- 发布:
- 2023-09-06
- 已更新:
- 2023-09-06
RHBA-2023:4992 - Bug Fix Advisory
概述
Update the JWS Operator for OpenShift to fix a subscription-manager CVE
类型/严重性
Bug Fix Advisory
标题
The JBoss Web Server (JWS) Operator for OpenShift has been updated to provide a fix for subscription-manager CVE-2023-3899.
描述
This erratum covers updates to the JWS Operator for OpenShift to fix subscription-manager CVE-2023-3899.
解决方案
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
受影响的产品
- Red Hat OpenShift Container Platform 4.11 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x
修复
- BZ - 2225407 - CVE-2023-3899 subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration
- JWS-3051 - Update JWS Openshift operator due to subscription-manager CVE
CVE
ppc64le
| jboss-webserver-5/jws5-operator-bundle@sha256:0a9ac3b7d8b247766bf7ef76ef7da395717a7afe16e64dea3c16c23833ba585c |
| jboss-webserver-5/jws5-rhel8-operator@sha256:0c16f9301da63858b45b35e14b7ca8d26d41409c5b0d47a77b6fa5ea47f240c5 |
s390x
| jboss-webserver-5/jws5-operator-bundle@sha256:9ecde7623131098b150ba8ab241fd3b3b3b9ecc2cf37be0ad48ff30acb89e7a2 |
| jboss-webserver-5/jws5-rhel8-operator@sha256:b7dff0b5f5540ad800c3ff284ad3e7f6bb385bc2510b58e0608f73f962f76642 |
x86_64
| jboss-webserver-5/jws5-operator-bundle@sha256:bc8dafa89824d2840c98297e1f203316cafbdbc0cee1a13596d426fc50839983 |
| jboss-webserver-5/jws5-rhel8-operator@sha256:9c1ac79e101729c0cb7f377e997adfc209d832f2d4fec016ac56ba085725c9f9 |
Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/。
