- Issued:
- 2025-02-26
- Updated:
- 2025-02-26
RHBA-2025:1872 - Bug Fix Advisory
Synopsis
Update JBoss Web Server 5.8 for OpenShift images to fix libsoup CVE-2024-52531
Type/Severity
Bug Fix Advisory
Topic
This erratum covers updates to the current Red Hat JBoss Web Server 5.8 for OpenShift images to fix libsoup CVE-2024-52531.
Description
Red Hat xPaaS provides images for many of the Red Hat Middleware products that are available for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments.
The current JBoss Web Server 5.8 for OpenShift images have been updated to fix the following libsoup CVE:
- libsoup: buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict (CVE-2024-52531)
Solution
To update to the latest JBoss Web Server 5.8.2 for OpenShift image on UBI8, perform the following steps to pull in the content:
1. On your master host(s), ensure that you are logged in to the command line interface as a cluster administrator or user who has project administrator access to the global "openshift" project:
$ oc login -u system:admin
2. Depending on the OpenJDK version, run one of the following commands to update the core JBoss Web Server 5.8 tomcat 9 OpenShift image stream in the "openshift" project:
- For OpenJDK 8:
To update the core JBoss Web Server 5.8 tomcat 9 with OpenJDK 8 OpenShift image, run the following command:
$ oc -n openshift import-image jboss-webserver58-openjdk8-tomcat9-openshift-ubi8:5.8.2
- For OpenJDK 11:
To update the core JBoss Web Server 5.8 tomcat 9 with OpenJDK 11 OpenShift image, run the following command:
$ oc -n openshift import-image jboss-webserver58-openjdk11-tomcat9-openshift-ubi8:5.8.2
- For OpenJDK 17:
To update the core JBoss Web Server 5.8 tomcat 9 with OpenJDK 17 OpenShift image, run the following command:
$ oc -n openshift import-image jboss-webserver58-openjdk17-tomcat9-openshift-ubi8:5.8.2
Affected Products
- Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.9 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for Power 4.9 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.9 for RHEL 8 s390x
Fixes
- BZ - 2342118 - CVE-2022-49043 libxml: use-after-free in xmlXIncludeAddNode
ppc64le
| jboss-webserver-5/jws58-openjdk11-openshift-rhel8@sha256:98fbbe84e2dd8a9667ab14b052296372b387080fd9445a4806805c5949d698f6 |
| jboss-webserver-5/jws58-openjdk17-openshift-rhel8@sha256:aa02deb2e199c10d585a7b2e33dbf8884fe08fb1ef6038b288408ef9404e6c68 |
s390x
| jboss-webserver-5/jws58-openjdk11-openshift-rhel8@sha256:5ae16e7aebfb45c219ea5bf69b39d66ecbe0bf53189ff2922c9dbe1ece613579 |
| jboss-webserver-5/jws58-openjdk17-openshift-rhel8@sha256:517083e11b96980395b9ba2993b19b6d4cc6b53d822372503e72f1edde6506dc |
x86_64
| jboss-webserver-5/jws58-openjdk11-openshift-rhel8@sha256:d3d1a298be658d5f6aa81cb59066337af6b2ba8cc110a1765f05dfcbd76f76e1 |
| jboss-webserver-5/jws58-openjdk17-openshift-rhel8@sha256:93dd6c05352a3c8fd43d653f2208131b7411cf6ba4394982f87f5610141a66ed |
| jboss-webserver-5/jws58-openjdk8-openshift-rhel8@sha256:5c41e7de301757bb041003cd1d61325dcac3c63e8cc45e2ff3addb2d8d4489e9 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
