Red Hat Product Errata RHBA-2022:0768 - Bug Fix Advisory
Issued:
2022-03-08
Updated:
2022-03-08

RHBA-2022:0768 - Bug Fix Advisory

Synopsis

Update JWS 5.6 Openshift images on UBI8 for cyrus-sasl CVE

Type/Severity

Bug Fix Advisory

Topic

This erratum updates the current JBoss Web Server 5.6 UBI8 images to provide a fix for cyrus-sasl CVE-2022-24407.

Description

Red Hat xPaaS provides images for many of the Red Hat Middleware products that are available for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments.

The current JBoss Web Server 5.6 OpenShift images have been updated to address cyrus-sasl CVE-2022-24407.

Solution

To update to the latest JBoss Web Server 5.6.1 for OpenShift image on UBI8, perform the following steps to pull in the content:

1. On your master host(s), ensure that you are logged in to the command line interface as a cluster administrator or user who has project administrator access to the global "openshift" project:

$ oc login -u system:admin

2. Run the following command to import the templates:

$ for resource in jws56-openjdk11-tomcat9-ubi8-basic-s2i.json \ jws56-openjdk11-tomcat9-ubi8-https-s2i.json \ jws56-openjdk11-tomcat9-ubi8-image-stream.json \ jws56-openjdk8-tomcat9-ubi8-basic-s2i.json \ jws56-openjdk8-tomcat9-ubi8-https-s2i.json \ jws56-openjdk8-tomcat9-ubi8-image-stream.json do oc replace -n openshift --force -f \ https://raw.githubusercontent.com/jboss-container-images/jboss-webserver-5-openshift-image/jws56el8-v5.6.1/templates/${resource} done

3. Depending on the OpenJDK version, run either of the following commands to update the core JBoss Web Server 5.6 tomcat 9 OpenShift image stream in the "openshift" project:

  • For OpenJDK 8:

To update the core JBoss Web Server 5.6 tomcat 9 with OpenJDK 8 OpenShift image, run the following command:

$ oc -n openshift import-image jboss-webserver56-openjdk8-tomcat9-openshift-ubi8:5.6.1

  • For OpenJDK 11:

To update the core JBoss Web Server 5.6 tomcat 9 with OpenJDK 11 OpenShift image, run the following command:

$ oc -n openshift import-image jboss-webserver56-openjdk11-tomcat9-openshift-ubi8:5.6.1

Affected Products

  • Red Hat OpenShift Container Platform 4.9 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.8 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform for Power 4.9 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.8 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.9 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.8 for RHEL 8 s390x

Fixes

  • BZ - 2055326 - CVE-2022-24407 cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands
  • CLOUD-4084 - [JWS56] Importatnt - cyrus-sasl CVE-2022-24407

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.