- Issued:
- 2024-06-04
- Updated:
- 2024-06-04
RHBA-2024:3586 - Bug Fix Advisory
Synopsis
Update JBoss Web Server 6.0 for OpenShift image to fix glibc and python3 CVEs
Type/Severity
Bug Fix Advisory
Topic
This erratum covers updates to the current Red Hat JBoss Web Server 6.0 for OpenShift images to fix glibc and python3 CVEs.
Description
Red Hat xPaaS provides images for many of the Red Hat Middleware products that are available for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments.
The current JBoss Web Server 6.0.2 for OpenShift images have been updated to fix the following glibc and python3 CVEs:
- glibc: CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601 and CVE-2024-33602
- python3: CVE-2023-6597 and CVE-2024-0450
Solution
To update to the latest JBoss Web Server 6.0.2 for OpenShift image on UBI8, perform the following steps to pull in the content:
1. On your master host(s), ensure that you are logged in to the command line interface as a cluster administrator or user who has project administrator access to the global "openshift" project:
$ oc login -u system:admin
2. To update the core JBoss Web Server 6.0 tomcat 10 with OpenJDK 17 OpenShift image, run the following command:
$ oc -n openshift import-image jboss-webserver60-openjdk17-tomcat10-openshift-ubi8:6.0.2
Affected Products
- Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.11 for RHEL 8 x86_64
Fixes
- CLOUD-4230 - [JWS60] Important - glibc - Multiple CVEs
CVEs
- CVE-2021-43618
- CVE-2022-4645
- CVE-2022-48622
- CVE-2023-6004
- CVE-2023-6597
- CVE-2023-6918
- CVE-2023-7008
- CVE-2023-25193
- CVE-2023-43785
- CVE-2023-43786
- CVE-2023-43787
- CVE-2024-0450
- CVE-2024-21011
- CVE-2024-21012
- CVE-2024-21068
- CVE-2024-21094
- CVE-2024-22365
- CVE-2024-26458
- CVE-2024-26461
- CVE-2024-33599
- CVE-2024-33600
- CVE-2024-33601
- CVE-2024-33602
References
(none)
aarch64
jboss-webserver-6/jws60-openjdk17-openshift-rhel8@sha256:b4d6a8fd86217dcf49e8f23d1c35ef19b4b39f7f4ab8e9afe30c560b534bfd05 |
ppc64le
jboss-webserver-6/jws60-openjdk17-openshift-rhel8@sha256:8eeb3e8512df9c56e825449f6cf93eb3a1c29205c772c6d83d236678ea23ceda |
s390x
jboss-webserver-6/jws60-openjdk17-openshift-rhel8@sha256:8a24a977015728a9a8a5760c39a86a212882a20ad3d16d970c97011e7d562a33 |
x86_64
jboss-webserver-6/jws60-openjdk17-openshift-rhel8@sha256:9c6aa62ab3b8fda926b47b7176bd7055d3ad68e256e495937e372d711c1c3a48 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.