Can the JBoss security update 4.3.0.GA_CP08 be applied to the BlackBerry Administration Service?

Article ID: KB25292

Type: Support Content

Last Modified: 02-06-2012

 

Product(s) Affected:

  • BlackBerry Enterprise Server 5
CollapseEnvironment
  • BlackBerry® Enterprise Server 5.0 SP2
CollapseOverview
The BlackBerry® Administration Service uses JBoss® and security patch 4.3.0.GA_CP08 has been released to correct vulnerabilities. Any patches for JBoss need to be formally tested and approved before being applied to the BlackBerry Administration Service. The version of JBoss on the server should not be modified without an approved release of the BlackBerry Enterprise Server at this time.The BlackBerry Administration Service does not use the affected components of JBoss mentioned in the security vulnerabilities and therefore they represent no real threat to the security of the BlackBerry Enterprise Server. Regardless of this, the JBoss security update 4.3.0.GA_CP08 is installed and used by BlackBerry Administration Service in BlackBerry® Enterprise Server 5.0 SP3.
CollapseAdditional Information

For more information about JBoss, please see http://jboss.org/

The version of JBoss used by the BlackBerry Administration Service can be seen in the BBAS-AS Logs at start up:

(01/16 11:47:53:604):{main} [org.jboss.system.server.Server] [INFO] JBoss (MX MicroKernel) [4.3.0.GA_CP08 (build: SVNTag=JBPAPP_4_3_0_GA_CP08 date=201004202136)] Started in 2m:50s:54ms

Disclaimer

By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.