- 发布:
- 2024-12-19
- 已更新:
- 2024-12-19
RHBA-2024:11556 - Bug Fix Advisory
概述
Update the JWS Operator for OpenShift to fix pam CVEs
类型/严重性
Bug Fix Advisory
标题
The JBoss Web Server (JWS) Operator for OpenShift has been updated to provide a fix for pam CVE-2024-10041 and CVE-2024-10963.
描述
This erratum covers updates to the JWS Operator for OpenShift to fix pam CVE-2024-10041 and CVE-2024-10963.
解决方案
You can download the RHEL-8-based Middleware Containers container image that this update provides from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available in the Red Hat Container Catalog (see the References section).
Dockerfiles and scripts should be amended to refer to this new image specifically or to the latest image generally.
受影响的产品
- Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.11 for RHEL 8 x86_64
修复
- BZ - 2321440 - CVE-2024-9287 python: Virtual environment (venv) activation scripts don't quote paths
- BZ - 2325776 - CVE-2024-11168 python: Improper validation of IPv6 and IPvFuture addresses
ppc64le
| jboss-webserver-5/jws5-operator-bundle@sha256:9cd3b3577e12a69f2280ad3c6878ad3ec3c93ea1e5e78e995410b1feeecdb19f |
| jboss-webserver-5/jws5-rhel8-operator@sha256:a3b97ae5c6b66956cf2cf62b2b2e04ec09749a2cb5e9fadcdd6d9d46bdca3eb7 |
s390x
| jboss-webserver-5/jws5-operator-bundle@sha256:6d26c435c019cbb31d7923167b0729ec428c280db70ce9ca77e0a228683c9377 |
| jboss-webserver-5/jws5-rhel8-operator@sha256:b14f7c30d94fef265f01e9be57414f18656702a764917fee6dc4ccd00d1cc209 |
x86_64
| jboss-webserver-5/jws5-operator-bundle@sha256:d1b9d0a32d8fa6c1a0e7d929c3fb5d857a57bffa7c97aa06c2f39d3209f6ab92 |
| jboss-webserver-5/jws5-rhel8-operator@sha256:c0656bc77cdca904ddf590265898a79d3fd44a306c5c5ffe0d782e6686c2b21b |
Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/。
