ubuntu-docker-images team mailing list archive
-
ubuntu-docker-images team
-
Mailing list archive
-
Message #00258
redis contains outdated Ubuntu packages
-
To:
rocks@xxxxxxxxxxxxx, sergio.durigan@xxxxxxxxxxxxx, balbir.thomas@xxxxxxxxxxxxx, athos.ribeiro@xxxxxxxxxxxxx, paulo.machado@xxxxxxxxxxxxx, jose.masson@xxxxxxxxxxxxx, leon.mintz@xxxxxxxxxxxxx, ryan.barry@xxxxxxxxxxxxx, simon.aronsson@xxxxxxxxxxxxx, ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx
-
From:
security-team-toolbox-bot@xxxxxxxxxxxxx
-
Date:
Wed, 6 Jul 2022 05:15:25 +0000 (UTC)
A scan of this rock shows that it was built with packages from the Ubuntu
archive that have since received security updates. The following lists new
USNs for affected binary packages in each rock revision:
Revision r4d738307c5b0 (s390x; channels: 6.0-21.10_beta, 6.0-21.10_edge)
* gpgv: 5503-1
* libssl1.1: 5502-1
Revision r5b1226ff8aa5 (s390x; channels: 5.0-20.04_edge, 5.0-20.04_beta)
* gpgv: 5503-1
Revision r5c6109797726 (arm64; channels: 6.0-21.10_beta, 6.0-21.10_edge)
* gpgv: 5503-1
* libssl1.1: 5502-1
Revision r8385fdc59af0 (arm64; channels: 5.0-20.04_edge, 5.0-20.04_beta)
* gpgv: 5503-1
Revision r84c0878e8220 (ppc64le; channels: 5.0-20.04_edge, 5.0-20.04_beta)
* gpgv: 5503-1
Revision r9dcf7240211b (ppc64le; channels: 6.0-22.04_beta, 6.0-22.04_edge)
* gpgv: 5503-1
* libssl3: 5502-1
Revision rb243a92eab85 (amd64; channels: edge, latest)
* gpgv: 5503-1
* libssl3: 5502-1
Revision rb623f51b848b (arm64; channels: edge, latest)
* gpgv: 5503-1
* libssl3: 5502-1
Revision rbce53d776f0c (amd64; channels: 6.0-21.10_beta, 6.0-21.10_edge)
* gpgv: 5503-1
* libssl1.1: 5502-1
Revision rbfe86a770f7f (ppc64le; channels: 6.0-21.10_beta, 6.0-21.10_edge)
* gpgv: 5503-1
* libssl1.1: 5502-1
Revision rc3998cb89f09 (amd64; channels: 6.0-22.04_beta, 6.0-22.04_edge)
* gpgv: 5503-1
* libssl3: 5502-1
Revision rdb0fd255b5ea (amd64; channels: 5.0-20.04_edge, 5.0-20.04_beta)
* gpgv: 5503-1
Revision re5c4fe5477e2 (s390x; channels: 6.0-22.04_beta, 6.0-22.04_edge)
* gpgv: 5503-1
* libssl3: 5502-1
Revision reb99c9d0664f (ppc64le; channels: edge, latest)
* gpgv: 5503-1
* libssl3: 5502-1
Revision red07139486ea (s390x; channels: edge, latest)
* gpgv: 5503-1
* libssl3: 5502-1
Revision rf37ab31d37e4 (arm64; channels: 6.0-22.04_beta, 6.0-22.04_edge)
* gpgv: 5503-1
* libssl3: 5502-1
Simply rebuilding the rock will pull in the new security updates and
resolve this. If your rock also contains vendored code, now might be a
good time to review it for any needed updates.
Thank you for your rock and for attending to this matter.
References:
* https://ubuntu.com/security/notices/USN-5502-1/
* https://ubuntu.com/security/notices/USN-5503-1/
Follow ups
