- Issued:
- 2022-11-09
- Updated:
- 2022-11-09
RHBA-2022:7889 - Bug Fix Advisory
Synopsis
Update the JWS Operator for OpenShift to fix expat and libksba CVEs
Type/Severity
Bug Fix Advisory
Topic
The JBoss Web Server (JWS) Operator for OpenShift has been updated to provide a fix for an expat CVE and a libksba CVE.
Description
This erratum covers updates to the JWS Operator for OpenShift to fix expat CVE-2022-40674 and likbksba CVE-2022-3515.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.9 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for Power 4.9 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.9 for RHEL 8 s390x
Fixes
- BZ - 2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c
- JWS-2628 - Update JWS Openshift operator due to expat CVE
- JWS-2657 - Update JWS Openshift operator due to libksba CVE
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.