Red Hat Product Errata RHBA-2022:0807 - Bug Fix Advisory
Issued:
2022-03-09
Updated:
2022-03-09

RHBA-2022:0807 - Bug Fix Advisory

Synopsis

Update the JWS Operator for Openshift to fix a cyrus-sasl CVE

Type/Severity

Bug Fix Advisory

Topic

The JBoss Web Server (JWS) Operator for OpenShift has been updated to provide a fix for cyrus-sasl CVE.

Description

This erratum updates the JWS Operator for OpenShift to provide a fix for cyrus-sasl CVE-2022-24407.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift Container Platform 4.9 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.8 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform for Power 4.9 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.8 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.9 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.8 for RHEL 8 s390x

Fixes

  • BZ - 2055326 - CVE-2022-24407 cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands
  • JWS-2413 - Update JWS Openshift operator due to cyrus-sasl CVE

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.