- Issued:
- 2024-09-17
- Updated:
- 2024-09-17
RHBA-2024:6717 - Bug Fix Advisory
Synopsis
Update the JWS Operator for OpenShift to fix python-setuptools and curl CVEs
Type/Severity
Bug Fix Advisory
Topic
The JBoss Web Server (JWS) Operator for OpenShift has been updated to provide a fix for python-setuptools and curl CVEs.
Description
This erratum covers updates to the JWS Operator for OpenShift to fix the following python-setuptools and curl CVEs:
- curl: CVE-2024-2398
- python-setuptools: CVE-2024-6345
Solution
You can download the RHEL-8-based Middleware Containers container image that this update provides from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available in the Red Hat Container Catalog (see the References section).
Dockerfiles and scripts should be amended to refer to this new image specifically or to the latest image generally.
Affected Products
- Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.11 for RHEL 8 x86_64
Fixes
- BZ - 2270498 - CVE-2024-2398 curl: HTTP/2 push headers memory-leak
CVEs
ppc64le
| jboss-webserver-5/jws5-operator-bundle@sha256:2e5a5816680360163b0dda712fd4e5fdde233720592ea1b68c58faac22682a8d |
| jboss-webserver-5/jws5-rhel8-operator@sha256:5d764b985b065c9680a252301f1e26ef28f00866afbc09df44c6e3bbf5444e18 |
s390x
| jboss-webserver-5/jws5-operator-bundle@sha256:f599f85370a76a3cb3d72148ea845ce0394c3211f235f6e5343a4c4d68aee4f7 |
| jboss-webserver-5/jws5-rhel8-operator@sha256:a9f0c6636d91881507447b3bc940920232cb1874f69565bb1458dbddd57e2770 |
x86_64
| jboss-webserver-5/jws5-operator-bundle@sha256:995cf5596103a60e1ac43709410831fbb013e38c5710c3494cbbeb4bade55d52 |
| jboss-webserver-5/jws5-rhel8-operator@sha256:863fd2c99f6bf6cd1cf18633a53987765833b7c3eef93f22fd042a575ecb4eed |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
