- Issued:
- 2023-09-06
- Updated:
- 2023-09-06
RHBA-2023:4992 - Bug Fix Advisory
Synopsis
Update the JWS Operator for OpenShift to fix a subscription-manager CVE
Type/Severity
Bug Fix Advisory
Topic
The JBoss Web Server (JWS) Operator for OpenShift has been updated to provide a fix for subscription-manager CVE-2023-3899.
Description
This erratum covers updates to the JWS Operator for OpenShift to fix subscription-manager CVE-2023-3899.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat OpenShift Container Platform 4.11 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x
Fixes
- BZ - 2225407 - CVE-2023-3899 subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration
- JWS-3051 - Update JWS Openshift operator due to subscription-manager CVE
CVEs
ppc64le
jboss-webserver-5/jws5-operator-bundle@sha256:0a9ac3b7d8b247766bf7ef76ef7da395717a7afe16e64dea3c16c23833ba585c |
jboss-webserver-5/jws5-rhel8-operator@sha256:0c16f9301da63858b45b35e14b7ca8d26d41409c5b0d47a77b6fa5ea47f240c5 |
s390x
jboss-webserver-5/jws5-operator-bundle@sha256:9ecde7623131098b150ba8ab241fd3b3b3b9ecc2cf37be0ad48ff30acb89e7a2 |
jboss-webserver-5/jws5-rhel8-operator@sha256:b7dff0b5f5540ad800c3ff284ad3e7f6bb385bc2510b58e0608f73f962f76642 |
x86_64
jboss-webserver-5/jws5-operator-bundle@sha256:bc8dafa89824d2840c98297e1f203316cafbdbc0cee1a13596d426fc50839983 |
jboss-webserver-5/jws5-rhel8-operator@sha256:9c1ac79e101729c0cb7f377e997adfc209d832f2d4fec016ac56ba085725c9f9 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.