ubuntu-docker-images team mailing list archive

Thread
Date

apache2 contains outdated Ubuntu packages

To: rocks@xxxxxxxxxxxxx, sergio.durigan@xxxxxxxxxxxxx, balbir.thomas@xxxxxxxxxxxxx, athos.ribeiro@xxxxxxxxxxxxx, paulo.machado@xxxxxxxxxxxxx, jose.masson@xxxxxxxxxxxxx, leon.mintz@xxxxxxxxxxxxx, ryan.barry@xxxxxxxxxxxxx, simon.aronsson@xxxxxxxxxxxxx, ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx
From: security-team-toolbox-bot@xxxxxxxxxxxxx
Date: Wed, 22 Jun 2022 05:14:11 +0000 (UTC)

A scan of this rock shows that it was built with packages from the Ubuntu
archive that have since received security updates. The following lists new
USNs for affected binary packages in each rock revision:

Revision r14ad4a6612ed (s390x; channels: 2.4-22.04_beta, edge, 2.4-22.04_edge, latest)
 * apache2: 5487-1
 * apache2-bin: 5487-1
 * apache2-data: 5487-1
 * apache2-utils: 5487-1
 * libssl3: 5488-1

Revision r1fcbd4d1981e (amd64; channels: 2.4-21.10_beta, 2.4-21.10_edge)
 * apache2: 5487-1
 * apache2-bin: 5487-1
 * apache2-data: 5487-1
 * apache2-utils: 5487-1
 * libssl1.1: 5488-1

Revision r386e20221cc6 (arm64; channels: 2.4-21.10_beta, 2.4-21.10_edge)
 * apache2: 5487-1
 * apache2-bin: 5487-1
 * apache2-data: 5487-1
 * apache2-utils: 5487-1
 * libssl1.1: 5488-1

Revision r5ab467be6532 (ppc64le; channels: 2.4-21.10_beta, 2.4-21.10_edge)
 * apache2: 5487-1
 * apache2-bin: 5487-1
 * apache2-data: 5487-1
 * apache2-utils: 5487-1
 * libssl1.1: 5488-1

Revision r5f59a1edca70 (s390x; channels: 2.4-21.10_beta, 2.4-21.10_edge)
 * apache2: 5487-1
 * apache2-bin: 5487-1
 * apache2-data: 5487-1
 * apache2-utils: 5487-1
 * libssl1.1: 5488-1

Revision r6285e2dba781 (arm64; channels: 2.4-20.04_beta, 2.4-20.04_edge)
 * apache2: 5487-1
 * apache2-bin: 5487-1
 * apache2-data: 5487-1
 * apache2-utils: 5487-1
 * libssl1.1: 5488-1

Revision r76c8e934f130 (ppc64le; channels: 2.4-22.04_beta, edge, 2.4-22.04_edge, latest)
 * apache2: 5487-1
 * apache2-bin: 5487-1
 * apache2-data: 5487-1
 * apache2-utils: 5487-1
 * libssl3: 5488-1

Revision ra0e9c07f1647 (s390x; channels: 2.4-20.04_beta, 2.4-20.04_edge)
 * apache2: 5487-1
 * apache2-bin: 5487-1
 * apache2-data: 5487-1
 * apache2-utils: 5487-1
 * libssl1.1: 5488-1

Revision ra28bb5445e86 (ppc64le; channels: 2.4-20.04_beta, 2.4-20.04_edge)
 * apache2: 5487-1
 * apache2-bin: 5487-1
 * apache2-data: 5487-1
 * apache2-utils: 5487-1
 * libssl1.1: 5488-1

Revision rb0471f99c5d9 (amd64; channels: 2.4-20.04_beta, 2.4-20.04_edge)
 * apache2: 5487-1
 * apache2-bin: 5487-1
 * apache2-data: 5487-1
 * apache2-utils: 5487-1
 * libssl1.1: 5488-1

Revision ref4e5df08051 (arm64; channels: 2.4-22.04_beta, edge, 2.4-22.04_edge, latest)
 * apache2: 5487-1
 * apache2-bin: 5487-1
 * apache2-data: 5487-1
 * apache2-utils: 5487-1
 * libssl3: 5488-1

Revision rffca79be23ff (amd64; channels: 2.4-22.04_beta, edge, 2.4-22.04_edge, latest)
 * apache2: 5487-1
 * apache2-bin: 5487-1
 * apache2-data: 5487-1
 * apache2-utils: 5487-1
 * libssl3: 5488-1

Simply rebuilding the rock will pull in the new security updates and
resolve this. If your rock also contains vendored code, now might be a
good time to review it for any needed updates.

Thank you for your rock and for attending to this matter.

References:
 * https://ubuntu.com/security/notices/USN-5487-1/
 * https://ubuntu.com/security/notices/USN-5488-1/

Follow ups

Re: apache2 contains outdated Ubuntu packages
From: Athos Ribeiro, 2022-06-22