Issued:: 2025-08-18
Updated:: 2025-08-18

RHBA-2025:13993 - Bug Fix Advisory

Overview
Updated Images

Synopsis

Update the JWS Operator for OpenShift to fix sqlite and libxml2 CVEs

Type/Severity

Bug Fix Advisory

Topic

Update the JWS Operator for OpenShift to fix sqlite and libxml2 CVEs

Description

This erratum covers updates to the JWS Operator for OpenShift to fix the following sqlite and libxml2 CVEs:

sqlite: Integer Truncation in SQLite (CVE-2025-6965)
libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (CVE-2025-7425)

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86_64
Red Hat OpenShift Container Platform 4.11 for RHEL 8 x86_64

Fixes

BZ - 2383146 - CVE-2025-8058 glibc: Double free in glibc

CVEs

References

(none)

ppc64le

jboss-webserver-5/jws5-operator-bundle@sha256:ec4436e94ba8f0a17466013f8916191471b50a96e643d1680cc7e1742f68aca6

jboss-webserver-5/jws5-rhel8-operator@sha256:73650feb52943b0e20e7c4b6265964f5a66a51de9e0c1bd21fe7963c585a921f

s390x

jboss-webserver-5/jws5-operator-bundle@sha256:a7563b37ff965efc4cb6f7127dd125d1c18b5f52b6e200f8e653a7fe0cf03447

jboss-webserver-5/jws5-rhel8-operator@sha256:1f0468c9132da79712e2f83416674a29b33aed07ac45dd7a6b235039f7168dd4

x86_64

jboss-webserver-5/jws5-operator-bundle@sha256:bc54ed0872499322add966149acb204cf596736dacac40cc83be6bfbfe4ff3af

jboss-webserver-5/jws5-rhel8-operator@sha256:0d147e6dcfb8f83c71352b695cd3d02986aed8761e6d44708fd3a6fce2ae461b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation