Red Hat Product Errata RHBA-2026:26280 - Bug Fix Advisory
Issued:
2026-06-16
Updated:
2026-06-16

RHBA-2026:26280 - Bug Fix Advisory

Synopsis

updated rhbac-4/hawtio-operator-bundle container image

Type/Severity

Bug Fix Advisory

Topic

Updated rhbac-4/hawtio-operator-bundle container image is now available for RHBOAC HWT 4.4.

Description

The rhbac-4/hawtio-operator-bundle container image has been updated for RHBOAC HWT 4.4 to address the following security advisory: RHBA-2026:26057 (see References)

Users of rhbac-4/hawtio-operator-bundle container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.

You can find images updated by this advisory in Red Hat Container Catalog (see References).

Solution

The container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).

Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.

Affected Products

  • Red Hat Build of Apache Camel 1 x86_64

Fixes

  • BZ - 2481879 - CVE-2026-7383 openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing
  • BZ - 2481880 - CVE-2026-9076 openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption
  • BZ - 2481881 - CVE-2026-34180 openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure.
  • BZ - 2481882 - CVE-2026-34181 openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys
  • BZ - 2481884 - CVE-2026-34182 openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages
  • BZ - 2481885 - CVE-2026-34183 openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler
  • BZ - 2481887 - CVE-2026-42764 openssl: NULL pointer dereference in QUIC server initial packet handling
  • BZ - 2481890 - CVE-2026-42766 openssl: Possible NULL Dereference in Password-Based CMS Decryption
  • BZ - 2481891 - CVE-2026-42767 openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption
  • BZ - 2481892 - CVE-2026-42768 openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()
  • BZ - 2481893 - CVE-2026-42769 openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate
  • BZ - 2481894 - CVE-2026-42770 openssl: FFC-DH Peer Validation Uses Attacker-Supplied q
  • BZ - 2481896 - CVE-2026-45445 openssl: AES-OCB IV Ignored on EVP_Cipher() Path
  • BZ - 2481897 - CVE-2026-45446 openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes
  • BZ - 2481898 - CVE-2026-45447 openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

CVEs

(none)

aarch64

rhbac-4/hawtio-operator-bundle@sha256:58c004d8a0864a22bdbc6931f869b62cd3ec41bcb2c79fcb8c30afe7860eff01

ppc64le

rhbac-4/hawtio-operator-bundle@sha256:842fb6e0a278fb652c4368d081bb104adff59ca33c2eebeaff3ba6c88e985fb3

s390x

rhbac-4/hawtio-operator-bundle@sha256:c2b744cbe29d995e8da892358049c55849d6ed56ad58dac337a24f61e9dd238b

x86_64

rhbac-4/hawtio-operator-bundle@sha256:0b526632870c00879acd5776225cafe18ef824a027e03158de377d361b98292b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.