Issued:: 2025-09-23
Updated:: 2025-09-23

RHSA-2025:16455 - Security Advisory

Overview
Updated Packages

Synopsis

Important: Red Hat Product OCP Tools 4.18 Openshift Jenkins security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.18. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.

Security Fix(es):

jenkins: HTTP/2 (including DNS over HTTPS) contains a design flaw and is

vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames
(CVE-2025-5115)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258

Affected Products

OpenShift Developer Tools and Services 4.18 x86_64
OpenShift Developer Tools and Services 4.18 s390x
OpenShift Developer Tools and Services 4.18 ppc64le
OpenShift Developer Tools and Services 4.18 aarch64

Fixes

BZ - 2373310 - CVE-2025-5115 jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames

CVEs

CVE-2025-5115

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

OpenShift Developer Tools and Services 4.18

SRPM
jenkins-2-plugins-4.18.1758260849-1.el9.src.rpm	SHA-256: f3c1e47052c5ae4bbad585cf09a202c2273e6c9e78c2fa19cf71a71b4b694d11
jenkins-2.516.3.1758260563-3.el9.src.rpm	SHA-256: c0fb946816941fb02b0819621814eba1166a86c4a69dfbd8a4c346fa5fadeee2
x86_64
jenkins-2-plugins-4.18.1758260849-1.el9.noarch.rpm	SHA-256: 01ca82eafbca1cdc10c0b375dc59693fc04aea79ece7e72126bb7834b4d74e0f
jenkins-2.516.3.1758260563-3.el9.noarch.rpm	SHA-256: f271ac7f888c9e4495c0ea8765e11d7d6e3388db102f9784eba50700df9ba794
s390x
jenkins-2-plugins-4.18.1758260849-1.el9.noarch.rpm	SHA-256: 01ca82eafbca1cdc10c0b375dc59693fc04aea79ece7e72126bb7834b4d74e0f
jenkins-2.516.3.1758260563-3.el9.noarch.rpm	SHA-256: f271ac7f888c9e4495c0ea8765e11d7d6e3388db102f9784eba50700df9ba794
ppc64le
jenkins-2-plugins-4.18.1758260849-1.el9.noarch.rpm	SHA-256: 01ca82eafbca1cdc10c0b375dc59693fc04aea79ece7e72126bb7834b4d74e0f
jenkins-2.516.3.1758260563-3.el9.noarch.rpm	SHA-256: f271ac7f888c9e4495c0ea8765e11d7d6e3388db102f9784eba50700df9ba794
aarch64
jenkins-2-plugins-4.18.1758260849-1.el9.noarch.rpm	SHA-256: 01ca82eafbca1cdc10c0b375dc59693fc04aea79ece7e72126bb7834b4d74e0f
jenkins-2.516.3.1758260563-3.el9.noarch.rpm	SHA-256: f271ac7f888c9e4495c0ea8765e11d7d6e3388db102f9784eba50700df9ba794

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation