ubuntu-docker-images team mailing list archive
-
ubuntu-docker-images team
-
Mailing list archive
-
Message #00501
bind9 contains outdated Ubuntu packages
-
To:
rocks@xxxxxxxxxxxxx, sergio.durigan@xxxxxxxxxxxxx, athos.ribeiro@xxxxxxxxxxxxx, carl.csaposs@xxxxxxxxxxxxx, dragomir.penev@xxxxxxxxxxxxx, jose.masson@xxxxxxxxxxxxx, leon.mintz@xxxxxxxxxxxxx, paulo.machado@xxxxxxxxxxxxx, ryan.barry@xxxxxxxxxxxxx, simon.aronsson@xxxxxxxxxxxxx, ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx
-
From:
security-team-toolbox-bot@xxxxxxxxxxxxx
-
Date:
Wed, 1 Mar 2023 05:07:51 +0000 (UTC)
A scan of this rock shows that it was built with packages from the Ubuntu
archive that have since received security updates. The following lists new
USNs for affected binary packages in each rock revision:
Revision r1ee8b8a777fc (ppc64le; channels: 9.18-22.04_edge, 9.18-22.04_beta)
* libgnutls30: 5901-1
* tar: 5900-1
Revision r2c91df182264 (s390x; channels: edge, latest, 9.18-22.10_edge, 9.18-22.10_beta)
* libgnutls30: 5901-1
* tar: 5900-1
Revision r2ebfd865dec9 (amd64; channels: 9.18-22.04_edge, 9.18-22.04_beta)
* libgnutls30: 5901-1
* tar: 5900-1
Revision r661444e8bf05 (arm64; channels: 9.18-22.04_edge, 9.18-22.04_beta)
* libgnutls30: 5901-1
* tar: 5900-1
Revision r794dca73b425 (ppc64le; channels: edge, latest, 9.18-22.10_edge, 9.18-22.10_beta)
* libgnutls30: 5901-1
* tar: 5900-1
Revision r7ab96105803c (arm64; channels: 9.16-20.04_edge, 9.16-20.04_beta)
* libgnutls30: 5901-1
* tar: 5900-1
Revision r84f18dcfd0b9 (amd64; channels: 9.16-20.04_edge, 9.16-20.04_beta)
* libgnutls30: 5901-1
* tar: 5900-1
Revision r97256e7d86be (s390x; channels: 9.16-20.04_edge, 9.16-20.04_beta)
* libgnutls30: 5901-1
* tar: 5900-1
Revision r9f39a0f829cb (amd64; channels: edge, latest, 9.18-22.10_edge, 9.18-22.10_beta)
* libgnutls30: 5901-1
* tar: 5900-1
Revision ra8b27ce6ee68 (arm64; channels: edge, latest, 9.18-22.10_edge, 9.18-22.10_beta)
* libgnutls30: 5901-1
* tar: 5900-1
Revision rbd29ef2ce1bc (s390x; channels: 9.18-22.04_edge, 9.18-22.04_beta)
* libgnutls30: 5901-1
* tar: 5900-1
Revision rf3acb4fec146 (ppc64le; channels: 9.16-20.04_edge, 9.16-20.04_beta)
* libgnutls30: 5901-1
* tar: 5900-1
Simply rebuilding the rock will pull in the new security updates and
resolve this. If your rock also contains vendored code, now might be a
good time to review it for any needed updates.
Thank you for your rock and for attending to this matter.
References:
* https://ubuntu.com/security/notices/USN-5900-1/
* https://ubuntu.com/security/notices/USN-5901-1/
Follow ups
