- Issued:
- 2025-10-08
- Updated:
- 2025-10-08
RHBA-2025:17565 - Bug Fix Advisory
Synopsis
Update JBoss Web Server 6.1 for OpenShift images to fix cups CVE
Type/Severity
Bug Fix Advisory
Topic
This erratum covers updates to the current Red Hat JBoss Web Server 6.1 for OpenShift images to fix cups CVE-2025-58060.
Description
Red Hat xPaaS provides images for many of the Red Hat Middleware products that are available for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments.
The current JBoss Web Server 6.1 for OpenShift images have been updated to fix the following cups CVE:
- cups: Authentication Bypass in CUPS Authorization Handling (CVE-2025-58060)
Solution
To update to the latest JBoss Web Server 6.1.2 for OpenShift image on UBI8, perform the following steps to pull in the content:
1. On your master host(s), ensure that you are logged in to the command line interface as a cluster administrator or user who has project administrator access to the global "openshift" project:
$ oc login -u system:admin
2. Depending on the OpenJDK version, run one of the following commands to update the core JBoss Web Server 6.1 tomcat 10 OpenShift image stream in the "openshift" project:
- For OpenJDK 17:
To update the core JBoss Web Server 6.1 tomcat 10 with OpenJDK 17 OpenShift image, run the following command:
$ oc -n openshift import-image jboss-webserver61-openjdk17-tomcat10-openshift-ubi8:6.1.2
- For OpenJDK 21:
To update the core JBoss Web Server 6.1 tomcat 10 with OpenJDK 21 OpenShift image, run the following command:
$ oc -n openshift import-image jboss-webserver61-openjdk21-tomcat10-openshift-ubi8:6.1.2
Affected Products
- Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.9 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for Power 4.9 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.9 for RHEL 8 s390x
Fixes
- BZ - 2392595 - CVE-2025-58060 cups: Authentication Bypass in CUPS Authorization Handling
CVEs
aarch64
| jboss-webserver-6/jws61-openjdk17-openshift-rhel8@sha256:b90f992118e00027d996ab1314e37bd239a3a36ed1e82e7c7f5b159fe34c0e42 |
| jboss-webserver-6/jws61-openjdk21-openshift-rhel8@sha256:dec5c30e76a3f700681883eb316e16890d5e094803093f0e3b3b00a0a14322a0 |
ppc64le
| jboss-webserver-6/jws61-openjdk17-openshift-rhel8@sha256:889897656ef2a68305bdf297f392574a888e183d2b481250c6afb03241efb4b0 |
| jboss-webserver-6/jws61-openjdk21-openshift-rhel8@sha256:b17e392afdb7467e6ebe2dbf0dc9b81ad1900cf4567b67c4edc8539e5a689409 |
s390x
| jboss-webserver-6/jws61-openjdk17-openshift-rhel8@sha256:5b4189928a59afe4b4be9d4ffaaa09e6cc197cff8acab4095ddac0db1f288e97 |
| jboss-webserver-6/jws61-openjdk21-openshift-rhel8@sha256:31fbb59b55b037ad3da8fde62019ec6e2f6bd7c7736ab8062c102a98ccad6029 |
x86_64
| jboss-webserver-6/jws61-openjdk17-openshift-rhel8@sha256:078dea4549d4f9f8867174a85b81ff173e85cbc05db39bab52ba9e7941621e0f |
| jboss-webserver-6/jws61-openjdk21-openshift-rhel8@sha256:df50c9edc02b7b086856c51ce6044dbb8a0cc12c7ba0c8a10537985ef73705ba |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
