Red Hat Product Errata RHSA-2025:17562 - Security Advisory
Issued:
2025-10-08
Updated:
2025-10-08

RHSA-2025:17562 - Security Advisory

Synopsis

Moderate: AMQ Broker 7.13.2.OPR.1.GA Container Images release and security update

Type/Severity

Security Advisory: Moderate

Topic

This is the multiarch release of the AMQ Broker 7.13.2 aligned Operator and associated container images on Red Hat Enterprise Linux for the OpenShift Container Platform.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat Middleware for OpenShift provides images for many of the Red Hat Middleware products for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments.

This release of Red Hat AMQ Broker 7.13.2 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

Security Fix(es):

  • (CVE-2025-58712) amq-broker-init-rhel9: privilege escalation via excessive /etc/passwd permissions
  • (CVE-2025-58712) amq-broker-rhel9: privilege escalation via excessive /etc/passwd permissions

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

For information on supported configurations, see Red Hat AMQ Broker 7 Supported Configurations at https://access.redhat.com/articles/2791941

Solution

To update to the latest image please refer to the AMQ container images in the Red Hat Container catalog.

Affected Products

  • Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.11 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.9 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.8 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.7 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.6 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.5 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.4 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.3 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.2 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.1 for RHEL 8 x86_64
  • Red Hat JBoss Middleware 1 x86_64
  • Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.9 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.8 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.7 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.6 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.5 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.4 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.3 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.9 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.8 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.7 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.6 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.5 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.4 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.3 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.2 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for ARM 64 4.10 aarch64

Fixes

  • BZ - 2394418 - CVE-2025-58712 amq: privilege escalation via excessive /etc/passwd permissions

aarch64

amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:8018dcfd760803867e3b5d7d52679343325e42fb9e7bd6286fbf3edcfaf3f721
amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:5bea712e835fa8531b0a2c25ebd89fbd43cb1efbf86361bd66886f6894ac8660
amq7/amq-broker-init-rhel9@sha256:869954655497885a4567939746a1d044df1479321b4cac63ee93d629738124dc
amq7/amq-broker-rhel9@sha256:9ab9abec5a6a22c5b8b893c03e5257c3362a8afeb93b6f171d411b35acd02d87
amq7/amq-broker-rhel9-operator@sha256:3ae4080c838322980d13a5acb981c5584ec1512c7d59b7d6cee0bdc157682851

ppc64le

amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:df06cfeedcc4d41d66a392a95cd103d4562b6a33f4ca665c35f310b099e61bc2
amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:e03e5adcfe23118c42cfe6eaa5de710128ebcd1188582c3d39cd2fd0f16af01e
amq7/amq-broker-init-rhel9@sha256:725b875c9ca96582d691aef2220b14e22f75e6840b987f48bf1333f428cfa1f7
amq7/amq-broker-rhel9@sha256:9a3b7a41a2d0e7ab6a6f804d092f271feae675c39db3101f20318201360ca840
amq7/amq-broker-rhel9-operator@sha256:d3d35ae65371c65e84c93608d1dc4f1516e822d078d60a712c2bbb59a4350991

s390x

amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:d165fa9eaa342e52b7ea9f17edff7a8b816acab21610ddedb34c0fd45c255004
amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:03189040dfd46fb9d77821e82b6e476c827d435780fd5601a14a2fc427c62ac8
amq7/amq-broker-init-rhel9@sha256:341a80c596eb555d435d2489132cb89fe47e9a0e40f2045b5773a81889063946
amq7/amq-broker-rhel9@sha256:6ee2d7b346cf6c7fe9a3dd7846e0907bfe7241cd9b8139cf6eaeb0a8dbb0a427
amq7/amq-broker-rhel9-operator@sha256:98291e2f50cc6f2313096ab5b51dcaa1e0d3232236fa6d839cfe63fbeaec0cb5

x86_64

amq7-tech-preview/amq-broker-console-plugin-rhel9@sha256:0c2b3d12e0c749b62659fd95781f17510e71abd8659d8e8e2e77b37e43297f6c
amq7-tech-preview/amq-broker-jolokia-api-server-rhel9@sha256:860d4857f8f78e187700097f7e284881ebcd3cc546be5c5e10dbecf062fb0743
amq7/amq-broker-init-rhel9@sha256:1855ee7290a6b7446e5adc64ca447cb5d3fb462fb11a0d01cb9b5ef67ad666bb
amq7/amq-broker-rhel9@sha256:ea91a6449ec9b6311ed3ff1294212dd746dc64a040bb797b5fda42f4f29efcb5
amq7/amq-broker-rhel9-operator@sha256:e06ad5a9fb69f76088bdd5ab5a4271ca62c78659fbffd9e7c632a8e5466cfd6b
amq7/amq-broker-rhel9-operator-bundle@sha256:33f584255364b8f5cc7e37f14d7a257b4414716872323433374001df2eb47c7d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.