ubuntu-docker-images team mailing list archive

Thread
Date

Re: apache2 contains outdated Ubuntu packages

To: security-team-toolbox-bot@xxxxxxxxxxxxx
From: Athos Ribeiro <athos.ribeiro@xxxxxxxxxxxxx>
Date: Mon, 13 Jun 2022 14:07:37 -0300
Cc: paulo.machado@xxxxxxxxxxxxx, balbir.thomas@xxxxxxxxxxxxx, ryan.barry@xxxxxxxxxxxxx, simon.aronsson@xxxxxxxxxxxxx, ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx, leon.mintz@xxxxxxxxxxxxx, rocks@xxxxxxxxxxxxx
In-reply-to: <20220608051110.27813402FA@security-toolbox.internal>

On Wed, Jun 08, 2022 at 05:11:10AM +0000, security-team-toolbox-bot@xxxxxxxxxxxxx wrote:

A scan of this rock shows that it was built with packages from the Ubuntu
archive that have since received security updates. The following lists new
USNs for affected binary packages in each rock revision:

Revision r0391bc4f0447 (s390x; channels: 2.4-22.04_beta, latest, 2.4-22.04_edge, edge)
* e2fsprogs: 5464-1
* libcom-err2: 5464-1
* libext2fs2: 5464-1
* libss2: 5464-1
* logsave: 5464-1

Revision r0cc93b788d16 (ppc64le; channels: 2.4-22.04_beta, latest, 2.4-22.04_edge, edge)
* e2fsprogs: 5464-1
* libcom-err2: 5464-1
* libext2fs2: 5464-1
* libss2: 5464-1
* logsave: 5464-1

Revision r0d65d4ebd453 (amd64; channels: 2.4-22.04_beta, latest, 2.4-22.04_edge, edge)
* e2fsprogs: 5464-1
* libcom-err2: 5464-1
* libext2fs2: 5464-1
* libss2: 5464-1
* logsave: 5464-1

Revision r3508ed4e9f09 (arm64; channels: 2.4-20.04_beta, 2.4-20.04_edge)
* e2fsprogs: 5464-1
* libcom-err2: 5464-1
* libext2fs2: 5464-1
* libss2: 5464-1
* logsave: 5464-1

Revision r3ef5751723f7 (amd64; channels: 2.4-20.04_beta, 2.4-20.04_edge)
* e2fsprogs: 5464-1
* libcom-err2: 5464-1
* libext2fs2: 5464-1
* libss2: 5464-1
* logsave: 5464-1

Revision r6405e4e3d95d (amd64; channels: 2.4-21.10_edge, 2.4-21.10_beta)
* e2fsprogs: 5464-1
* libcom-err2: 5464-1
* libext2fs2: 5464-1
* libss2: 5464-1
* logsave: 5464-1

Revision r6eb7c107098b (ppc64le; channels: 2.4-21.10_edge, 2.4-21.10_beta)
* e2fsprogs: 5464-1
* libcom-err2: 5464-1
* libext2fs2: 5464-1
* libss2: 5464-1
* logsave: 5464-1

Revision r7d70a8bdc386 (arm64; channels: 2.4-21.10_edge, 2.4-21.10_beta)
* e2fsprogs: 5464-1
* libcom-err2: 5464-1
* libext2fs2: 5464-1
* libss2: 5464-1
* logsave: 5464-1

Revision r9c42e7f08a5a (s390x; channels: 2.4-20.04_beta, 2.4-20.04_edge)
* e2fsprogs: 5464-1
* libcom-err2: 5464-1
* libext2fs2: 5464-1
* libss2: 5464-1
* logsave: 5464-1

Revision ra04e743a5feb (ppc64le; channels: 2.4-20.04_beta, 2.4-20.04_edge)
* e2fsprogs: 5464-1
* libcom-err2: 5464-1
* libext2fs2: 5464-1
* libss2: 5464-1
* logsave: 5464-1

Revision rdd2c5160e204 (arm64; channels: 2.4-22.04_beta, latest, 2.4-22.04_edge, edge)
* e2fsprogs: 5464-1
* libcom-err2: 5464-1
* libext2fs2: 5464-1
* libss2: 5464-1
* logsave: 5464-1

Revision re1438283d206 (s390x; channels: 2.4-21.10_edge, 2.4-21.10_beta)
* e2fsprogs: 5464-1
* libcom-err2: 5464-1
* libext2fs2: 5464-1
* libss2: 5464-1
* logsave: 5464-1

Simply rebuilding the rock will pull in the new security updates and
resolve this. If your rock also contains vendored code, now might be a
good time to review it for any needed updates.

Thank you for your rock and for attending to this matter.

References:
* https://ubuntu.com/security/notices/USN-5464-1/


These images have been re-built and re-tagged.

--
Athos Ribeiro

References

apache2 contains outdated Ubuntu packages
From: security-team-toolbox-bot, 2022-06-08