Description:

Red Hat has released security updates to address vulnerabilities in the following products:

• JBoss Enterprise Application Platform 7.2 for RHEL 6 x86_64
• JBoss Enterprise Application Platform Text-Only Advisories x86_64
• Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.7 x86_64, RHEL 7.6 x86_64, 7.5 x86_64, RHEL 7 x86_64
• Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.7 s390x, RHEL 7.6 s390x, RHEL 7.5 s390x, RHEL 7 s390x
• Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.7 ppc64le, RHEL 7.6 ppc64le, RHEL 7.5 ppc64le, RHEL 7 ppc64le
• Red Hat Software Collections (for RHEL Server for ARM) 1 aarch64
• Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64
• Red Hat Enterprise Linux Server 7 x86_64
• Red Hat Enterprise Linux Server - Extended Update Support 7.7 x86_64
• Red Hat Enterprise Linux Server - AUS 7.7 x86_64, AUS 5.9 x86_64, AUS 5.9 i386
• Red Hat Enterprise Linux for Power, little endian 7 ppc64le
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7 ppc64le
• Red Hat Enterprise Linux Server - TUS 7.7 x86_64
• Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le
• Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64
• Red Hat JBoss Core Services 1 for RHEL 7 x86_64, RHEL 6 x86_64, RHEL 6 i386

Threats:

Attacker could exploit these vulnerabilities by doing the following:

• Unauthorized disclosure of information.
• Execute arbitrary code-remotely.
• Denial of service attack (DoS).
• Buffer overflow.

Best practice and Recommendations:

The CERT team encourages users to review Red Hat security advisory and apply the necessary updates:

https://access.redhat.com/security/security-updates/#/