- Issued:
- 2023-03-30
- Updated:
- 2023-03-30
RHBA-2023:1536 - Bug Fix Advisory
Synopsis
Update the JWS Operator for OpenShift to fix multiple openssl CVEs
Type/Severity
Bug Fix Advisory
Topic
The JBoss Web Server (JWS) Operator for OpenShift has been updated to provide a fix for multiple openssl CVEs.
Description
This erratum covers updates to the JWS Operator for OpenShift to fix the following openssl CVEs:
- CVE-2023-0286
- CVE-2022-4304
- CVE-2022-4450
- CVE-2023-0215
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.9 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for Power 4.9 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.9 for RHEL 8 s390x
Fixes
- BZ - 2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName
- BZ - 2164487 - CVE-2022-4304 openssl: timing attack in RSA Decryption implementation
- BZ - 2164492 - CVE-2023-0215 openssl: use-after-free following BIO_new_NDEF
- BZ - 2164494 - CVE-2022-4450 openssl: double free after calling PEM_read_bio_ex
- JWS-2867 - Update JWS Openshift operator due to openssl CVEs
CVEs
ppc64le
jboss-webserver-5/jws5-operator-bundle@sha256:66c9ed4b7fc91c4fa7518c94d3790732045aff374556c385481c94f55b101661 |
jboss-webserver-5/jws5-rhel8-operator@sha256:5dd49d68066bf7c9954918de659ba8bcb16e0c5f6386a9a813b4812b5067568a |
s390x
jboss-webserver-5/jws5-operator-bundle@sha256:4759954b6784b50b9c51cccea75319f69ff0af5bd67dace1a4ebc4e299193490 |
jboss-webserver-5/jws5-rhel8-operator@sha256:39694987fba3ab6f59fc625574921fe9018c0ba9a8e4022793af07b1aa7d1382 |
x86_64
jboss-webserver-5/jws5-operator-bundle@sha256:a96348f26c4f7ff17e5b47c5f28921965cc9887b940a52ad43b25523c2b89a12 |
jboss-webserver-5/jws5-rhel8-operator@sha256:36c01dac4eed38985c6e301a12285f1034316d5071ac5be537ee16e7c9636eb0 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.