ubuntu-docker-images team mailing list archive

Thread
Date

Re: postgres contains outdated Ubuntu packages

To: security-team-toolbox-bot@xxxxxxxxxxxxx
From: Paulo Machado <paulo.machado@xxxxxxxxxxxxx>
Date: Wed, 22 Jun 2022 17:54:39 -0300
Cc: balbir.thomas@xxxxxxxxxxxxx, ryan.barry@xxxxxxxxxxxxx, jose.masson@xxxxxxxxxxxxx, simon.aronsson@xxxxxxxxxxxxx, ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx, leon.mintz@xxxxxxxxxxxxx, rocks@xxxxxxxxxxxxx
In-reply-to: <20220622051412.509704240F@security-toolbox.internal>

 These images have been re-built and re-tagged.

On Wed, Jun 22, 2022 at 2:14 AM <security-team-toolbox-bot@xxxxxxxxxxxxx>
wrote:

> A scan of this rock shows that it was built with packages from the Ubuntu
> archive that have since received security updates. The following lists new
> USNs for affected binary packages in each rock revision:
>
> Revision r0628e8d34f22 (s390x; channels: 13-21.10_beta, 13-21.10_edge)
>  * libssl1.1: 5488-1
>  * openssl: 5488-1
>
> Revision r2f092fecce9d (arm64; channels: edge, 14-22.04_beta,
> 14-22.04_edge, latest)
>  * libssl3: 5488-1
>  * openssl: 5488-1
>
> Revision r3cdce12218cb (arm64; channels: 13-21.10_beta, 13-21.10_edge)
>  * libssl1.1: 5488-1
>  * openssl: 5488-1
>
> Revision r4665ede068e0 (amd64; channels: edge, 14-22.04_beta,
> 14-22.04_edge, latest)
>  * libssl3: 5488-1
>  * openssl: 5488-1
>
> Revision r47d31394a033 (arm64; channels: 12-20.04_edge, 12-20.04_beta)
>  * libssl1.1: 5488-1
>  * openssl: 5488-1
>
> Revision r4d40c97b0417 (ppc64le; channels: 12-20.04_edge, 12-20.04_beta)
>  * libssl1.1: 5488-1
>  * openssl: 5488-1
>
> Revision r6cb4ab933560 (amd64; channels: 13-21.10_beta, 13-21.10_edge)
>  * libssl1.1: 5488-1
>  * openssl: 5488-1
>
> Revision r90302d78d466 (s390x; channels: edge, 14-22.04_beta,
> 14-22.04_edge, latest)
>  * libssl3: 5488-1
>  * openssl: 5488-1
>
> Revision raab8ef8ef198 (amd64; channels: 12-20.04_edge, 12-20.04_beta)
>  * libssl1.1: 5488-1
>  * openssl: 5488-1
>
> Revision rab325da1f01b (ppc64le; channels: 13-21.10_beta, 13-21.10_edge)
>  * libssl1.1: 5488-1
>  * openssl: 5488-1
>
> Revision rcb39f2290000 (s390x; channels: 12-20.04_edge, 12-20.04_beta)
>  * libssl1.1: 5488-1
>  * openssl: 5488-1
>
> Revision rea3b144b9c25 (ppc64le; channels: edge, 14-22.04_beta,
> 14-22.04_edge, latest)
>  * libssl3: 5488-1
>  * openssl: 5488-1
>
> Simply rebuilding the rock will pull in the new security updates and
> resolve this. If your rock also contains vendored code, now might be a
> good time to review it for any needed updates.
>
> Thank you for your rock and for attending to this matter.
>
> References:
>  * https://ubuntu.com/security/notices/USN-5488-1/
>

References

postgres contains outdated Ubuntu packages
From: security-team-toolbox-bot, 2022-06-22