Description:

Red Hat has released security updates to address several vulnerabilities in the following products:

• OpenShift Container Platform 4.6.38
  • Red Hat OpenShift Container Platform 4.6 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform for Power 4.6 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.6 for RHEL 8 s390x
• OpenShift Serverless 1.16.0
  • Red Hat Openshift Serverless 1 x86_64
• OpenShift Serverless Client kn 1.16.0
  • Red Hat Openshift Serverless 1 x86_64
  • Red Hat OpenShift Serverless for IBM Power, little endian 1 ppc64le
  • Red Hat OpenShift Serverless for IBM Z and LinuxONE 1 s390x
• Red Hat JBoss Enterprise Application Platform 7.3.8
  • JBoss Enterprise Application Platform Text-Only Advisories x86_64
• Red Hat JBoss Enterprise Application Platform 7.3.8 on RHEL 8
  • JBoss Enterprise Application Platform 7.3 for RHEL 8 x86_64
• Red Hat JBoss Enterprise Application Platform 7.3.8 on RHEL 7
  • JBoss Enterprise Application Platform 7.3 for RHEL 7 x86_64
• Red Hat JBoss Enterprise Application Platform 7.3.8 on RHEL 6
  • JBoss Enterprise Application Platform 7.3 for RHEL 6 x86_64

Threats:

Attacker could exploit these vulnerabilities by doing the following:

• Remote command execution
• Memory corruption
• Cross-site scripting (XSS)

Best practice and Recommendations:

The CERT team encourages users to review Red Hat security advisory and apply the necessary updates:

• https://access.redhat.com/errata/RHSA-2021:2643
• https://access.redhat.com/errata/RHSA-2021:2705
• https://access.redhat.com/errata/RHSA-2021:2704
• https://access.redhat.com/errata/RHSA-2021:2696
• https://access.redhat.com/errata/RHSA-2021:2694
• https://access.redhat.com/errata/RHSA-2021:2693
• https://access.redhat.com/errata/RHSA-2021:2692