ubuntu-docker-images team mailing list archive
-
ubuntu-docker-images team
-
Mailing list archive
-
Message #00590
nginx contains outdated Ubuntu packages
-
To:
rocks@xxxxxxxxxxxxx, sergio.durigan@xxxxxxxxxxxxx, athos.ribeiro@xxxxxxxxxxxxx, carl.csaposs@xxxxxxxxxxxxx, dragomir.penev@xxxxxxxxxxxxx, jose.masson@xxxxxxxxxxxxx, leon.mintz@xxxxxxxxxxxxx, paulo.machado@xxxxxxxxxxxxx, ryan.barry@xxxxxxxxxxxxx, simon.aronsson@xxxxxxxxxxxxx, ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx
-
From:
security-team-toolbox-bot@xxxxxxxxxxxxx
-
Date:
Fri, 2 Jun 2023 05:15:10 +0000 (UTC)
A scan of this rock shows that it was built with packages from the Ubuntu
archive that have since received security updates. The following lists new
USNs for affected binary packages in each rock revision:
Revision r045ef0b2d752 (s390x; channels: latest, edge, 1.22-23.04_beta, 1.22-23.04_edge)
* libssl3: 6119-1
Revision r103b33136cc9 (arm64; channels: 1.18-22.04_beta, 1.18-22.04_edge)
* libssl3: 6119-1
Revision r2aeb9d443ef1 (s390x; channels: 1.22-22.10_beta)
* libssl3: 6119-1
Revision r4c4a148c13da (amd64; channels: 1.22-22.10_beta)
* libssl3: 6119-1
Revision r4c4dfff9a0a6 (amd64; channels: 1.18-20.04_beta)
* libssl1.1: 6119-1
Revision r4df5648f441f (arm64; channels: 1.22-22.10_beta)
* libssl3: 6119-1
Revision r53981c1095ba (arm64; channels: 1.18-20.04_beta)
* libssl1.1: 6119-1
Revision r807b84eee35b (ppc64le; channels: 1.22-22.10_beta)
* libssl3: 6119-1
Revision r894c38c9ad5a (amd64; channels: latest, edge, 1.22-23.04_beta, 1.22-23.04_edge)
* libssl3: 6119-1
Revision r8baa9a36d388 (s390x; channels: 1.18-22.04_beta, 1.18-22.04_edge)
* libssl3: 6119-1
Revision r95c88467582e (ppc64le; channels: 1.18-22.04_beta, 1.18-22.04_edge)
* libssl3: 6119-1
Revision r9ca367f67298 (ppc64le; channels: latest, edge, 1.22-23.04_beta, 1.22-23.04_edge)
* libssl3: 6119-1
Revision ra431b729854e (s390x; channels: 1.18-20.04_beta)
* libssl1.1: 6119-1
Revision rb4d80b34dd7b (amd64; channels: 1.18-22.04_beta, 1.18-22.04_edge)
* libssl3: 6119-1
Revision rd9f694c0522a (ppc64le; channels: 1.18-20.04_beta)
* libssl1.1: 6119-1
Revision rf9ff219ec343 (arm64; channels: latest, edge, 1.22-23.04_beta, 1.22-23.04_edge)
* libssl3: 6119-1
Simply rebuilding the rock will pull in the new security updates and
resolve this. If your rock also contains vendored code, now might be a
good time to review it for any needed updates.
Thank you for your rock and for attending to this matter.
References:
* https://ubuntu.com/security/notices/USN-6119-1/
Follow ups
