- Issued:
- 2019-12-19
- Updated:
- 2019-12-19
RHBA-2019:4332 - Bug Fix Advisory
Synopsis
Update JWS 3.1 OpenShift images to fix nss CVEs
Type/Severity
Bug Fix Advisory
Topic
This erratum updates the current JWS 3.1 images to provide a fix for nss CVEs (CVE-2019-11729, CVE-2019-11745)
Description
Red Hat xPaaS provides images for many of the Red Hat Middleware products for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments.
The current JWS 3.1 OpenShift images have been updated to address nss CVEs (CVE-2019-11729, CVE-2019-11745). These images can be used with OpenShift Container Platform 3.10 and 3.11.
Solution
To update to the latest JWS for OpenShift image, run the following steps to pull in the content:
On your master host(s), ensure you are logged into the CLI as a cluster administrator or user that has project administrator access to the global "openshift" project.
$ oc login -u system:admin
Then, run the following command to update the core JWS 3.1 OpenShift image stream in the "openshift" project:
For updating the core JWS 3.1 tomcat 8 OpenShift image please run
$ oc -n openshift import-image jboss-webserver31-tomcat8-openshift:1.4
For updating the core JWS 3.1 tomcat 7 OpenShift image please run
$ oc -n openshift import-image jboss-webserver31-tomcat7-openshift:1.4
Affected Products
- Red Hat OpenShift Container Platform 3.11 x86_64
- Red Hat OpenShift Container Platform 3.10 x86_64
Fixes
- BZ - 1728437 - CVE-2019-11729 nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault
- BZ - 1774831 - CVE-2019-11745 nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate
CVEs
- CVE-2016-10739
- CVE-2018-0495
- CVE-2018-0734
- CVE-2018-12404
- CVE-2018-14647
- CVE-2018-16062
- CVE-2018-16402
- CVE-2018-16403
- CVE-2018-18310
- CVE-2018-18520
- CVE-2018-18521
- CVE-2019-1559
- CVE-2019-3858
- CVE-2019-3861
- CVE-2019-5010
- CVE-2019-7149
- CVE-2019-7150
- CVE-2019-7664
- CVE-2019-7665
- CVE-2019-9740
- CVE-2019-9947
- CVE-2019-9948
- CVE-2019-11729
- CVE-2019-11745
References
(none)
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.