Red Hat Product Errata RHBA-2024:3585 - Bug Fix Advisory
Issued:
2024-06-04
Updated:
2024-06-04

RHBA-2024:3585 - Bug Fix Advisory

Synopsis

Update JBoss Web Server 5.8 for OpenShift images to fix glibc and python3 CVEs

Type/Severity

Bug Fix Advisory

Topic

This erratum covers updates to the current Red Hat JBoss Web Server 5.8 for OpenShift images to fix glibc and python3 CVEs.

Description

Red Hat xPaaS provides images for many of the Red Hat Middleware products that are available for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments.

The current JBoss Web Server 5.8 for OpenShift images have been updated to fix the following glibc and python3 CVEs:

  • glibc: CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601 and CVE-2024-33602
  • python3: CVE-2023-6597 and CVE-2024-0450

Solution

To update to the latest JBoss Web Server 5.8.0 for OpenShift image on UBI8, perform the following steps to pull in the content:

1. On your master host(s), ensure that you are logged in to the command line interface as a cluster administrator or user who has project administrator access to the global "openshift" project:

$ oc login -u system:admin

2. Depending on the OpenJDK version, run one of the following commands to update the core JBoss Web Server 5.8 tomcat 9 OpenShift image stream in the "openshift" project:

  • For OpenJDK 8:

To update the core JBoss Web Server 5.8 tomcat 9 with OpenJDK 8 OpenShift image, run the following command:

$ oc -n openshift import-image jboss-webserver58-openjdk8-tomcat9-openshift-ubi8:5.8.0

  • For OpenJDK 11:

To update the core JBoss Web Server 5.8 tomcat 9 with OpenJDK 11 OpenShift image, run the following command:

$ oc -n openshift import-image jboss-webserver58-openjdk11-tomcat9-openshift-ubi8:5.8.0

  • For OpenJDK 17:

To update the core JBoss Web Server 5.8 tomcat 9 with OpenJDK 17 OpenShift image, run the following command:

$ oc -n openshift import-image jboss-webserver58-openjdk17-tomcat9-openshift-ubi8:5.8.0

Affected Products

  • Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.11 for RHEL 8 x86_64

Fixes

(none)

References

(none)

ppc64le

jboss-webserver-5/jws58-openjdk11-openshift-rhel8@sha256:6fd1fa60a8f825cb48429ba14e4288fc2792075efdf885c6f5e061fedfa17970
jboss-webserver-5/jws58-openjdk17-openshift-rhel8@sha256:ccfc5498daeaba66a71e27633945f47c6f2015deaab890ecd1b02d2497d13ae6

s390x

jboss-webserver-5/jws58-openjdk11-openshift-rhel8@sha256:a413efa13afa2104d6761947a8fd3377cc1d8f502031a7f780c5ad68d5078d6d
jboss-webserver-5/jws58-openjdk17-openshift-rhel8@sha256:ea97e4f5623e378e6ab3ed1854e3c5eefcfeb906be1dd8986ddb5dead3cd7545

x86_64

jboss-webserver-5/jws58-openjdk11-openshift-rhel8@sha256:644633060a2695fff699a326df97e38868bc0bc9b39b49110ffd8c1b7479020a
jboss-webserver-5/jws58-openjdk17-openshift-rhel8@sha256:92d28009d5859f97b21268d6a4f1ef20ffbdf700ade89a088870b0901c544465
jboss-webserver-5/jws58-openjdk8-openshift-rhel8@sha256:a2977d1a473a20ef294b9241e9cdefea94a446e624d23fa52b774bdf48db5249

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.