ubuntu-docker-images team mailing list archive

[Athos Ribeiro <athos.ribeiro@xxxxxxxxxxxxx>]

On Wed, Feb 08, 2023 at 05:06:39AM +0000, security-team-toolbox-bot@xxxxxxxxxxxxx wrote:
> A scan of this rock shows that it was built with packages from the Ubuntu
> archive that have since received security updates. The following lists new
> USNs for affected binary packages in each rock revision:
>
> Revision r21adbdc0688a (s390x; channels: 1.5-20.04_edge, 1.5-20.04_beta)
> * libssl1.1: 5844-1
>
> Revision r22d79c8115ad (arm64; channels: 1.6-22.10_beta, latest, edge, 1.6-22.10_edge)
> * libssl3: 5844-1
>
> Revision r2d587bcba7ef (ppc64le; channels: 1.6-22.04_edge, 1.6-22.04_beta)
> * libssl3: 5844-1
>
> Revision r3b46384a0b5b (amd64; channels: 1.5-20.04_edge, 1.5-20.04_beta)
> * libssl1.1: 5844-1
>
> Revision r7612930796be (s390x; channels: 1.6-22.04_edge, 1.6-22.04_beta)
> * libssl3: 5844-1
>
> Revision r8ab5561e003b (arm64; channels: 1.6-22.04_edge, 1.6-22.04_beta)
> * libssl3: 5844-1
>
> Revision r90e0a0edce0b (amd64; channels: 1.6-22.04_edge, 1.6-22.04_beta)
> * libssl3: 5844-1
>
> Revision r917d00a416a3 (ppc64le; channels: 1.5-20.04_edge, 1.5-20.04_beta)
> * libssl1.1: 5844-1
>
> Revision ra58c0b45593e (s390x; channels: 1.6-22.10_beta, latest, edge, 1.6-22.10_edge)
> * libssl3: 5844-1
>
> Revision rc329da8568cd (amd64; channels: 1.6-22.10_beta, latest, edge, 1.6-22.10_edge)
> * libssl3: 5844-1
>
> Revision rc75d571c799b (arm64; channels: 1.5-20.04_edge, 1.5-20.04_beta)
> * libssl1.1: 5844-1
>
> Revision rfeead63592d6 (ppc64le; channels: 1.6-22.10_beta, latest, edge, 1.6-22.10_edge)
> * libssl3: 5844-1
>
> Simply rebuilding the rock will pull in the new security updates and
> resolve this. If your rock also contains vendored code, now might be a
> good time to review it for any needed updates.
>
> Thank you for your rock and for attending to this matter.
>
> References:
> * https://ubuntu.com/security/notices/USN-5844-1/

These images have been re-built and re-tagged.

--
Athos Ribeiro