Red Hat Product Errata RHBA-2026:3643 - Bug Fix Advisory
Issued:
2026-03-03
Updated:
2026-03-03

RHBA-2026:3643 - Bug Fix Advisory

Synopsis

Update JBoss Web Server 6.2 for OpenShift images to fix libsoup and brotli CVEs

Type/Severity

Bug Fix Advisory

Topic

This erratum covers updates to the current Red Hat JBoss Web Server 6.2 for OpenShift images to fix libsoup and brotli CVEs.

Description

Red Hat xPaaS provides images for many of the Red Hat Middleware products that are available for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments.

The current JBoss Web Server 6.2 for OpenShift images have been updated to fix the following libsoup and brotli CVEs:

  • libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)
  • libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)
  • Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS (CVE-2025-6176)

Solution

To update to the latest JBoss Web Server 6.2.0 for OpenShift image on UBI8, perform the following steps to pull in the content:

1. On your master host(s), ensure that you are logged in to the command line interface as a cluster administrator or user who has project administrator access to the global "openshift" project:

$ oc login -u system:admin

2. Depending on the OpenJDK version, run one of the following commands to update the core JBoss Web Server 6.2 tomcat 10 OpenShift image stream in the "openshift" project:

  • For OpenJDK 17:

To update the core JBoss Web Server 6.2 tomcat 10 with OpenJDK 17 OpenShift image, run the following command:

$ oc -n openshift import-image jboss-webserver62-openjdk17-tomcat10-openshift-ubi8:6.2.0

  • For OpenJDK 21:

To update the core JBoss Web Server 6.2 tomcat 10 with OpenJDK 21 OpenShift image, run the following command:

$ oc -n openshift import-image jboss-webserver62-openjdk21-tomcat10-openshift-ubi8:6.2.0

Affected Products

  • Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.9 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.9 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.9 for RHEL 8 s390x

Fixes

  • BZ - 2430386 - CVE-2025-69419 openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing

aarch64

jboss-webserver-6/jws62-openjdk17-openshift-rhel8@sha256:7a3a68c989814d3483b0467de51aa912337e9022db856a8c3b0aba383845884d
jboss-webserver-6/jws62-openjdk21-openshift-rhel8@sha256:074466733ed7fdd3abfb9ee096f0bdf19fd2dee3bce5e5a791ed1853fd7f8e12

ppc64le

jboss-webserver-6/jws62-openjdk17-openshift-rhel8@sha256:f35fe0b2ea757c1d794e949afd7c51f71881191e6af12f191527483902f4b7be
jboss-webserver-6/jws62-openjdk21-openshift-rhel8@sha256:61f69ffb5d7281bacdc4ad8e7074b75f2912eda8697acc214366cf261ac5747e

s390x

jboss-webserver-6/jws62-openjdk17-openshift-rhel8@sha256:4bb9c245351f5e348df2ac38fb2a5c965584dee1132e8f90bad0a80c4fd6bb23
jboss-webserver-6/jws62-openjdk21-openshift-rhel8@sha256:1d5b702e2e0ef69f756d04d6424e8530a3541d55a82e5f73cb593a84784567d1

x86_64

jboss-webserver-6/jws62-openjdk17-openshift-rhel8@sha256:5f5efc1bc0278a605ba701493171177178f7847b49f85c1effceccfdad837cd4
jboss-webserver-6/jws62-openjdk21-openshift-rhel8@sha256:d9830f02f6f9ff00062e99fa2b9f7d107502259017b52edade09169273b77270

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.