Bug 826534 (CVE-2012-2379)
Summary: | CVE-2012-2379 jbossws-cxf, apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | asoldano, brms-jira, djorm, dpalmer, jcoleman, ncross, nwallace, rzhang, security-response-team, tkirby, zzoubkov |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-01-24 22:50:29 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 827797, 827798, 827799, 846244, 846246, 846247, 882283 | ||
Bug Blocks: | 789173, 826535, 849517, 874925, 879071, 879083, 881519, 1028865 |
Description
Jan Lieskovsky
2012-05-30 12:52:50 UTC
This has been corrected upstream in versions 2.4.8, 2.5.4, and 2.6.1: http://svn.apache.org/viewvc?rev=1338219&view=rev External Reference: http://cxf.apache.org/cve-2012-2379.html Created jbossws-cxf tracking bugs for this issue Affects: fedora-17 [bug 846247] Acknowledgements: Red Hat would like to thank the Apache CXF project for reporting this issue. This issue has been addressed in following products: JBoss Enterprise BRMS Platform 5.3.1 Via RHSA-2012:1573 https://rhn.redhat.com/errata/RHSA-2012-1573.html This issue has been addressed in following products: JBoss Enterprise BRMS Platform 5.3.0 Via RHSA-2012:1559 https://rhn.redhat.com/errata/RHSA-2012-1559.html This issue has been addressed in following products: JBEAP 6 for RHEL 5 Via RHSA-2012:1591 https://rhn.redhat.com/errata/RHSA-2012-1591.html This issue has been addressed in following products: JBoss Enterprise SOA Platform 5.3.0 Via RHSA-2012:1593 https://rhn.redhat.com/errata/RHSA-2012-1593.html This issue has been addressed in following products: JBEAP 6 for RHEL 6 Via RHSA-2012:1592 https://rhn.redhat.com/errata/RHSA-2012-1592.html This issue has been addressed in following products: JBoss Enterprise Application Platform 6.0.1 Via RHSA-2012:1594 https://rhn.redhat.com/errata/RHSA-2012-1594.html This issue has been addressed in following products: JBoss Enterprise Application Platform 5.2.0 Via RHSA-2013:0194 https://rhn.redhat.com/errata/RHSA-2013-0194.html This issue has been addressed in following products: JBEAP 5 for RHEL 5 Via RHSA-2013:0192 https://rhn.redhat.com/errata/RHSA-2013-0192.html This issue has been addressed in following products: JBEAP 5 for RHEL 6 Via RHSA-2013:0191 https://rhn.redhat.com/errata/RHSA-2013-0191.html This issue has been addressed in following products: JBEWP 5 for RHEL 6 Via RHSA-2013:0195 https://rhn.redhat.com/errata/RHSA-2013-0195.html This issue has been addressed in following products: JBEAP 5 for RHEL 4 Via RHSA-2013:0193 https://rhn.redhat.com/errata/RHSA-2013-0193.html This issue has been addressed in following products: JBEWP 5 for RHEL 4 Via RHSA-2013:0197 https://rhn.redhat.com/errata/RHSA-2013-0197.html This issue has been addressed in following products: JBEWP 5 for RHEL 5 Via RHSA-2013:0196 https://rhn.redhat.com/errata/RHSA-2013-0196.html This issue has been addressed in following products: JBoss Enterprise Web Platform 5.2.0 Via RHSA-2013:0198 https://rhn.redhat.com/errata/RHSA-2013-0198.html |