ubuntu-docker-images team mailing list archive

[Athos Ribeiro <athos.ribeiro@xxxxxxxxxxxxx>]

On Fri, Feb 16, 2024 at 05:00:31AM +0000, security-team-toolbox-bot@xxxxxxxxxxxxx wrote:
> A scan of this rock shows that it was built with packages from the Ubuntu
> archive that have since received security updates. The following lists new
> USNs for affected binary packages in each rock revision:
>
> Revision r257c6e6c224a (arm64; channels: 1.6-22.04_edge, 1.6-22.04_beta)
> * login: 6640-1
> * passwd: 6640-1
>
> Revision r2705869b18b4 (arm64; channels: 1.5-20.04_beta, 1.5-20.04_edge)
> * login: 6640-1
> * passwd: 6640-1
>
> Revision r6dbee1e61f6d (amd64; channels: 1.6-22.04_edge, 1.6-22.04_beta)
> * login: 6640-1
> * passwd: 6640-1
>
> Revision r94638a10e376 (s390x; channels: 1.5-20.04_beta, 1.5-20.04_edge)
> * login: 6640-1
> * passwd: 6640-1
>
> Revision r9de685550bc6 (ppc64le; channels: 1.6-22.04_edge, 1.6-22.04_beta)
> * login: 6640-1
> * passwd: 6640-1
>
> Revision rbd46db64035e (amd64; channels: 1.5-20.04_beta, 1.5-20.04_edge)
> * login: 6640-1
> * passwd: 6640-1
>
> Revision rcef1a351c5e5 (ppc64le; channels: 1.5-20.04_beta, 1.5-20.04_edge)
> * login: 6640-1
> * passwd: 6640-1
>
> Revision rff3fe81ee92a (s390x; channels: 1.6-22.04_edge, 1.6-22.04_beta)
> * login: 6640-1
> * passwd: 6640-1
>
> Simply rebuilding the rock will pull in the new security updates and
> resolve this. If your rock also contains vendored code, now might be a
> good time to review it for any needed updates.
>
> Thank you for your rock and for attending to this matter.
>
> References:
> * https://ubuntu.com/security/notices/USN-6640-1/

These images were re-built and re-tagged. I also did the same for the
23.10 images, which were not mentioned in this report but were also
affected. I pinged the security team so we can fix the alerts for those.

--
Athos Ribeiro