[jboss-cvs] JBossAS SVN: r86449 - projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Sun Mar 29 23:11:42 EDT 2009
Author: Darrin
Date: 2009-03-29 23:11:39 -0400 (Sun, 29 Mar 2009)
New Revision: 86449
Modified:
projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/System_Installation.xml
Log:
JBOSSCC-40 - added download steps for patch
Modified: projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/System_Installation.xml
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/System_Installation.xml 2009-03-30 02:15:17 UTC (rev 86448)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/System_Installation.xml 2009-03-30 03:11:39 UTC (rev 86449)
@@ -308,6 +308,81 @@
</section>
</section>
+ <section id="sect-installing_patch">
+ <title>Installing the RHSA-2009:0349-5 patch</title>
+ <para>
+ After you have installed JBoss EAP you must also download and install a patch.
+ This patch resolves an issue where a remote attacker could read arbitrary XML
+ files with the permissions of the EAP process. You can refer to
+ <ulink url="http://rhn.redhat.com/errata/RHSA-2009-0349.html">http://rhn.redhat.com/errata/RHSA-2009-0349.html</ulink>
+ for additional information regarding this exploit.
+ </para>
+
+ <para>
+ The exact files you will need to download will vary according to whether you have
+ installed the RPM version of JBoss EAP or the zip version.
+ </para>
+
+ <procedure>
+ <title>Installing the RHSA-2009:0349-5 patch</title>
+ <step>
+ <title>Download</title>
+ <para>
+ The patch to resolve RHSA-2009:0349-5 for JBoss EAP can be downloaded
+ from the Red Hat FTP server. It's exact location will vary according
+ to your choice of installation.
+ </para>
+
+ <variablelist>
+ <title>Patch Downloads</title>
+ <varlistentry>
+ <term>Red Hat Enterprise Linux 4 RPM Installation</term>
+ <listitem>
+ <para>
+ <ulink url="ftp.redhat.com/pub/redhat/jbeap/CC/4.3.0_CP03/RHEL4/jbossws-2.0.1-3.SP2_CP04.3.ep1.el4.noarch.rpm">ftp.redhat.com/pub/redhat/jbeap/CC/4.3.0_CP03/RHEL4/jbossws-2.0.1-3.SP2_CP04.3.ep1.el4.noarch.rpm</ulink>
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Red Hat Enterprise Linux 5 RPM Installation</term>
+ <listitem>
+ <para>
+ <ulink url="ftp.redhat.com/pub/redhat/jbeap/CC/4.3.0_CP03/RHEL5/jbossws-2.0.1-3.SP2_CP04.3.1.ep1.el5.noarch.rpm">ftp.redhat.com/pub/redhat/jbeap/CC/4.3.0_CP03/RHEL5/jbossws-2.0.1-3.SP2_CP04.3.1.ep1.el5.noarch.rpm</ulink>
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Zip file installation</term>
+ <listitem>
+ <para>
+ <ulink url="ftp.redhat.com/pub/redhat/jbeap/CC/4.3.0_CP03/zip/jbossws-core.jar">ftp.redhat.com/pub/redhat/jbeap/CC/4.3.0_CP03/zip/jbossws-core.jar</ulink>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <ulink url="ftp.redhat.com/pub/redhat/jbeap/CC/4.3.0_CP03/zip/jbossws-client.jar">ftp.redhat.com/pub/redhat/jbeap/CC/4.3.0_CP03/zip/jbossws-client.jar</ulink>
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </step>
+ <!-- <step>
+ <title>Verify</title>
+ <para>
+
+ </para>
+ </step>
+ <step>
+ <title>Install</title>
+ <para>
+
+ </para>
+ </step> -->
+ </procedure>
+
+ </section>
+
+
<section id="verify_version_number_installed">
<title>Confirming the Version of your JBoss EAP Installation</title>
<para>There are three ways in which you can verify the version number
More information about the jboss-cvs-commits
mailing list