Issued:: 2025-02-13
Updated:: 2025-02-13

RHSA-2025:1454 - Security Advisory

Overview
Updated Images

Synopsis

Moderate: Update Red Hat Developer Hub 1.3 to mitigate relevant CVEs

Type/Severity

Security Advisory: Moderate

Topic

An updated Red Hat Developer Hub 1.3 on RHEL 9 container image is now available.

Description

The Red Hat Developer Hub 1.3 on RHEL 9 container image has been updated to address the following CVEs:

CVE-2025-22150

Users of Red Hat Developer Hub 1.3 on RHEL 9 container images are advised to
upgrade to these updated images, which contain patches to mitigate
the listed CVEs. Users of these
images are also encouraged to rebuild all container images that depend on these
images.

You can find images updated by this advisory in Red Hat Container Catalog (see
References).

Solution

For more information, see the links available in the References

Affected Products

Red Hat Developer Hub 1 x86_64

Fixes

BZ - 2339176 - CVE-2025-22150 undici: Undici Uses Insufficiently Random Values
RHIDP-5818 - RHDH 1.3.5 Release

CVEs

References

x86_64

rhdh/rhdh-hub-rhel9@sha256:31d6bdea79270a02f989277bdf18121d591ec9c160c40788c02e64be5ffbb79c

rhdh/rhdh-operator-bundle@sha256:6e1815a61429118549458c96a0ef2ef27a9b5f8de9bc6ae3b7fd7925b8e30d83

rhdh/rhdh-rhel9-operator@sha256:51d5b670cf186acd28215e7667435a9eb1ec76e9393d59c2ae43e127f0b9106e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Ansible.com

Red Hat Ecosystem Catalog

Red Hat Hybrid Cloud Console

Red Hat Store

Red Hat Marketplace

Red Hat Summit and AnsibleFest