RHBA-2023:0816 - Bug Fix Advisory

Topic

The JBoss Web Server (JWS) Operator for OpenShift has been updated to provide a fix for libksba CVE-2022-47629.

Description

This erratum covers updates to the JWS Operator for OpenShift to fix libksba CVE-2022-47629.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
• Red Hat OpenShift Container Platform 4.9 for RHEL 8 x86_64
• Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le
• Red Hat OpenShift Container Platform for Power 4.9 for RHEL 8 ppc64le
• Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x
• Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.9 for RHEL 8 s390x

Fixes

• BZ - 2161571 - CVE-2022-47629 libksba: integer overflow to code execution
• JWS-2802 - Update JWS Openshift operator due to libksba CVE

CVEs

• CVE-2021-46848
• CVE-2022-35737
• CVE-2022-40303
• CVE-2022-40304
• CVE-2022-42010
• CVE-2022-42011
• CVE-2022-42012
• CVE-2022-43680
• CVE-2022-47629

References

• https://access.redhat.com/errata/RHSA-2023:0625
• https://catalog.redhat.com/software/containers/registry/registry.access.redhat.com/repository/jboss-webserver-5/jws5-rhel8-operator-container