ubuntu-docker-images team mailing list archive
-
ubuntu-docker-images team
-
Mailing list archive
-
Message #00259
postgres contains outdated Ubuntu packages
-
To:
rocks@xxxxxxxxxxxxx, sergio.durigan@xxxxxxxxxxxxx, balbir.thomas@xxxxxxxxxxxxx, athos.ribeiro@xxxxxxxxxxxxx, paulo.machado@xxxxxxxxxxxxx, jose.masson@xxxxxxxxxxxxx, leon.mintz@xxxxxxxxxxxxx, ryan.barry@xxxxxxxxxxxxx, simon.aronsson@xxxxxxxxxxxxx, ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx
-
From:
security-team-toolbox-bot@xxxxxxxxxxxxx
-
Date:
Wed, 6 Jul 2022 05:15:27 +0000 (UTC)
A scan of this rock shows that it was built with packages from the Ubuntu
archive that have since received security updates. The following lists new
USNs for affected binary packages in each rock revision:
Revision r068521d81ab1 (ppc64le; channels: 13-21.10_beta, 13-21.10_edge)
* gpgv: 5503-1
* libssl1.1: 5502-1
* openssl: 5502-1
Revision r0f2af1e3961b (arm64; channels: 12-20.04_beta, 12-20.04_edge)
* gpgv: 5503-1
* libssl1.1: 5502-1
* openssl: 5502-1
Revision r0fca7798a5ec (amd64; channels: 13-21.10_beta, 13-21.10_edge)
* gpgv: 5503-1
* libssl1.1: 5502-1
* openssl: 5502-1
Revision r1a2e3b1176ca (s390x; channels: edge, latest, 14-22.04_beta, 14-22.04_edge)
* gpgv: 5503-1
* libssl3: 5502-1
* openssl: 5502-1
Revision r540d696e4c50 (amd64; channels: 12-20.04_beta, 12-20.04_edge)
* gpgv: 5503-1
* libssl1.1: 5502-1
* openssl: 5502-1
Revision r7faea72ba8c2 (arm64; channels: 13-21.10_beta, 13-21.10_edge)
* gpgv: 5503-1
* libssl1.1: 5502-1
* openssl: 5502-1
Revision rb2d48740d19c (ppc64le; channels: 12-20.04_beta, 12-20.04_edge)
* gpgv: 5503-1
* libssl1.1: 5502-1
* openssl: 5502-1
Revision rcd898fe7a189 (s390x; channels: 13-21.10_beta, 13-21.10_edge)
* gpgv: 5503-1
* libssl1.1: 5502-1
* openssl: 5502-1
Revision rd092f12fc0b5 (amd64; channels: edge, latest, 14-22.04_beta, 14-22.04_edge)
* gpgv: 5503-1
* libssl3: 5502-1
* openssl: 5502-1
Revision rdcf63f3fd661 (ppc64le; channels: edge, latest, 14-22.04_beta, 14-22.04_edge)
* gpgv: 5503-1
* libssl3: 5502-1
* openssl: 5502-1
Revision rdf95edd5b003 (arm64; channels: edge, latest, 14-22.04_beta, 14-22.04_edge)
* gpgv: 5503-1
* libssl3: 5502-1
* openssl: 5502-1
Revision rec6030a860e9 (s390x; channels: 12-20.04_beta, 12-20.04_edge)
* gpgv: 5503-1
* libssl1.1: 5502-1
* openssl: 5502-1
Simply rebuilding the rock will pull in the new security updates and
resolve this. If your rock also contains vendored code, now might be a
good time to review it for any needed updates.
Thank you for your rock and for attending to this matter.
References:
* https://ubuntu.com/security/notices/USN-5502-1/
* https://ubuntu.com/security/notices/USN-5503-1/
Follow ups
