Red Hat Product Errata RHBA-2026:1605 - Bug Fix Advisory
Issued:
2026-01-29
Updated:
2026-01-29

RHBA-2026:1605 - Bug Fix Advisory

Synopsis

updated RHEL-9 based Middleware Containers container images

Type/Severity

Bug Fix Advisory

Topic

Updated RHEL-9 based Middleware Containers container images are now available

Description

The RHEL-9 based Middleware Containers container images have been updated to address the following security advisory: RHSA-2026:1473 (see References)

Users of RHEL-9 based Middleware Containers container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.

You can find images updated by this advisory in Red Hat Container Catalog (see References).

Solution

The RHEL-9 based Middleware Containers container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).

Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.

Affected Products

  • Red Hat JBoss Middleware 1 x86_64

Fixes

  • BZ - 2430375 - CVE-2025-11187 openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file
  • BZ - 2430376 - CVE-2025-15467 openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing
  • BZ - 2430377 - CVE-2025-15468 openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling
  • BZ - 2430378 - CVE-2025-15469 openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation
  • BZ - 2430379 - CVE-2025-66199 openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression
  • BZ - 2430380 - CVE-2025-68160 openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter
  • BZ - 2430381 - CVE-2025-69418 openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls
  • BZ - 2430386 - CVE-2025-69419 openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing
  • BZ - 2430387 - CVE-2025-69421 openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing
  • BZ - 2430388 - CVE-2025-69420 openssl: OpenSSL: Denial of Service via malformed TimeStamp Response
  • BZ - 2430389 - CVE-2026-22795 openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing
  • BZ - 2430390 - CVE-2026-22796 openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification

aarch64

openjdk-tech-preview/openjdk-21-jlink-rhel9@sha256:713a081c8199bda581cd2be81514da76ac2ca70ece62b0564126aca46c63c827
ubi9/openjdk-17@sha256:e4dfd570e42450ded4df6ae1b0ff20006802afa412b97daa1564efe4208ee818
ubi9/openjdk-17-runtime@sha256:7e06651458274326c77b7c654c18cff1ca370472ab84ef4079149cd69f155e8c
ubi9/openjdk-21@sha256:99aa638acea28cba7d36443ca32245f04d4490b1068511e3c395c539e01fdb23
ubi9/openjdk-21-runtime@sha256:8cc80184c4620a7ad3fb4acd2d8069565d5b26e7a841f0b4c8ab3f9f8e15a622
ubi9/openjdk-25@sha256:7f9d456834365ed899f6b70ca4bf1e2725d3614268fc431daf487313c0f56263
ubi9/openjdk-25-runtime@sha256:bac320fe97d5acbaaf92ef6d8bbb36122402dd3ae5f2dcedf541b481107a6044

ppc64le

openjdk-tech-preview/openjdk-21-jlink-rhel9@sha256:1403fa3aed30f24137801187ee15ac653b6ffbbb75881bd057b10986d0b66b39
ubi9/openjdk-17@sha256:7272e8c6d448a6b90e69dfcf2dbb52cf3b9d51c7d41c5a04b8b630621f849878
ubi9/openjdk-17-runtime@sha256:33dcdc733fa37ed251faaa650f8f5ac8c48313a32b43ec17800734ebcea1c18c
ubi9/openjdk-21@sha256:19e8ba70c758e2884cd3eee67a1fdd55d0f65a3d18d0cd2653da278e9dfd18a8
ubi9/openjdk-21-runtime@sha256:f36db9d0276cb232b29ff1b8d1bac78a78fe354e6ff39890621b3948028e763f
ubi9/openjdk-25@sha256:ddea71c41f314d14136eef71d4528fa6e990b306df50cd4ca6f4b570f9ffba57
ubi9/openjdk-25-runtime@sha256:e5516a0d0251b425242abdcf7bff0a59e3b162785359ce9d4e79ec2321275a8d

s390x

openjdk-tech-preview/openjdk-21-jlink-rhel9@sha256:7e3db6abb4cb6b7ff8ad7780c530776374ab02268e60853ea603ed2793a58418
ubi9/openjdk-17@sha256:45b004961c6b1a183e32c74d2603123487b6cf145732a5a25bf31b3918ec524a
ubi9/openjdk-17-runtime@sha256:b075b1ff51f628e585d7e63e9efa321891e1f76404aec0aa5b675995f2388e50
ubi9/openjdk-21@sha256:44f0db74980fc34170debc2d1fdca9313c8968da83f31e1d35484f0baea0ecd1
ubi9/openjdk-21-runtime@sha256:100b114caddbfc90ecc432e56bfb8487a423bfcde7208842df4e776508aedde8
ubi9/openjdk-25@sha256:0a67888e3bf06611b0840cbb003bd0d7920aea48353c09bda0a55eb0409aa081
ubi9/openjdk-25-runtime@sha256:34839e7810848fb0fc30bcc2ccdcc158adc21e25ec24eeaa480ff0c4690b5689

x86_64

openjdk-tech-preview/openjdk-21-jlink-rhel9@sha256:1f3fab833a3aab2a03eaf09b238b5a9f6deedfe574ff22762838947645ec0b7f
ubi9/openjdk-17@sha256:5253be79e248bc24cd29c346fc1ac2ceac82ceeac17dd39d23a6b23d27a3d719
ubi9/openjdk-17-runtime@sha256:150b532a1b5d763bcc95cf8813776ec2f3858e6192ab7eaa8700bf50437b6df2
ubi9/openjdk-21@sha256:275e377f89ae66485c0386e81272f92838437d7fc0cd29fe455aff8cb082d433
ubi9/openjdk-21-runtime@sha256:bf1350c043fa36af3f7d46489e1bd5c60907cd0babfde998ec4925b04cef6d02
ubi9/openjdk-25@sha256:824909478951e836e20000547a25381fcd1ce82b2033b435eb73fe997667b390
ubi9/openjdk-25-runtime@sha256:12976474ee3e7082f592c3e0259fb9f99c7397087825efc9e87f50741a7837e5

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.