- Issued:
- 2023-02-13
- Updated:
- 2023-02-13
RHBA-2023:0740 - Bug Fix Advisory
Synopsis
Update JBoss Web Server 5.7 for OpenShift images to fix libksba CVE
Type/Severity
Bug Fix Advisory
Topic
This erratum covers updates to the current Red Hat JBoss Web Server 5.7 for OpenShift images to fix libksba CVE-2022-47629.
Description
Red Hat xPaaS provides images for many of the Red Hat Middleware products that are available for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments.
The current JBoss Web Server 5.7 for OpenShift images have been updated to fix libksba CVE-2022-47629.
Solution
To update to the latest JBoss Web Server 5.7.1 for OpenShift image on UBI8, perform the following steps to pull in the content:
1. On your master host(s), ensure that you are logged into the command line interface as a cluster administrator or user who has project administrator access to the global "openshift" project:
$ oc login -u system:admin
2. Run the following commands to import the templates:
$ for resource in jws57-openjdk11-tomcat9-ubi8-basic-s2i.json \ jws57-openjdk11-tomcat9-ubi8-https-s2i.json \ jws57-openjdk11-tomcat9-ubi8-image-stream.json \ jws57-openjdk8-tomcat9-ubi8-basic-s2i.json \ jws57-openjdk8-tomcat9-ubi8-https-s2i.json \ jws57-openjdk8-tomcat9-ubi8-image-stream.json do oc replace -n openshift --force -f \ https://raw.githubusercontent.com/jboss-container-images/jboss-webserver-5-openshift-image/jws57el8-v5.7.1/templates/${resource} done
3. Depending on the OpenJDK version, run either of the following commands to update the core JBoss Web Server 5.7 tomcat 9 OpenShift image stream in the "openshift" project:
- For OpenJDK 8:
To update the core JBoss Web Server 5.7 tomcat 9 with OpenJDK 8 OpenShift image, run the following command:
$ oc -n openshift import-image jboss-webserver57-openjdk8-tomcat9-openshift-ubi8:5.7.1
- For OpenJDK 11:
To update the core JBoss Web Server 5.7 tomcat 9 with OpenJDK 11 OpenShift image, run the following command:
$ oc -n openshift import-image jboss-webserver57-openjdk11-tomcat9-openshift-ubi8:5.7.1
Affected Products
- Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.9 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for Power 4.9 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.9 for RHEL 8 s390x
Fixes
- BZ - 2161571 - CVE-2022-47629 libksba: integer overflow to code execution
- CLOUD-4159 - [JWS57] - Important - libksba: integer overflow to code executiona (CVE-2022-47629)
CVEs
- CVE-2021-46848
- CVE-2022-2056
- CVE-2022-2057
- CVE-2022-2058
- CVE-2022-2519
- CVE-2022-2520
- CVE-2022-2521
- CVE-2022-2867
- CVE-2022-2868
- CVE-2022-2869
- CVE-2022-2953
- CVE-2022-35737
- CVE-2022-40303
- CVE-2022-40304
- CVE-2022-42010
- CVE-2022-42011
- CVE-2022-42012
- CVE-2022-43680
- CVE-2022-47629
- CVE-2023-21830
- CVE-2023-21835
- CVE-2023-21843
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
