- Issued:
- 2025-03-03
- Updated:
- 2025-03-03
RHBA-2025:1988 - Bug Fix Advisory
Synopsis
updated 3scale-amp2/manticore-rhel9 container image
Type/Severity
Bug Fix Advisory
Topic
Updated 3scale-amp2/manticore-rhel9 container image is now available for 3scale API Management 2.15 on RHEL 9.
Description
The 3scale-amp2/manticore-rhel9 container image has been updated for 3scale API Management 2.15 on RHEL 9 to address the following security advisory: RHSA-2025:1671 (see References)
Users of 3scale-amp2/manticore-rhel9 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.
You can find images updated by this advisory in Red Hat Container Catalog (see References).
Solution
The 3scale API Management 2.15 on RHEL 9 container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).
Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.
Affected Products
- Red Hat 3scale API Management Platform 2 for RHEL 8 x86_64
- Red Hat 3scale API Management Platform 2 for RHEL 8 s390x
- Red Hat 3scale API Management Platform 2 for RHEL 8 ppc64le
- Red Hat 3scale API Management Platform 2 for RHEL 7 x86_64
- Red Hat 3scale API Management Platform 2 for RHEL 7 s390x
- Red Hat 3scale API Management Platform 2 for RHEL 7 ppc64le
Fixes
- BZ - 2294581 - CVE-2024-5535 openssl: SSL_select_next_proto buffer overread
- BZ - 2294676 - CVE-2024-37371 krb5: GSS message token handling
- BZ - 2301888 - CVE-2024-7264 curl: libcurl: ASN.1 date parser overread
- BZ - 2318857 - CVE-2024-21238 mysql: Thread Pooling unspecified vulnerability (CPU Oct 2024)
- BZ - 2318858 - CVE-2024-21196 mysql: X Plugin unspecified vulnerability (CPU Oct 2024)
- BZ - 2318870 - CVE-2024-21241 mysql: Optimizer unspecified vulnerability (CPU Oct 2024)
- BZ - 2318873 - CVE-2024-21231 mysql: Client programs unspecified vulnerability (CPU Oct 2024)
- BZ - 2318874 - CVE-2024-21197 mysql: Information Schema unspecified vulnerability (CPU Oct 2024)
- BZ - 2318876 - CVE-2024-21218 mysql: InnoDB unspecified vulnerability (CPU Oct 2024)
- BZ - 2318882 - CVE-2024-21201 mysql: Optimizer unspecified vulnerability (CPU Oct 2024)
- BZ - 2318883 - CVE-2024-21236 mysql: InnoDB unspecified vulnerability (CPU Oct 2024)
- BZ - 2318884 - CVE-2024-21237 mysql: Group Replication GCS unspecified vulnerability (CPU Oct 2024)
- BZ - 2318885 - CVE-2024-21203 mysql: FTS unspecified vulnerability (CPU Oct 2024)
- BZ - 2318886 - CVE-2024-21212 mysql: Health Monitor unspecified vulnerability (CPU Oct 2024)
- BZ - 2318897 - CVE-2024-21219 mysql: DML unspecified vulnerability (CPU Oct 2024)
- BZ - 2318900 - CVE-2024-21230 mysql: Optimizer unspecified vulnerability (CPU Oct 2024)
- BZ - 2318905 - CVE-2024-21213 mysql: InnoDB unspecified vulnerability (CPU Oct 2024)
- BZ - 2318914 - CVE-2024-21194 mysql: InnoDB unspecified vulnerability (CPU Oct 2024)
- BZ - 2318922 - CVE-2024-21199 mysql: InnoDB unspecified vulnerability (CPU Oct 2024)
- BZ - 2318923 - CVE-2024-21193 mysql: PS unspecified vulnerability (CPU Oct 2024)
- BZ - 2318925 - CVE-2024-21198 mysql: DDL unspecified vulnerability (CPU Oct 2024)
- BZ - 2318926 - CVE-2024-21247 mysql: mysqldump unspecified vulnerability (CPU Oct 2024)
- BZ - 2318927 - CVE-2024-21239 mysql: InnoDB unspecified vulnerability (CPU Oct 2024)
- BZ - 2331191 - CVE-2024-11053 curl: curl netrc password leak
- BZ - 2339218 - CVE-2025-21497 mysql: InnoDB unspecified vulnerability (CPU Jan 2025)
