ubuntu-docker-images team mailing list archive

Thread
Date

Re: mysql contains outdated Ubuntu packages

To: security-team-toolbox-bot@xxxxxxxxxxxxx
From: Paulo Machado <paulo.machado@xxxxxxxxxxxxx>
Date: Fri, 29 Jul 2022 17:44:42 -0300
Cc: balbir.thomas@xxxxxxxxxxxxx, ryan.barry@xxxxxxxxxxxxx, jose.masson@xxxxxxxxxxxxx, simon.aronsson@xxxxxxxxxxxxx, ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx, leon.mintz@xxxxxxxxxxxxx, rocks@xxxxxxxxxxxxx
In-reply-to: <20220729051422.3BAF73FCDB@security-toolbox.internal>

 These images were re-built and re-tagged.

On Fri, Jul 29, 2022 at 2:14 AM <security-team-toolbox-bot@xxxxxxxxxxxxx>
wrote:

> A scan of this rock shows that it was built with packages from the Ubuntu
> archive that have since received security updates. The following lists new
> USNs for affected binary packages in each rock revision:
>
> Revision r0f5b040d18e9 (s390x; channels: 8.0-20.04_beta, 8.0-20.04_edge)
>  * mysql-client-8.0: 5537-1
>  * mysql-client-core-8.0: 5537-1
>  * mysql-server-core-8.0: 5537-1
>
> Revision r2257d76fa08f (ppc64le; channels: 8.0-22.04_edge, latest,
> 8.0-22.04_beta, edge)
>  * libtirpc-common: 5538-1
>  * libtirpc3: 5538-1
>  * mysql-client-8.0: 5537-1
>  * mysql-client-core-8.0: 5537-1
>  * mysql-server-core-8.0: 5537-1
>
> Revision r53df80d2c806 (amd64; channels: 8.0-20.04_beta, 8.0-20.04_edge)
>  * mysql-client-8.0: 5537-1
>  * mysql-client-core-8.0: 5537-1
>  * mysql-server-core-8.0: 5537-1
>
> Revision r656cd93f66c8 (arm64; channels: 8.0-20.04_beta, 8.0-20.04_edge)
>  * mysql-client-8.0: 5537-1
>  * mysql-client-core-8.0: 5537-1
>  * mysql-server-core-8.0: 5537-1
>
> Revision r695f4a4684b6 (arm64; channels: 8.0-22.04_edge, latest,
> 8.0-22.04_beta, edge)
>  * libtirpc-common: 5538-1
>  * libtirpc3: 5538-1
>  * mysql-client-8.0: 5537-1
>  * mysql-client-core-8.0: 5537-1
>  * mysql-server-core-8.0: 5537-1
>
> Revision r6e7a06e3c0d5 (ppc64le; channels: 8.0-20.04_beta, 8.0-20.04_edge)
>  * mysql-client-8.0: 5537-1
>  * mysql-client-core-8.0: 5537-1
>  * mysql-server-core-8.0: 5537-1
>
> Revision rb27505af384d (amd64; channels: 8.0-22.04_edge, latest,
> 8.0-22.04_beta, edge)
>  * libtirpc-common: 5538-1
>  * libtirpc3: 5538-1
>  * mysql-client-8.0: 5537-1
>  * mysql-client-core-8.0: 5537-1
>  * mysql-server-core-8.0: 5537-1
>
> Revision re606bb54e4d0 (s390x; channels: 8.0-22.04_edge, latest,
> 8.0-22.04_beta, edge)
>  * libtirpc-common: 5538-1
>  * libtirpc3: 5538-1
>  * mysql-client-8.0: 5537-1
>  * mysql-client-core-8.0: 5537-1
>  * mysql-server-core-8.0: 5537-1
>
> Simply rebuilding the rock will pull in the new security updates and
> resolve this. If your rock also contains vendored code, now might be a
> good time to review it for any needed updates.
>
> Thank you for your rock and for attending to this matter.
>
> References:
>  * https://ubuntu.com/security/notices/USN-5537-1/
>  * https://ubuntu.com/security/notices/USN-5538-1/
>

References

mysql contains outdated Ubuntu packages
From: security-team-toolbox-bot, 2022-07-29