- Issued:
- 2023-03-29
- Updated:
- 2023-03-29
RHBA-2023:1521 - Bug Fix Advisory
Synopsis
Update JBoss Web Server 5.7 for OpenShift images to fix nss and openssl CVEs
Type/Severity
Bug Fix Advisory
Topic
This erratum covers updates to the current Red Hat JBoss Web Server 5.7 for OpenShift images to fix nss CVE-2023-0767 and multiple openssl CVEs.
Description
Red Hat xPaaS provides images for many of the Red Hat Middleware products that are available for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments.
The current JBoss Web Server 5.7 for OpenShift images have been updated to fix nss CVE-2023-0767 and the following openssl CVEs:
- CVE-2023-0286
- CVE-2022-4304
- CVE-2022-4450
- CVE-2023-0215
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.9 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for Power 4.9 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.9 for RHEL 8 s390x
Fixes
- BZ - 2170377 - CVE-2023-0767 nss: Arbitrary memory write via PKCS 12
- CLOUD-4164 - [JWS57] Important - nss: Arbitrary memory write via PKCS 12 (CVE-2023-0767)
- CLOUD-4167 - [JWS57] Important - openssl: Multiple CVEs
CVEs
ppc64le
jboss-webserver-5/jws57-openjdk11-openshift-rhel8@sha256:ea9e5e7f3b81c119bdfb7dd1f6438737ed94fe17d8ad49504a67a80a09fef0ea |
s390x
jboss-webserver-5/jws57-openjdk11-openshift-rhel8@sha256:3629cc485f5f9e642916c4dfdff71b859a7acaa074782ee2a310280e84f848b5 |
x86_64
jboss-webserver-5/jws57-openjdk11-openshift-rhel8@sha256:eeb0c539ee7ffbd2f1e6eb326204c6f69c554ac5acf0454e9d68d75ffe954f7c |
jboss-webserver-5/jws57-openjdk8-openshift-rhel8@sha256:85093d0f55d06662420925f64e914ff05499c79c2ede3ef80085a44d40f16a80 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.