ubuntu-docker-images team mailing list archive

Thread
Date

Re: nginx contains outdated Ubuntu packages

To: security-team-toolbox-bot@xxxxxxxxxxxxx
From: Athos Ribeiro <athos.ribeiro@xxxxxxxxxxxxx>
Date: Fri, 16 Jun 2023 11:45:53 -0300
Cc: dragomir.penev@xxxxxxxxxxxxx, paulo.machado@xxxxxxxxxxxxx, ryan.barry@xxxxxxxxxxxxx, jose.masson@xxxxxxxxxxxxx, simon.aronsson@xxxxxxxxxxxxx, ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx, leon.mintz@xxxxxxxxxxxxx, rocks@xxxxxxxxxxxxx
In-reply-to: <20230616051515.C0DA9433FB@security-toolbox.internal>

On Fri, Jun 16, 2023 at 05:15:15AM +0000, security-team-toolbox-bot@xxxxxxxxxxxxx wrote:

A scan of this rock shows that it was built with packages from the Ubuntu
archive that have since received security updates. The following lists new
USNs for affected binary packages in each rock revision:

Revision r00db9f8d9e68 (s390x; channels: 1.18-22.04_beta, 1.18-22.04_edge)
* libx11-6: 6168-1
* libx11-data: 6168-1

Revision r039f2e1cbb0a (s390x; channels: 1.22-23.04_beta, latest, edge)
* libx11-6: 6168-1
* libx11-data: 6168-1

Revision r0c4c90eee88d (ppc64le; channels: 1.22-23.04_beta, latest, edge)
* libx11-6: 6168-1
* libx11-data: 6168-1

Revision r16ade7548d92 (amd64; channels: 1.18-22.04_beta, 1.18-22.04_edge)
* libx11-6: 6168-1
* libx11-data: 6168-1

Revision r23837631a10a (ppc64le; channels: 1.18-20.04_edge, 1.18-20.04_beta)
* libx11-6: 6168-1
* libx11-data: 6168-1

Revision r28678456163d (arm64; channels: 1.22-23.04_beta, latest, edge)
* libx11-6: 6168-1
* libx11-data: 6168-1

Revision r29d5b5c989eb (amd64; channels: 1.22-23.04_beta, latest, edge)
* libx11-6: 6168-1
* libx11-data: 6168-1

Revision r5789be17fc1a (arm64; channels: 1.18-22.04_beta, 1.18-22.04_edge)
* libx11-6: 6168-1
* libx11-data: 6168-1

Revision r5a857582a2c8 (s390x; channels: 1.18-20.04_edge, 1.18-20.04_beta)
* libx11-6: 6168-1
* libx11-data: 6168-1

Revision r6ed380d72e3d (arm64; channels: 1.18-20.04_edge, 1.18-20.04_beta)
* libx11-6: 6168-1
* libx11-data: 6168-1

Revision r9d6cb886366d (arm64; channels: 1.22-22.10_beta)
* libx11-6: 6168-1
* libx11-data: 6168-1

Revision rab9a13e39ce4 (ppc64le; channels: 1.18-22.04_beta, 1.18-22.04_edge)
* libx11-6: 6168-1
* libx11-data: 6168-1

Revision rc857192be13e (s390x; channels: 1.22-22.10_beta)
* libx11-6: 6168-1
* libx11-data: 6168-1

Revision rde2f6bd00bca (ppc64le; channels: 1.22-22.10_beta)
* libx11-6: 6168-1
* libx11-data: 6168-1

Revision re4f313a04b62 (amd64; channels: 1.22-22.10_beta)
* libx11-6: 6168-1
* libx11-data: 6168-1

Revision re753a12a5301 (amd64; channels: 1.18-20.04_edge, 1.18-20.04_beta)
* libx11-6: 6168-1
* libx11-data: 6168-1

Simply rebuilding the rock will pull in the new security updates and
resolve this. If your rock also contains vendored code, now might be a
good time to review it for any needed updates.

Thank you for your rock and for attending to this matter.

References:
* https://ubuntu.com/security/notices/USN-6168-1/


These images have been re-built and re-tagged.

--
Athos Ribeiro

References

nginx contains outdated Ubuntu packages
From: security-team-toolbox-bot, 2023-06-16