-util-odbc

  < 0:1.6.1-24.jbcs.el6 | < 0:1.6.1-24.jbcs.el7

• redhat•jbcs-httpd24-apr-util-openssl

  < 0:1.6.1-24.jbcs.el6 | < 0:1.6.1-24.jbcs.el7

• redhat•jbcs-httpd24-apr-util-pgsql

  < 0:1.6.1-24.jbcs.el6 | < 0:1.6.1-24.jbcs.el7

• redhat•jbcs-httpd24-apr-util-sqlite

  < 0:1.6.1-24.jbcs.el6 | < 0:1.6.1-24.jbcs.el7

• redhat•jbcs-httpd24-httpd

  < 0:2.4.29-35.jbcs.el6 | < 0:2.4.29-35.jbcs.el7

• redhat•jbcs-httpd24-httpd-debuginfo

  < 0:2.4.29-35.jbcs.el6 | < 0:2.4.29-35.jbcs.el7

• redhat•jbcs-httpd24-httpd-devel

  < 0:2.4.29-35.jbcs.el6 | < 0:2.4.29-35.jbcs.el7

• redhat•jbcs-httpd24-httpd-manual

  < 0:2.4.29-35.jbcs.el6 | < 0:2.4.29-35.jbcs.el7

• redhat•jbcs-httpd24-httpd-selinux

  < 0:2.4.29-35.jbcs.el6 | < 0:2.4.29-35.jbcs.el7

• redhat•jbcs-httpd24-httpd-tools

  < 0:2.4.29-35.jbcs.el6 | < 0:2.4.29-35.jbcs.el7

• redhat•jbcs-httpd24-mod_cluster-native

  < 0:1.3.8-3.Final_redhat_2.jbcs.el6 | < 0:1.3.8-3.Final_redhat_2.jbcs.el7

• redhat•jbcs-httpd24-mod_cluster-native-debuginfo

  < 0:1.3.8-3.Final_redhat_2.jbcs.el6 | < 0:1.3.8-3.Final_redhat_2.jbcs.el7

• redhat•jbcs-httpd24-mod_jk

  < 0:1.2.46-1.redhat_1.jbcs.el6 | < 0:1.2.46-1.redhat_1.jbcs.el7

• redhat•jbcs-httpd24-mod_jk-ap24

  < 0:1.2.46-1.redhat_1.jbcs.el6 | < 0:1.2.46-1.redhat_1.jbcs.el7

• redhat•jbcs-httpd24-mod_jk-debuginfo

  < 0:1.2.46-1.redhat_1.jbcs.el6 | < 0:1.2.46-1.redhat_1.jbcs.el7

• redhat•jbcs-httpd24-mod_jk-manual

  < 0:1.2.46-1.redhat_1.jbcs.el6 | < 0:1.2.46-1.redhat_1.jbcs.el7

• redhat•jbcs-httpd24-mod_ldap

  < 0:2.4.29-35.jbcs.el6 | < 0:2.4.29-35.jbcs.el7

• redhat•jbcs-httpd24-mod_proxy_html

  < 1:2.4.29-35.jbcs.el6 | < 1:2.4.29-35.jbcs.el7

• redhat•jbcs-httpd24-mod_session

  < 0:2.4.29-35.jbcs.el6 | < 0:2.4.29-35.jbcs.el7

• redhat•jbcs-httpd24-mod_ssl

  < 1:2.4.29-35.jbcs.el6 | < 1:2.4.29-35.jbcs.el7

• redhat•jbcs-httpd24-nghttp2

  < 0:1.29.0-9.jbcs.el6 | < 0:1.29.0-9.jbcs.el7

• redhat•jbcs-httpd24-nghttp2-debuginfo

  < 0:1.29.0-9.jbcs.el6 | < 0:1.29.0-9.jbcs.el7

• redhat•jbcs-httpd24-nghttp2-devel

  < 0:1.29.0-9.jbcs.el6 | < 0:1.29.0-9.jbcs.el7

• redhat•jbcs-httpd24-openssl

  < 1:1.0.2n-14.jbcs.el6 | < 1:1.0.2n-14.jbcs.el7

• redhat•jbcs-httpd24-openssl-debuginfo

  < 1:1.0.2n-14.jbcs.el6 | < 1:1.0.2n-14.jbcs.el7

• redhat•jbcs-httpd24-openssl-devel

  < 1:1.0.2n-14.jbcs.el6 | < 1:1.0.2n-14.jbcs.el7

• redhat•jbcs-httpd24-openssl-libs

  < 1:1.0.2n-14.jbcs.el6 | < 1:1.0.2n-14.jbcs.el7

• redhat•jbcs-httpd24-openssl-perl

  < 1:1.0.2n-14.jbcs.el6 | < 1:1.0.2n-14.jbcs.el7

• redhat•jbcs-httpd24-openssl-static

  < 1:1.0.2n-14.jbcs.el6 | < 1:1.0.2n-14.jbcs.el7

• redhat•jbcs-httpd24-runtime

  < 0:1-6.jbcs.el6 | < 0:1-6.jbcs.el7

References (54)

• https://access.redhat.com/errata/RHSA-2019:0367
