RHBA-2025:1873 - Bug Fix Advisory

Topic

This erratum covers updates to the current Red Hat JBoss Web Server 6.0 for OpenShift images to fix libsoup CVE-2024-52531.

Description

Red Hat xPaaS provides images for many of the Red Hat Middleware products that are available for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments.

The current JBoss Web Server 6.0 for OpenShift images have been updated to fix the following libsoup CVE:

• libsoup: buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict (CVE-2024-52531)

Solution

To update to the latest JBoss Web Server 6.0.5 for OpenShift image on UBI8, perform the following steps to pull in the content:

1. On your master host(s), ensure that you are logged in to the command line interface as a cluster administrator or user who has project administrator access to the global "openshift" project:

$ oc login -u system:admin

2. Depending on the OpenJDK version, run one of the following commands to update the core JBoss Web Server 6.0 tomcat 10 OpenShift image stream in the "openshift" project:

• For OpenJDK 17:

To update the core JBoss Web Server 6.0 tomcat 10 with OpenJDK 17 OpenShift image, run the following command:

$ oc -n openshift import-image jboss-webserver60-openjdk17-tomcat10-openshift-ubi8:6.0.5

• For OpenJDK 21:

To update the core JBoss Web Server 6.0 tomcat 10 with OpenJDK 21 OpenShift image, run the following command:

$ oc -n openshift import-image jboss-webserver60-openjdk21-tomcat10-openshift-ubi8:6.0.5

Affected Products

• Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86_64
• Red Hat OpenShift Container Platform 4.11 for RHEL 8 x86_64

Fixes

CVEs

• CVE-2019-12900
• CVE-2020-11023
• CVE-2022-49043
• CVE-2024-35195
• CVE-2024-52531
• CVE-2025-21502

References

• https://access.redhat.com/errata/RHSA-2025:0838