-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reference: CERT-EU Security Advisory 2012-0117

Title: JBoss Enterprise Data Services Platform 5.3.0 update [1]

Version history:
24.09.2012 Initial publication


Summary
=======
JBoss Enterprise Data Services Platform 5.3.0 roll up patch 1, which fixes one security issue and various bugs, is now available from the Red Hat Customer Portal.

CVSS v2: 3.3 (LOW) AV:A/AC:L/Au:N/C:P/I:N/A:N [2]

Affected Versions
=================
JBoss Enterprise Data Services Platform 5.3.0 

Original Details
================
This roll up patch serves as a cumulative upgrade for JBoss Enterprise Data Services Platform 5.3.0. It includes various bug fixes. The following security issue is also fixed with this release:

It was found that the Teiid JDBC (Java Database Connectivity) socket did
not encrypt client log in messages by default. A man-in-the-middle attacker could use this flaw to obtain log in credentials and other JDBC
traffic. (CVE-2012-3431)

What can you do?
================
Patches are available [1]


What to tell your users
=======================

N/A

More information
================
[1] https://rhn.redhat.com/errata/RHSA-2012-1301.html
[2] https://access.redhat.com/security/cve/CVE-2012-3431


Best regards,

CERT-EU Team (http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383
Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJQYIB8AAoJEPpzpNLI8SVoP1sP/iLjo7qkPPY+vG25eLGBJeY3
eKo15p92HO8DP/dipNDgwIT3dlBel7smtjiJuxRQwt61FfE5TljLa482r51lFxLv
Zs38PRKvxFnnBT2E/R4yZxIaH8jBxc9KB0LTu4BYJ8WaMBip2EpxjvLMCs6OFX3I
oOMkuEUFUcBqqmio3tgiifnUhyZ61l54upQ7mPb9o9LPfqi4VVS5gZxCI2HRQtQj
MkIJjUoJJQTIPjZ1KfRano0ISszafLIEBf3pfDs2iwhj3kO1WeWVo6u6A4i4sSzS
cu79nwZUHLTtKB8uSM05K83oX1oEAQa5XhvicXdtHFvx62/CTldClxRm3w3AjLJr
Z+HGkDV+z9RHGEPIU0zwrC5HAmGhwVSzJRLmkDWjCmLd6oZTyE9vnpcc0qEwUBBU
Dobkxt+5hrqNIl+u1WJ6nYHToLcNSQup/bV1FP7HltKwwja777PH1CcLqRadYIo6
25SwutVmkFXrScu8YAGnw6EjPeAOpWerV3T1TdJPwwGNhWgV2uxNKSMP1uJ1dq9g
rLu8sPJynjtoPNqqmi8/DlIn7nsXw1h6gb8veyRh4gSpdNSSRAc6ms/DaXXKyL9p
LGATPBGq4ZWVRoV1/y38S0qBgGOl7TToODhJDf3FexO1FUBylf8b3G9v+jYmIKJJ
WJw/g5vDYmfBrMShJXTA
=3lcy
-----END PGP SIGNATURE-----