Red Hat Product Errata RHBA-2024:0496 - Bug Fix Advisory
Issued:
2024-01-25
Updated:
2024-01-25

RHBA-2024:0496 - Bug Fix Advisory

Synopsis

Update JBoss Web Server 5.7 for OpenShift image to fix multiple OpenJDK CVEs

Type/Severity

Bug Fix Advisory

Topic

This erratum covers updates to the current Red Hat JBoss Web Server 5.7 for OpenShift image with OpenJDK 11 support to fix multiple OpenJDK CVEs.

Description

Red Hat xPaaS provides images for many of the Red Hat Middleware products that are available for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments.

The current JBoss Web Server 5.7 for OpenShift image with OpenJDK 11 support has been updated to fix the following OpenJDK CVEs:

  • CVE-2024-20918
  • CVE-2024-20952
  • CVE-2024-20919
  • CVE-2024-20921
  • CVE-2024-20926
  • CVE-2024-20945

Solution

To update to the latest JBoss Web Server 5.7.7 for OpenShift image on UBI8, perform the following steps to pull in the content:

1. On your master host(s), ensure that you are logged in to the command line interface as a cluster administrator or user who has project administrator access to the global "openshift" project:

$ oc login -u system:admin

2. To update the core JBoss Web Server 5.7 tomcat 9 with OpenJDK 11 OpenShift image, run the following command:

$ oc -n openshift import-image jboss-webserver57-openjdk11-tomcat9-openshift-ubi8:5.7.7

Affected Products

  • Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.11 for RHEL 8 x86_64

Fixes

  • BZ - 2257728 - CVE-2024-20918 OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468)
  • BZ - 2257837 - CVE-2024-20952 OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)
  • BZ - 2257850 - CVE-2024-20926 OpenJDK: arbitrary Java code execution in Nashorn (8314284)
  • BZ - 2257853 - CVE-2024-20919 OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)
  • BZ - 2257859 - CVE-2024-20921 OpenJDK: range check loop optimization issue (8314307)
  • BZ - 2257874 - CVE-2024-20945 OpenJDK: logging of digital signature private keys (8316976)
  • CLOUD-4216 - [JWS57] Important - Multiple java-11-openjdk CVEs

ppc64le

jboss-webserver-5/jws57-openjdk11-openshift-rhel8@sha256:95fec1e523552637634626545866cb5aa27bf02bd6b2775acf41410df95a1282

s390x

jboss-webserver-5/jws57-openjdk11-openshift-rhel8@sha256:df99c489160ec6e94bd996d32400ea9c90f46084838cf3c909ed4a4e64c73b8d

x86_64

jboss-webserver-5/jws57-openjdk11-openshift-rhel8@sha256:ea9b47cf278c27f42cae97f92d5e99b1fa9232c378501ce01e734b8853774d31

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.