- Issued:
- 2023-07-06
- Updated:
- 2023-07-06
RHBA-2023:3972 - Bug Fix Advisory
Synopsis
Update the JWS Operator for OpenShift to fix a python CVE
Type/Severity
Bug Fix Advisory
Topic
The JBoss Web Server (JWS) Operator for OpenShift has been updated to provide a fix for python CVE-2023-24329.
Description
This erratum covers updates to the JWS Operator for OpenShift to fix python CVE-2023-24329.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.9 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for Power 4.9 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.9 for RHEL 8 s390x
Fixes
- BZ - 2173917 - CVE-2023-24329 python: urllib.parse url blocklisting bypass
- JWS-2989 - Update JWS Openshift operator due to python3 CVE
ppc64le
| jboss-webserver-5/jws5-operator-bundle@sha256:e618189de9ccdab8eab34d340510e3a6b84737c71b6152e8cf2d6f6ea4152e07 |
| jboss-webserver-5/jws5-rhel8-operator@sha256:c2b38e10181d53c1ee9e593bc8a7a51fa62e4816562d81f4b30602def410d432 |
s390x
| jboss-webserver-5/jws5-operator-bundle@sha256:bd935b627cc399bd8d4f4ccf4d2c148785b10fdbcd0060e9201c99feb92e3b22 |
| jboss-webserver-5/jws5-rhel8-operator@sha256:d5fcbca3bd6e411cf1ec81f26f4033080905bd347f480c25a3fa6e86b351a98a |
x86_64
| jboss-webserver-5/jws5-operator-bundle@sha256:b6639e3f24b2aebb5833c30bcecae98b638721c4f87b61ed32b121cfaf6ba055 |
| jboss-webserver-5/jws5-rhel8-operator@sha256:43c406f65be3a7a059ad244a0f4f56cd4515a6ddd65ff52c5e1774811b72bd9e |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
