- Issued:
- 2025-04-10
- Updated:
- 2025-04-10
RHBA-2025:3822 - Bug Fix Advisory
Synopsis
Update the JWS Operator for OpenShift to fix libxml2 CVEs
Type/Severity
Bug Fix Advisory
Topic
The JBoss Web Server (JWS) Operator for OpenShift has been updated to provide a fix for libxml2 CVE-2024-56171 and CVE-2025-24928.
Description
This erratum covers updates to the JWS Operator for OpenShift to fix libxml2 CVE-2024-56171 and CVE-2025-24928.
Solution
You can download the RHEL-8-based Middleware Containers container image that this update provides from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available in the Red Hat Container Catalog (see the References section).
Dockerfiles and scripts should be amended to refer to this new image specifically or to the latest image generally.
Affected Products
- Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.11 for RHEL 8 x86_64
Fixes
- BZ - 2342796 - CVE-2025-24528 krb5: overflow when calculating ulog block size
References
(none)
ppc64le
| jboss-webserver-5/jws5-operator-bundle@sha256:e030be3f038dfa170fec701b5bb92506a0f083ff05cdb9ff412ac6a40507ef1c |
| jboss-webserver-5/jws5-rhel8-operator@sha256:b6b976b6e5cc058b273e06061ca034720c7697f6cbdfdca52b9d05e1f4a50c55 |
s390x
| jboss-webserver-5/jws5-operator-bundle@sha256:3dee60d7a0179a45de15bea491179295fac257e965e12b10ab622e80cd822e93 |
| jboss-webserver-5/jws5-rhel8-operator@sha256:fb4faba0816b02fd4884bec63e76ab347c600ce7c2c90aae104c6b95161febba |
x86_64
| jboss-webserver-5/jws5-operator-bundle@sha256:ed14529f75d197c5d766de9eb6e058d288b2aa9bd6c606d5cd05b6dad0f06f88 |
| jboss-webserver-5/jws5-rhel8-operator@sha256:155b2d0d5944d5cf98f0d3da10510271f4b931b8cbacb2349ab6d05aa1a2cccd |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
