Description:

Red Hat has released security updates to address multiple vulnerabilities in the following products:

• JBoss Enterprise Application Platform 7.3 for RHEL 8 x86_64
• JBoss Enterprise Application Platform 7.3 for RHEL 7 x86_64
• JBoss Enterprise Application Platform 7.3 for RHEL 6 x86_64
• JBoss Enterprise Application Platform Text-Only Advisories x86_64
• Apache HTTP Server 2.4.37 SP5
  • Red Hat JBoss Core Services Text-Only Advisories x86_64
  • Red Hat JBoss Core Services 1 for RHEL 7 x86_64
  • Red Hat JBoss Core Services 1 for RHEL 6 x86_64
  • Red Hat JBoss Core Services 1 for RHEL 6 i386
• openstack-cinder
  • Red Hat OpenStack 16.1 x86_64
  • Red Hat OpenStack for IBM Power 16.1 ppc64le
  • Cinderlib 16.1 x86_64
  • Cinderlib for IBM Power LE 16.1 ppc64le
  • Red Hat OpenStack 13 x86_64
  • Red Hat OpenStack for IBM Power 13 ppc64le
• openstack-selinux
  • Red Hat OpenStack 16.1 x86_64
  • Red Hat OpenStack for IBM Power 16.1 ppc64le
  • Red Hat OpenStack Director Deployment Tools 16.1 x86_64
  • Red Hat OpenStack Director Deployment Tools for IBM Power LE 16.1 ppc64le
• python-django
  • Red Hat OpenStack 13 x86_64
  • Red Hat OpenStack for IBM Power 13 ppc64le

Threats:

Attacker could exploit these vulnerabilities by doing the following:

• Disclosure of information
• Denial of service (DoS)
• XML external entity (XXE) attack
• SQL injection

Best practice and Recommendations:

The CERT team encourages users to review Red Hat security advisory and apply the necessary updates:

• https://access.redhat.com/errata/RHSA-2020:4283
• https://access.redhat.com/errata/RHSA-2020:4381
• https://access.redhat.com/errata/RHSA-2020:4383
• https://access.redhat.com/errata/RHSA-2020:4384
• https://access.redhat.com/errata/RHSA-2020:4390
• https://access.redhat.com/errata/RHSA-2020:4391
• https://access.redhat.com/errata/RHSA-2020:4401
• https://access.redhat.com/errata/RHSA-2020:4402