Red Hat Product Errata RHBA-2025:3840 - Bug Fix Advisory
Issued:
2025-04-14
Updated:
2025-04-14

RHBA-2025:3840 - Bug Fix Advisory

Synopsis

updated Red Hat OpenShift Dev Spaces 3 container images

Type/Severity

Bug Fix Advisory

Topic

Updated Red Hat OpenShift Dev Spaces 3 container images are now available

Description

The Red Hat OpenShift Dev Spaces 3 container images have been updated to address the following security advisory: RHSA-2025:3713 (see References)

Users of Red Hat OpenShift Dev Spaces 3 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.

You can find images updated by this advisory in Red Hat Container Catalog (see References).

Solution

The Red Hat OpenShift Dev Spaces 3 container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).

Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.

Affected Products

  • Red Hat OpenShift Dev Spaces 3 x86_64

Fixes

  • BZ - 2353871 - CVE-2024-44192 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
  • BZ - 2353872 - CVE-2024-54467 webkitgtk: A malicious website may exfiltrate data cross-origin
  • BZ - 2357909 - CVE-2024-54551 webkitgtk: Processing web content may lead to a denial-of-service
  • BZ - 2357910 - CVE-2025-24208 webkitgtk: Loading a malicious iframe may lead to a cross-site scripting attack
  • BZ - 2357911 - CVE-2025-24209 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
  • BZ - 2357917 - CVE-2025-24216 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash
  • BZ - 2357919 - CVE-2025-30427 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash

ppc64le

devspaces/pluginregistry-rhel8@sha256:9eacaa4db6e65642c39fb13b2ff9e8acf0c9e1d71c184653c1520432964661b2
devspaces/pluginregistry-rhel9@sha256:c9d64564440d17f3dc21080b5a9ae188ef6108cd1ad96a15aadeff5dd0a7a4a0
devspaces/udi-rhel9@sha256:324f087694690b499cc84d15c43069edaac430612b4f339002e8dde87c541216

s390x

devspaces/pluginregistry-rhel8@sha256:2b065539b4a70d28692a82e7275d4b619d6e0347e00bbaee871c3b88ffc5c205
devspaces/pluginregistry-rhel9@sha256:4325d9bef3c10a36d7fc6bcfaf8e48a62eb4241d177e545e273c9018bb01a6a1
devspaces/udi-rhel9@sha256:8cca124b8943d3c091cb8845d2619ade91f2f1ef15dbb3d0be0eb8cf69ebaf97

x86_64

devspaces/pluginregistry-rhel8@sha256:b66453d989358289cc9dcddcfaadfbbd723980c94da462ecc0295b5cc7284b2d
devspaces/pluginregistry-rhel9@sha256:7fda5e6b6d726fbaa7a01ee55ba0751c7a09332e4a8469f822e1c7a9881aecf2
devspaces/udi-rhel9@sha256:8f637c3b16b0fb963a3f9f8e8ed456c55edaa4eb9fd51b87d6e700215784e929

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.