- BZ - 2339220 - CVE-2025-21520 mysql: MySQL Server Options Vulnerability
- BZ - 2339221 - CVE-2025-21490 mysql: High Privilege Denial of Service Vulnerability in MySQL Server
- BZ - 2339226 - CVE-2025-21529 mysql: Information Schema unspecified vulnerability (CPU Jan 2025)
- BZ - 2339231 - CVE-2025-21531 mysql: InnoDB unspecified vulnerability (CPU Jan 2025)
- BZ - 2339236 - CVE-2025-21504 mysql: Optimizer unspecified vulnerability (CPU Jan 2025)
- BZ - 2339238 - CVE-2025-21540 mysql: Privileges unspecified vulnerability (CPU Jan 2025)
- BZ - 2339243 - CVE-2025-21555 mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability
- BZ - 2339247 - CVE-2025-21543 mysql: Packaging unspecified vulnerability (CPU Jan 2025)
- BZ - 2339252 - CVE-2025-21491 mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability
- BZ - 2339259 - CVE-2025-21525 mysql: DDL unspecified vulnerability (CPU Jan 2025)
- BZ - 2339266 - CVE-2025-21536 mysql: Optimizer unspecified vulnerability (CPU Jan 2025)
- BZ - 2339270 - CVE-2025-21521 mysql: Thread Pooling unspecified vulnerability (CPU Jan 2025)
- BZ - 2339271 - CVE-2025-21501 mysql: Optimizer unspecified vulnerability (CPU Jan 2025)
- BZ - 2339275 - CVE-2025-21534 mysql: Performance Schema unspecified vulnerability (CPU Jan 2025)
- BZ - 2339277 - CVE-2025-21494 mysql: Privileges unspecified vulnerability (CPU Jan 2025)
- BZ - 2339281 - CVE-2025-21519 mysql: Privileges unspecified vulnerability (CPU Jan 2025)
- BZ - 2339284 - CVE-2025-21522 mysql: Parser unspecified vulnerability (CPU Jan 2025)
- BZ - 2339291 - CVE-2025-21503 mysql: InnoDB unspecified vulnerability (CPU Jan 2025)
- BZ - 2339293 - CVE-2025-21518 mysql: Optimizer unspecified vulnerability (CPU Jan 2025)
- BZ - 2339295 - CVE-2025-21559 mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability
- BZ - 2339299 - CVE-2025-21546 mysql: Privilege Misuse in MySQL Server Security Component
- BZ - 2339300 - CVE-2025-21500 mysql: Optimizer unspecified vulnerability (CPU Jan 2025)
- BZ - 2339304 - CVE-2025-21523 mysql: InnoDB unspecified vulnerability (CPU Jan 2025)
- BZ - 2339305 - CVE-2025-21505 mysql: Components Services unspecified vulnerability (CPU Jan 2025)
CVEs
- CVE-2024-5535
- CVE-2024-7264
- CVE-2024-11053
- CVE-2024-12797
- CVE-2024-21193
- CVE-2024-21194
- CVE-2024-21196
- CVE-2024-21197
- CVE-2024-21198
- CVE-2024-21199
- CVE-2024-21201
- CVE-2024-21203
- CVE-2024-21212
- CVE-2024-21213
- CVE-2024-21218
- CVE-2024-21219
- CVE-2024-21230
- CVE-2024-21231
- CVE-2024-21236
- CVE-2024-21237
- CVE-2024-21238
- CVE-2024-21239
- CVE-2024-21241
- CVE-2024-21247
- CVE-2024-37371
- CVE-2025-21490
- CVE-2025-21491
- CVE-2025-21494
- CVE-2025-21497
- CVE-2025-21500
- CVE-2025-21501
- CVE-2025-21503
- CVE-2025-21504
- CVE-2025-21505
- CVE-2025-21518
- CVE-2025-21519
- CVE-2025-21520
- CVE-2025-21521
- CVE-2025-21522
- CVE-2025-21523
- CVE-2025-21525
- CVE-2025-21529
- CVE-2025-21531
- CVE-2025-21534
- CVE-2025-21536
- CVE-2025-21540
- CVE-2025-21543
- CVE-2025-21546
- CVE-2025-21555
- CVE-2025-21559
ppc64le
| 3scale-amp2/manticore-rhel9@sha256:9cff44b90d4782d76b788d46f17e0130d1eeea2d671f58f0392d8db1d4445b82 |
s390x
| 3scale-amp2/manticore-rhel9@sha256:d03ba1c6285986143e63a6bcf2c6c0cad41a9eb1cb199133fbb95a80d321bfe0 |
x86_64
| 3scale-amp2/manticore-rhel9@sha256:ab63e0755bc84188062d3bb03b18d64d1e0a68e868716e8e3a24db2e201841d6 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
