Red Hat Product Errata RHBA-2026:2141 - Bug Fix Advisory
Issued:
2026-02-05
Updated:
2026-02-05

RHBA-2026:2141 - Bug Fix Advisory

Synopsis

Update JBoss Web Server 6.1 for OpenShift images to fix multiple CVEs

Type/Severity

Bug Fix Advisory

Topic

This erratum covers updates to the current Red Hat JBoss Web Server 6.1 for OpenShift images to fix multiple openjdk, libsoup, gnupg2, and libpng CVEs.

Description

Red Hat xPaaS provides images for many of the Red Hat Middleware products that are available for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments.

The current JBoss Web Server 6.1 for OpenShift images have been updated to fix the following CVEs:

  • openjdk: Enhance Certificate Checking (Oracle CPU 2026-01) (CVE-2026-21945)
  • libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins) (CVE-2025-14523)
  • GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write (CVE-2025-68973)
  • libpng: LIBPNG buffer overflow (CVE-2025-64720)
  • libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
  • libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)

Solution

To update to the latest JBoss Web Server 6.1.3 for OpenShift image on UBI8, perform the following steps to pull in the content:

1. On your master host(s), ensure that you are logged in to the command line interface as a cluster administrator or user who has project administrator access to the global "openshift" project:

$ oc login -u system:admin

2. Depending on the OpenJDK version, run one of the following commands to update the core JBoss Web Server 6.1 tomcat 10 OpenShift image stream in the "openshift" project:

  • For OpenJDK 17:

To update the core JBoss Web Server 6.1 tomcat 10 with OpenJDK 17 OpenShift image, run the following command:

$ oc -n openshift import-image jboss-webserver61-openjdk17-tomcat10-openshift-ubi8:6.1.3

  • For OpenJDK 21:

To update the core JBoss Web Server 6.1 tomcat 10 with OpenJDK 21 OpenShift image, run the following command:

$ oc -n openshift import-image jboss-webserver61-openjdk21-tomcat10-openshift-ubi8:6.1.3

Affected Products

  • Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.11 for RHEL 8 x86_64

Fixes

(none)

aarch64

jboss-webserver-6/jws61-openjdk17-openshift-rhel8@sha256:6b8cba8b1ed3fd7f534548adcd42e62517191fab80a2fdde1375ffcb18be47a4
jboss-webserver-6/jws61-openjdk21-openshift-rhel8@sha256:416741b2a2bfc16789558db97e453854d4b9af47aacd4ec04868388227b72722

ppc64le

jboss-webserver-6/jws61-openjdk17-openshift-rhel8@sha256:4ea44ba8865db8a458831db6687ab00b1e0eb83a863a0ccf7442455da104e7c7
jboss-webserver-6/jws61-openjdk21-openshift-rhel8@sha256:b5fa8537df909facb3b6a82fa9e5524e6239f7fe69b4515eb91c6fd85c27ee20

s390x

jboss-webserver-6/jws61-openjdk17-openshift-rhel8@sha256:bc32abf14ee26361cb907395d6016789043c2704b19299f49e19920a8bae3c8a
jboss-webserver-6/jws61-openjdk21-openshift-rhel8@sha256:b7395809c80a7ea7bc4e3abd72ea6bb125364077782a5f2c180847afc8bb9ab3

x86_64

jboss-webserver-6/jws61-openjdk17-openshift-rhel8@sha256:f588d26c6d06d5457ac294f45cc4fadf174826f0191b3d2b9c2282a2996a01b4
jboss-webserver-6/jws61-openjdk21-openshift-rhel8@sha256:96a2246d3af63a32df24c96603a6d60728d3886cb8f44ce29fe6fb096790e03e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.