• https://access.redhat.com/security/updates/classification/#important
• https://bugzilla.redhat.com/show_bug.cgi?id=1560395
• https://bugzilla.redhat.com/show_bug.cgi?id=1560399
• https://bugzilla.redhat.com/show_bug.cgi?id=1560599
• https://bugzilla.redhat.com/show_bug.cgi?id=1560614
• https://bugzilla.redhat.com/show_bug.cgi?id=1560625
• https://bugzilla.redhat.com/show_bug.cgi?id=1560634
• https://bugzilla.redhat.com/show_bug.cgi?id=1560643
• https://bugzilla.redhat.com/show_bug.cgi?id=1561266
• https://bugzilla.redhat.com/show_bug.cgi?id=1565035
• https://bugzilla.redhat.com/show_bug.cgi?id=1605048
• https://bugzilla.redhat.com/show_bug.cgi?id=1633399
• https://bugzilla.redhat.com/show_bug.cgi?id=1645589
• https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_0367.json
• https://access.redhat.com/security/cve/CVE-2017-15710
• https://www.cve.org/CVERecord?id=CVE-2017-15710
• https://nvd.nist.gov/vuln/detail/CVE-2017-15710
• https://httpd.apache.org/security/vulnerabilities_24.html
• https://access.redhat.com/security/cve/CVE-2017-15715
• https://www.cve.org/CVERecord?id=CVE-2017-15715
• https://nvd.nist.gov/vuln/detail/CVE-2017-15715
• https://access.redhat.com/security/cve/CVE-2018-0739
• https://www.cve.org/CVERecord?id=CVE-2018-0739
• https://nvd.nist.gov/vuln/detail/CVE-2018-0739
• https://www.openssl.org/news/secadv/20180327.txt
• https://access.redhat.com/security/cve/CVE-2018-1283
• https://www.cve.org/CVERecord?id=CVE-2018-1283
• https://nvd.nist.gov/vuln/detail/CVE-2018-1283
• https://access.redhat.com/security/cve/CVE-2018-1301
• https://www.cve.org/CVERecord?id=CVE-2018-1301
• https://nvd.nist.gov/vuln/detail/CVE-2018-1301
• https://access.redhat.com/security/cve/CVE-2018-1302
• https://www.cve.org/CVERecord?id=CVE-2018-1302
• https://nvd.nist.gov/vuln/detail/CVE-2018-1302
• https://access.redhat.com/security/cve/CVE-2018-1303
• https://www.cve.org/CVERecord?id=CVE-2018-1303
• https://nvd.nist.gov/vuln/detail/CVE-2018-1303
• https://access.redhat.com/security/cve/CVE-2018-1312
• https://www.cve.org/CVERecord?id=CVE-2018-1312
• https://nvd.nist.gov/vuln/detail/CVE-2018-1312
• https://access.redhat.com/security/cve/CVE-2018-1333
• https://www.cve.org/CVERecord?id=CVE-2018-1333
• https://nvd.nist.gov/vuln/detail/CVE-2018-1333
• https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333
• https://access.redhat.com/security/cve/CVE-2018-11759
• https://www.cve.org/CVERecord?id=CVE-2018-11759
• https://nvd.nist.gov/vuln/detail/CVE-2018-11759
• https://access.redhat.com/security/cve/CVE-2018-11763
• https://www.cve.org/CVERecord?id=CVE-2018-11763
• https://nvd.nist.gov/vuln/detail/CVE-2018-11763
• https://access.redhat.com/security/cve/CVE-2018-1000168
• https://www.cve.org/CVERecord?id=CVE-2018-1000168
• https://nvd.nist.gov/vuln/detail/CVE-2018-1000168