ubuntu-docker-images team mailing list archive

Thread
Date

apache2 contains outdated Ubuntu packages

To: rocks@xxxxxxxxxxxxx, sergio.durigan@xxxxxxxxxxxxx, athos.ribeiro@xxxxxxxxxxxxx, carl.csaposs@xxxxxxxxxxxxx, dragomir.penev@xxxxxxxxxxxxx, jose.masson@xxxxxxxxxxxxx, leon.mintz@xxxxxxxxxxxxx, paulo.machado@xxxxxxxxxxxxx, simon.aronsson@xxxxxxxxxxxxx, ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx
From: security-team-toolbox-bot@xxxxxxxxxxxxx
Date: Tue, 04 Mar 2025 05:16:31 -0000

A scan of this rock shows that it was built with packages from the Ubuntu
archive that have since received security updates. The following lists new
USNs for affected binary packages in each rock revision:

Revision r0f3afde5e5b6 (amd64; channels: 2.4-22.04_beta)
 * libgssapi-krb5-2: 7314-1
 * libk5crypto3: 7314-1
 * libkrb5-3: 7314-1
 * libkrb5support0: 7314-1

Revision r1de55c7cfa65 (s390x; channels: 2.4-24.04_beta)
 * libgssapi-krb5-2: 7314-1
 * libk5crypto3: 7314-1
 * libkrb5-3: 7314-1
 * libkrb5support0: 7314-1

Revision r30544770c6d6 (arm64; channels: edge, latest)
 * libgssapi-krb5-2: 7314-1
 * libk5crypto3: 7314-1
 * libkrb5-3: 7314-1
 * libkrb5support0: 7314-1

Revision r41612870a677 (arm64; channels: 2.4-20.04_beta)
 * libgssapi-krb5-2: 7314-1
 * libk5crypto3: 7314-1
 * libkrb5-3: 7314-1
 * libkrb5support0: 7314-1

Revision r5ff80c8effb1 (s390x; channels: 2.4-22.04_beta)
 * libgssapi-krb5-2: 7314-1
 * libk5crypto3: 7314-1
 * libkrb5-3: 7314-1
 * libkrb5support0: 7314-1

Revision r63a68ef2b656 (s390x; channels: 2.4-20.04_beta)
 * libgssapi-krb5-2: 7314-1
 * libk5crypto3: 7314-1
 * libkrb5-3: 7314-1
 * libkrb5support0: 7314-1

Revision r778354242ca6 (amd64; channels: edge, latest)
 * libgssapi-krb5-2: 7314-1
 * libk5crypto3: 7314-1
 * libkrb5-3: 7314-1
 * libkrb5support0: 7314-1

Revision r82ca3417c1a0 (ppc64le; channels: 2.4-24.04_beta)
 * libgssapi-krb5-2: 7314-1
 * libk5crypto3: 7314-1
 * libkrb5-3: 7314-1
 * libkrb5support0: 7314-1

Revision r92b5c5d5fc1e (amd64; channels: 2.4-20.04_beta)
 * libgssapi-krb5-2: 7314-1
 * libk5crypto3: 7314-1
 * libkrb5-3: 7314-1
 * libkrb5support0: 7314-1

Revision r9655a1dacee6 (ppc64le; channels: edge, latest)
 * libgssapi-krb5-2: 7314-1
 * libk5crypto3: 7314-1
 * libkrb5-3: 7314-1
 * libkrb5support0: 7314-1

Revision r97b581d42705 (ppc64le; channels: 2.4-22.04_beta)
 * libgssapi-krb5-2: 7314-1
 * libk5crypto3: 7314-1
 * libkrb5-3: 7314-1
 * libkrb5support0: 7314-1

Revision r9c59bdb6a0d0 (amd64; channels: 2.4-24.04_beta)
 * libgssapi-krb5-2: 7314-1
 * libk5crypto3: 7314-1
 * libkrb5-3: 7314-1
 * libkrb5support0: 7314-1

Revision rca2c8c591236 (arm64; channels: 2.4-22.04_beta)
 * libgssapi-krb5-2: 7314-1
 * libk5crypto3: 7314-1
 * libkrb5-3: 7314-1
 * libkrb5support0: 7314-1

Revision rdfdc6cdf9e9c (s390x; channels: edge, latest)
 * libgssapi-krb5-2: 7314-1
 * libk5crypto3: 7314-1
 * libkrb5-3: 7314-1
 * libkrb5support0: 7314-1

Revision rfbef0efc142f (ppc64le; channels: 2.4-20.04_beta)
 * libgssapi-krb5-2: 7314-1
 * libk5crypto3: 7314-1
 * libkrb5-3: 7314-1
 * libkrb5support0: 7314-1

Revision rfe4c070fffec (arm64; channels: 2.4-24.04_beta)
 * libgssapi-krb5-2: 7314-1
 * libk5crypto3: 7314-1
 * libkrb5-3: 7314-1
 * libkrb5support0: 7314-1

Simply rebuilding the rock will pull in the new security updates and
resolve this. If your rock also contains vendored code, now might be a
good time to review it for any needed updates.

Thank you for your rock and for attending to this matter.

References:
 * https://ubuntu.com/security/notices/USN-7314-1/