Critical Severity

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from expat, Golang Go, gcc, openssl and libxml.

Share this post:

Multiple issues were identified in Red Hat UBI(ubi8/ubi-minimal) v8.5-x packages “expat”, “gcc”, “openssl”, “libxml” and go-toolset v1.16.x that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images.

CVE(s): CVE-2022-22825, CVE-2022-25235, CVE-2022-25315, CVE-2021-41772, CVE-2021-46143, CVE-2022-0778, CVE-2022-22824, CVE-2021-45960, CVE-2022-22823, CVE-2021-42574, CVE-2021-44716, CVE-2021-44717, CVE-2022-25236, CVE-2022-22826, CVE-2022-22827, CVE-2022-23852, CVE-2022-22822, CVE-2022-23308

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM MQ Operator CD release  1.8.0
IBM MQ Operator EUS release  1.3.2
IBM Supplied MQ Advanced Queue Manager Container images 9.2.5.0-r1, 9.2.0.4-r1

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6586492
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216905
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/219782
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/219945
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/213019
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216875
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/221911
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216906
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216473
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216907
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/212526
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216553
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216563
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/219784
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216904
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216901
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/218007
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216908
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/220772

More stories

Security Bulletin: Multiple vulnerabilities affect IBM® Db2® On Openshift and IBM® Db2® and Db2 Warehouse® on Cloud Pak for Data

June 29, 2022 | Critical Severity

IBM has released the following fix for IBM® Db2® On Openshift and IBM® Db2® and Db2 Warehouse® on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. ...read more


Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js

June 29, 2022 | Critical Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains vulnerable versions of Node.js modules used in Web clients. ...read more


Security Bulletin: OpenSSL for IBM i is vulnerable to command injection due to a flaw in c_rehash script (CVE-2022-1292)

June 28, 2022 | Critical Severity

OpenSSL is vulnerable to a command injection due to improper user validation in the c_rehash script as described in the vulnerability details section. IBM i has addressed the vulnerability in OpenSSL with a fix as described in the remediation/fixes section. ...read more