- Issued:
- 2024-06-04
- Updated:
- 2024-06-04
RHBA-2024:3578 - Bug Fix Advisory
Synopsis
Update the JWS Operator for OpenShift to fix glibc and python3 CVEs
Type/Severity
Bug Fix Advisory
Topic
The JBoss Web Server (JWS) Operator for OpenShift has been updated to provide a fix for glibc and python3 CVEs.
Description
This erratum covers updates to the JWS Operator for OpenShift to fix the following glibc and python3 CVEs:
- glibc: CVE-2024-2961, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601 and CVE-2024-33602
- python3: CVE-2023-6597 and CVE-2024-0450
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.11 for RHEL 8 x86_64
Fixes
- BZ - 2273404 - CVE-2024-2961 glibc: Out of bounds write in iconv may lead to remote code execution
CVEs
ppc64le
jboss-webserver-5/jws5-operator-bundle@sha256:efab616056370108a477e937f4ddc69b5b956f5b00f4a5c7c58f989d2b40797d |
jboss-webserver-5/jws5-rhel8-operator@sha256:6a32dc039ac7a2a45c35fdb93a2dae2bc8dd022f934310df8579de5b5947be65 |
s390x
jboss-webserver-5/jws5-operator-bundle@sha256:fd0cefbfca66467ad0c4dd7a42fcc23bf72686718ce4ad815aef009f5bd838a7 |
jboss-webserver-5/jws5-rhel8-operator@sha256:3be1700bf1895907456a1dd978d52625a25fde9273a221db43aa0216610efde7 |
x86_64
jboss-webserver-5/jws5-operator-bundle@sha256:428e21ef1bec2a35ac24ea0ac4f0d8e3c766613220a49a4366c63af819c3698a |
jboss-webserver-5/jws5-rhel8-operator@sha256:2c4984b110acc123b56beabc2aaddf225183497eb12dd43007aadbaff5afa894 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.