Red Hat Product Errata RHBA-2026:1728 - Bug Fix Advisory
Issued:
2026-02-02
Updated:
2026-02-02

RHBA-2026:1728 - Bug Fix Advisory

Synopsis

updated rh-sso-7/sso76-openshift-rhel8 container image

Type/Severity

Bug Fix Advisory

Topic

Updated rh-sso-7/sso76-openshift-rhel8 container image is now available for RHEL-8 based Middleware Containers.

Description

The rh-sso-7/sso76-openshift-rhel8 container image has been updated for RHEL-8 based Middleware Containers to address the following security advisory: RHSA-2026:1254 (see References)

Users of rh-sso-7/sso76-openshift-rhel8 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.

You can find images updated by this advisory in Red Hat Container Catalog (see References).

Solution

The RHEL-8 based Middleware Containers container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).

Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.

Affected Products

  • Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.11 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.9 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.9 for RHEL 8 s390x

Fixes

  • BZ - 2419455 - CVE-2025-66418 urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion
  • BZ - 2419467 - CVE-2025-66471 urllib3: urllib3 Streaming API improperly handles highly compressed data
  • BZ - 2427726 - CVE-2026-21441 urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

ppc64le

rh-sso-7/sso7-rhel8-init-container@sha256:294ad3f50274c200551f4f20fcaa39372a383083f3dbd2ef20b6f463e4bd2847
rh-sso-7/sso7-rhel8-operator@sha256:1fde06bfa43d21e4b21ba9257b8ed0fad616a45401ddfa05e0af38fa88e72816
rh-sso-7/sso76-openshift-rhel8@sha256:e16f52e4db6f28802fff78eb5630fa1fe6830b25df2a8fd20579df4a532e011e

s390x

rh-sso-7/sso7-rhel8-init-container@sha256:a52749dc2370012c43331e429f0b24a0d470d96e5715e6792aef7bfa14acd830
rh-sso-7/sso7-rhel8-operator@sha256:7aa3de873f77b791a8b48bf339698e4fd2672f8f1ad01749e7e1c97f2f447721
rh-sso-7/sso76-openshift-rhel8@sha256:51a0e354e288ee404adb1cc50d467076bf0649c9d08d6f36943f739fad790984

x86_64

rh-sso-7/sso7-rhel8-init-container@sha256:3377b3d55ef6148922441406e5471ed5deae2c8c0eaf11df7a5402a0059bc02d
rh-sso-7/sso7-rhel8-operator@sha256:36a93670d954e9a7a14a8e6e3be28d16fdfc23e176e627eab924bf6151b22a51
rh-sso-7/sso7-rhel8-operator-bundle@sha256:cf83717b20a84b9701fca77735afbe5a0af51bf61efba59fe1f0905d352f7daf
rh-sso-7/sso76-openshift-rhel8@sha256:2759f22ebc8b6d3c173cb1cabd64a0bfdc1751039a5c89246083ec7631c5819f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.