- Issued:
- 2024-12-19
- Updated:
- 2024-12-19
RHBA-2024:11556 - Bug Fix Advisory
Synopsis
Update the JWS Operator for OpenShift to fix pam CVEs
Type/Severity
Bug Fix Advisory
Topic
The JBoss Web Server (JWS) Operator for OpenShift has been updated to provide a fix for pam CVE-2024-10041 and CVE-2024-10963.
Description
This erratum covers updates to the JWS Operator for OpenShift to fix pam CVE-2024-10041 and CVE-2024-10963.
Solution
You can download the RHEL-8-based Middleware Containers container image that this update provides from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available in the Red Hat Container Catalog (see the References section).
Dockerfiles and scripts should be amended to refer to this new image specifically or to the latest image generally.
Affected Products
- Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.11 for RHEL 8 x86_64
Fixes
- BZ - 2321440 - CVE-2024-9287 python: Virtual environment (venv) activation scripts don't quote paths
- BZ - 2325776 - CVE-2024-11168 python: Improper validation of IPv6 and IPvFuture addresses
ppc64le
| jboss-webserver-5/jws5-operator-bundle@sha256:9cd3b3577e12a69f2280ad3c6878ad3ec3c93ea1e5e78e995410b1feeecdb19f |
| jboss-webserver-5/jws5-rhel8-operator@sha256:a3b97ae5c6b66956cf2cf62b2b2e04ec09749a2cb5e9fadcdd6d9d46bdca3eb7 |
s390x
| jboss-webserver-5/jws5-operator-bundle@sha256:6d26c435c019cbb31d7923167b0729ec428c280db70ce9ca77e0a228683c9377 |
| jboss-webserver-5/jws5-rhel8-operator@sha256:b14f7c30d94fef265f01e9be57414f18656702a764917fee6dc4ccd00d1cc209 |
x86_64
| jboss-webserver-5/jws5-operator-bundle@sha256:d1b9d0a32d8fa6c1a0e7d929c3fb5d857a57bffa7c97aa06c2f39d3209f6ab92 |
| jboss-webserver-5/jws5-rhel8-operator@sha256:c0656bc77cdca904ddf590265898a79d3fd44a306c5c5ffe0d782e6686c2b21b |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
