ubuntu-docker-images team mailing list archive

Thread
Date

Re: redis contains outdated Ubuntu packages

To: security-team-toolbox-bot@xxxxxxxxxxxxx
From: Paulo Machado <paulo.machado@xxxxxxxxxxxxx>
Date: Fri, 10 Jun 2022 15:56:56 -0300
Cc: balbir.thomas@xxxxxxxxxxxxx, ryan.barry@xxxxxxxxxxxxx, simon.aronsson@xxxxxxxxxxxxx, ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx, leon.mintz@xxxxxxxxxxxxx, rocks@xxxxxxxxxxxxx
In-reply-to: <20220608051109.81D133FF54@security-toolbox.internal>

Hello,

Images were rebuilt and tagged in the registries.

Thanks

On Wed, Jun 8, 2022 at 2:13 AM <security-team-toolbox-bot@xxxxxxxxxxxxx>
wrote:

> A scan of this rock shows that it was built with packages from the Ubuntu
> archive that have since received security updates. The following lists new
> USNs for affected binary packages in each rock revision:
>
> Revision r0a3816f939eb (ppc64le; channels: 6.2-22.04_edge, 6.2-22.04_beta,
> latest, edge)
>  * e2fsprogs: 5464-1
>  * libcom-err2: 5464-1
>  * libext2fs2: 5464-1
>  * libss2: 5464-1
>  * logsave: 5464-1
>
> Revision r1cffce4884bf (ppc64le; channels: 6.0-21.10_beta, 6.0-21.10_edge)
>  * e2fsprogs: 5464-1
>  * libcom-err2: 5464-1
>  * libext2fs2: 5464-1
>  * libss2: 5464-1
>  * logsave: 5464-1
>
> Revision r2230def8e9af (ppc64le; channels: 5.0-20.04_edge, 5.0-20.04_beta)
>  * e2fsprogs: 5464-1
>  * libcom-err2: 5464-1
>  * libext2fs2: 5464-1
>  * libss2: 5464-1
>  * logsave: 5464-1
>
> Revision r2cc0d8d2ce60 (amd64; channels: 6.0-21.10_beta, 6.0-21.10_edge)
>  * e2fsprogs: 5464-1
>  * libcom-err2: 5464-1
>  * libext2fs2: 5464-1
>  * libss2: 5464-1
>  * logsave: 5464-1
>
> Revision r4e6882a5becb (s390x; channels: 5.0-20.04_edge, 5.0-20.04_beta)
>  * e2fsprogs: 5464-1
>  * libcom-err2: 5464-1
>  * libext2fs2: 5464-1
>  * libss2: 5464-1
>  * logsave: 5464-1
>
> Revision r5ca3d4a473fb (s390x; channels: 6.0-21.10_beta, 6.0-21.10_edge)
>  * e2fsprogs: 5464-1
>  * libcom-err2: 5464-1
>  * libext2fs2: 5464-1
>  * libss2: 5464-1
>  * logsave: 5464-1
>
> Revision r720f99134219 (amd64; channels: 5.0-20.04_edge, 5.0-20.04_beta)
>  * e2fsprogs: 5464-1
>  * libcom-err2: 5464-1
>  * libext2fs2: 5464-1
>  * libss2: 5464-1
>  * logsave: 5464-1
>
> Revision r8c7b556b5b53 (amd64; channels: 6.2-22.04_edge, 6.2-22.04_beta,
> latest, edge)
>  * e2fsprogs: 5464-1
>  * libcom-err2: 5464-1
>  * libext2fs2: 5464-1
>  * libss2: 5464-1
>  * logsave: 5464-1
>
> Revision rac5404a6feb0 (arm64; channels: 6.0-21.10_beta, 6.0-21.10_edge)
>  * e2fsprogs: 5464-1
>  * libcom-err2: 5464-1
>  * libext2fs2: 5464-1
>  * libss2: 5464-1
>  * logsave: 5464-1
>
> Revision rb9ee0d93c963 (s390x; channels: 6.2-22.04_edge, 6.2-22.04_beta,
> latest, edge)
>  * e2fsprogs: 5464-1
>  * libcom-err2: 5464-1
>  * libext2fs2: 5464-1
>  * libss2: 5464-1
>  * logsave: 5464-1
>
> Revision rcf646eb3dabb (arm64; channels: 5.0-20.04_edge, 5.0-20.04_beta)
>  * e2fsprogs: 5464-1
>  * libcom-err2: 5464-1
>  * libext2fs2: 5464-1
>  * libss2: 5464-1
>  * logsave: 5464-1
>
> Revision rd180ce4f9a4b (arm64; channels: 6.2-22.04_edge, 6.2-22.04_beta,
> latest, edge)
>  * e2fsprogs: 5464-1
>  * libcom-err2: 5464-1
>  * libext2fs2: 5464-1
>  * libss2: 5464-1
>  * logsave: 5464-1
>
> Simply rebuilding the rock will pull in the new security updates and
> resolve this. If your rock also contains vendored code, now might be a
> good time to review it for any needed updates.
>
> Thank you for your rock and for attending to this matter.
>
> References:
>  * https://ubuntu.com/security/notices/USN-5464-1/
>

References

redis contains outdated Ubuntu packages
From: security-team-toolbox-bot, 2022-06-08