ubuntu-docker-images team mailing list archive

Thread
Date

Re: redis contains outdated Ubuntu packages

To: security-team-toolbox-bot@xxxxxxxxxxxxx
From: Paulo Machado <paulo.machado@xxxxxxxxxxxxx>
Date: Wed, 6 Jul 2022 19:52:21 -0300
Cc: balbir.thomas@xxxxxxxxxxxxx, ryan.barry@xxxxxxxxxxxxx, jose.masson@xxxxxxxxxxxxx, simon.aronsson@xxxxxxxxxxxxx, ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx, leon.mintz@xxxxxxxxxxxxx, rocks@xxxxxxxxxxxxx
In-reply-to: <20220706051525.BE1A53F0D7@security-toolbox.internal>

 These images were re-built and re-tagged.

On Wed, Jul 6, 2022 at 2:15 AM <security-team-toolbox-bot@xxxxxxxxxxxxx>
wrote:

> A scan of this rock shows that it was built with packages from the Ubuntu
> archive that have since received security updates. The following lists new
> USNs for affected binary packages in each rock revision:
>
> Revision r4d738307c5b0 (s390x; channels: 6.0-21.10_beta, 6.0-21.10_edge)
>  * gpgv: 5503-1
>  * libssl1.1: 5502-1
>
> Revision r5b1226ff8aa5 (s390x; channels: 5.0-20.04_edge, 5.0-20.04_beta)
>  * gpgv: 5503-1
>
> Revision r5c6109797726 (arm64; channels: 6.0-21.10_beta, 6.0-21.10_edge)
>  * gpgv: 5503-1
>  * libssl1.1: 5502-1
>
> Revision r8385fdc59af0 (arm64; channels: 5.0-20.04_edge, 5.0-20.04_beta)
>  * gpgv: 5503-1
>
> Revision r84c0878e8220 (ppc64le; channels: 5.0-20.04_edge, 5.0-20.04_beta)
>  * gpgv: 5503-1
>
> Revision r9dcf7240211b (ppc64le; channels: 6.0-22.04_beta, 6.0-22.04_edge)
>  * gpgv: 5503-1
>  * libssl3: 5502-1
>
> Revision rb243a92eab85 (amd64; channels: edge, latest)
>  * gpgv: 5503-1
>  * libssl3: 5502-1
>
> Revision rb623f51b848b (arm64; channels: edge, latest)
>  * gpgv: 5503-1
>  * libssl3: 5502-1
>
> Revision rbce53d776f0c (amd64; channels: 6.0-21.10_beta, 6.0-21.10_edge)
>  * gpgv: 5503-1
>  * libssl1.1: 5502-1
>
> Revision rbfe86a770f7f (ppc64le; channels: 6.0-21.10_beta, 6.0-21.10_edge)
>  * gpgv: 5503-1
>  * libssl1.1: 5502-1
>
> Revision rc3998cb89f09 (amd64; channels: 6.0-22.04_beta, 6.0-22.04_edge)
>  * gpgv: 5503-1
>  * libssl3: 5502-1
>
> Revision rdb0fd255b5ea (amd64; channels: 5.0-20.04_edge, 5.0-20.04_beta)
>  * gpgv: 5503-1
>
> Revision re5c4fe5477e2 (s390x; channels: 6.0-22.04_beta, 6.0-22.04_edge)
>  * gpgv: 5503-1
>  * libssl3: 5502-1
>
> Revision reb99c9d0664f (ppc64le; channels: edge, latest)
>  * gpgv: 5503-1
>  * libssl3: 5502-1
>
> Revision red07139486ea (s390x; channels: edge, latest)
>  * gpgv: 5503-1
>  * libssl3: 5502-1
>
> Revision rf37ab31d37e4 (arm64; channels: 6.0-22.04_beta, 6.0-22.04_edge)
>  * gpgv: 5503-1
>  * libssl3: 5502-1
>
> Simply rebuilding the rock will pull in the new security updates and
> resolve this. If your rock also contains vendored code, now might be a
> good time to review it for any needed updates.
>
> Thank you for your rock and for attending to this matter.
>
> References:
>  * https://ubuntu.com/security/notices/USN-5502-1/
>  * https://ubuntu.com/security/notices/USN-5503-1/
>

References

redis contains outdated Ubuntu packages
From: security-team-toolbox-bot, 2022-07-06