- Issued:
- 2022-05-12
- Updated:
- 2022-05-12
RHBA-2022:2231 - Bug Fix Advisory
Synopsis
Update the JWS Operator for OpenShift for gzip CVE
Type/Severity
Bug Fix Advisory
Topic
The JBoss Web Server (JWS) Operator for OpenShift has been updated to provide a fix for a gzip CVE.
Description
This erratum covers updates to the JWS Operator for OpenShift to fix gzip CVE-2022-1271.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.9 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for Power 4.9 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.9 for RHEL 8 s390x
Fixes
- BZ - 2073310 - CVE-2022-1271 gzip: arbitrary-file-write vulnerability
- JWS-2485 - Update JWS Openshift operator due to gzip CVE
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
