Red Hat Product Errata RHSA-2023:4720 - Security Advisory
Issued:
2023-08-23
Updated:
2023-08-23

RHSA-2023:4720 - Security Advisory

Synopsis

Moderate: AMQ Broker 7.11.1.OPR.2.GA Container Images Release

Type/Severity

Security Advisory: Moderate

Topic

This is the multiarch release of the AMQ Broker 7.11.1 aligned Operator and associated container images on Red Hat Enterprise Linux 8 for the OpenShift Container Platform.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat Middleware for OpenShift provides images for many of the Red Hat Middleware products for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments.

This release of the AMQ Broker 7.11.1 aligned Operator includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

Security Fix(es):

  • amq-broker-operator-container: Red Hat AMQ Broker Operator: plaintext password in operator log (CVE-2023-4065)
  • activemq-broker-operator: Red Hat AMQ Broker Operator: Passwords defined in secrets shown in StatefulSet yaml (CVE-2023-4066)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

For information on supported configurations, see Red Hat AMQ Broker 7 Supported Configurations at https://access.redhat.com/articles/2791941

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.11 for RHEL 8 x86_64
  • Red Hat JBoss Middleware 1 x86_64

Fixes

  • BZ - 2224630 - CVE-2023-4065 Red Hat AMQ Broker Operator: plaintext password in operator log
  • BZ - 2224677 - CVE-2023-4066 Red Hat AMQ Broker Operator: Passwords defined in secrets shown in StatefulSet yaml
  • ENTMQBR-7804 - Move json dumps for Openshift objects into Debug from INFO loglevel

ppc64le

amq7/amq-broker-rhel8-operator@sha256:200dabaa7d3d7ef22353e5f70e8d7b12fe36c8e7a6c39bfa518c6187d76a9f3f

s390x

amq7/amq-broker-rhel8-operator@sha256:f3a205691b5d9f5623a52c756825c14bc37cb1c9e8997c915293d00ff18572a6

x86_64

amq7/amq-broker-rhel8-operator@sha256:9c737dd9ea0e03d26997391b7ea08c51923fdbb3bd0852f00e58d96c78c27297
amq7/amq-broker-rhel8-operator-bundle@sha256:2da4c3e7edd27833b01c2c89e815694fc5521b1fba56a56fab4c6421d550c091

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.