ubuntu-docker-images team mailing list archive

[Athos Ribeiro <athos.ribeiro@xxxxxxxxxxxxx>]

On Tue, Jan 18, 2022 at 09:30:33AM -0300, Emilia Torino wrote:
> ---------- Forwarded message ---------
> From: <security-team-toolbox-bot@xxxxxxxxxxxxx>
> Date: Tue, Jan 18, 2022 at 2:09 AM
> Subject: postgres contains outdated Ubuntu packages
> To: <ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx>, <
> sergio.durigan@xxxxxxxxxxxxx>
>
>
> A scan of this rock shows that it was built with packages from the Ubuntu
> archive that have since received security updates. The following lists new
> USNs for affected binary packages in each rock revision:

Hi Emilia,

Thanks for forwarding this one here!

> Revision r3a69013f3ab1 (s390x; channels: 12-20.04_beta, 12-20.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision r6e1d0046fdac (ppc64le; channels: 12-20.04_beta, 12-20.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision rccb00f8d5bf5 (amd64; channels: 12-20.04_beta, 12-20.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1
>
> Revision rd6f60e5b2c57 (arm64; channels: 12-20.04_beta, 12-20.04_edge)
> * libsystemd0: 5226-1
> * libudev1: 5226-1

These seem to be the same USNs from the last 2 alerts we received. We
did rebuilt these images twice so far. Perhaps we are not properly
fetchng the package fixes during the rebuilds.

I am investigating it :)

> Simply rebuilding the rock will pull in the new security updates and
> resolve this. If your rock also contains vendored code, now might be a
> good time to review it for any needed updates.
>
> Thank you for your rock and for attending to this matter.
>
> References:
> * https://ubuntu.com/security/notices/USN-5226-1/

> --
> Mailing list: https://launchpad.net/~ubuntu-docker-images
> Post to     : ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~ubuntu-docker-images
> More help   : https://help.launchpad.net/ListHelp


--
Athos Ribeiro