- Issued:
- 2022-12-12
- Updated:
- 2022-12-12
RHBA-2022:8930 - Bug Fix Advisory
Synopsis
Update the JWS Operator for OpenShift to fix a krb5 CVE
Type/Severity
Bug Fix Advisory
Topic
The JBoss Web Server (JWS) Operator for OpenShift has been updated to provide a fix for krb5 CVE-2022-42898.
Description
This erratum covers updates to the JWS Operator for OpenShift to fix krb5 CVE-2022-42898.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.9 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for Power 4.9 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.9 for RHEL 8 s390x
Fixes
- BZ - 2140960 - CVE-2022-42898 krb5: integer overflow vulnerabilities in PAC parsing
- JWS-2709 - ServerReadinessScript/ServerLivenessScript via operator's webserver issue
- JWS-2732 - Update JWS Openshift operator due to krb5 CVE
CVEs
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.