- Issued:
- 2023-03-30
- Updated:
- 2023-03-30
RHBA-2023:1535 - Bug Fix Advisory
Synopsis
Update JBoss Web Server 3.1 for OpenShift images to fix nss and openssl CVEs
Type/Severity
Bug Fix Advisory
Topic
This erratum covers updates to the current Red Hat JBoss Web Server 3.1 for OpenShift images to fix nss CVE-2023-0767 and openssl CVE-2023-0286.
Description
Red Hat xPaaS provides images for many of the Red Hat Middleware products that are available for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments.
The current JBoss Web Server 3.1 for OpenShift images have been updated to fix nss CVE-2023-0767 and openssl CVE-2023-0286.
Solution
To update to the latest JBoss Web Server for OpenShift image, perform the following steps to pull in the content:
1. On your master host(s), ensure that you are logged into the command line interface as a cluster administrator or user who has project administrator access to the global "openshift" project:
$ oc login -u system:admin
2. Depending on the Tomcat version, run either of the following commands to update the core JBoss Web Server 3.1 OpenShift image stream in the "openshift" project:
- For Tomcat 8:
To update the core JBoss Web Server 3.1 tomcat 8 OpenShift image, run the following command:
$ oc -n openshift import-image jboss-webserver31-tomcat8-openshift:1.4
- For Tomcat 7:
To update the core JBoss Web Server 3.1 tomcat 7 OpenShift image, run the following command:
$ oc -n openshift import-image jboss-webserver31-tomcat7-openshift:1.4
Affected Products
- Red Hat OpenShift Container Platform 4.9 for RHEL 7 x86_64
- Red Hat OpenShift Container Platform 4.8 for RHEL 7 x86_64
- Red Hat OpenShift Container Platform 3.11 x86_64
Fixes
- BZ - 2170377 - CVE-2023-0767 nss: Arbitrary memory write via PKCS 12
- CLOUD-4165 - [JWS31] Important - nss: Arbitrary memory write via PKCS 12 (CVE-2023-0767)
- CLOUD-4166 - [JWS31] Important - openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
x86_64
jboss-webserver-3/webserver31-tomcat7-openshift@sha256:d75f69440e20413277fe7a7fad3760692ca07b237ea2528655f3157ec96e85d3 |
jboss-webserver-3/webserver31-tomcat8-openshift@sha256:dfaa9da9f10303484669fe69cb8408d027b1e4f9ec24ea15ff7dd5de160010a0 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.