ubuntu-docker-images team mailing list archive

Thread
Date

squid contains outdated Ubuntu packages

To: rocks@xxxxxxxxxxxxx, sergio.durigan@xxxxxxxxxxxxx, athos.ribeiro@xxxxxxxxxxxxx, carl.csaposs@xxxxxxxxxxxxx, dragomir.penev@xxxxxxxxxxxxx, jose.masson@xxxxxxxxxxxxx, leon.mintz@xxxxxxxxxxxxx, paulo.machado@xxxxxxxxxxxxx, simon.aronsson@xxxxxxxxxxxxx, ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx
From: security-team-toolbox-bot@xxxxxxxxxxxxx
Date: Tue, 04 Mar 2025 05:16:45 -0000

A scan of this rock shows that it was built with packages from the Ubuntu
archive that have since received security updates. The following lists new
USNs for affected binary packages in each rock revision:

Revision r0512b86a4a30 (s390x; channels: 5.2-22.04_beta)
 * libgssapi-krb5-2: 7314-1
 * libk5crypto3: 7314-1
 * libkrb5-3: 7314-1
 * libkrb5support0: 7314-1

Revision r0ff0f2f3e928 (s390x; channels: edge, latest)
 * libgssapi-krb5-2: 7314-1
 * libk5crypto3: 7314-1
 * libkrb5-3: 7314-1
 * libkrb5support0: 7314-1

Revision r2c8cc2c71d21 (amd64; channels: 6.10-24.10_beta)
 * libgssapi-krb5-2: 7314-1
 * libk5crypto3: 7314-1
 * libkrb5-3: 7314-1
 * libkrb5support0: 7314-1

Revision r39007e5033db (ppc64le; channels: 6.10-24.10_beta)
 * libgssapi-krb5-2: 7314-1
 * libk5crypto3: 7314-1
 * libkrb5-3: 7314-1
 * libkrb5support0: 7314-1

Revision r3f244ee8fa47 (arm64; channels: 6.10-24.10_beta)
 * libgssapi-krb5-2: 7314-1
 * libk5crypto3: 7314-1
 * libkrb5-3: 7314-1
 * libkrb5support0: 7314-1

Revision r584a08d78f97 (amd64; channels: 4.10-20.04_beta)
 * libgssapi-krb5-2: 7314-1
 * libk5crypto3: 7314-1
 * libkrb5-3: 7314-1
 * libkrb5support0: 7314-1

Revision r613bbd51c195 (s390x; channels: 4.10-20.04_beta)
 * libgssapi-krb5-2: 7314-1
 * libk5crypto3: 7314-1
 * libkrb5-3: 7314-1
 * libkrb5support0: 7314-1

Revision r62a7b8333068 (amd64; channels: 5.2-22.04_beta)
 * libgssapi-krb5-2: 7314-1
 * libk5crypto3: 7314-1
 * libkrb5-3: 7314-1
 * libkrb5support0: 7314-1

Revision r6ac116ee1b7c (ppc64le; channels: edge, latest)
 * libgssapi-krb5-2: 7314-1
 * libk5crypto3: 7314-1
 * libkrb5-3: 7314-1
 * libkrb5support0: 7314-1

Revision r76ed2666984e (arm64; channels: 5.2-22.04_beta)
 * libgssapi-krb5-2: 7314-1
 * libk5crypto3: 7314-1
 * libkrb5-3: 7314-1
 * libkrb5support0: 7314-1

Revision r88ff71cc169f (s390x; channels: 6.10-24.10_beta)
 * libgssapi-krb5-2: 7314-1
 * libk5crypto3: 7314-1
 * libkrb5-3: 7314-1
 * libkrb5support0: 7314-1

Revision r8d7e59b1a3af (ppc64le; channels: 5.2-22.04_beta)
 * libgssapi-krb5-2: 7314-1
 * libk5crypto3: 7314-1
 * libkrb5-3: 7314-1
 * libkrb5support0: 7314-1

Revision ra7a886c46093 (arm64; channels: 4.10-20.04_beta)
 * libgssapi-krb5-2: 7314-1
 * libk5crypto3: 7314-1
 * libkrb5-3: 7314-1
 * libkrb5support0: 7314-1

Revision rcebf4f2bd409 (arm64; channels: edge, latest)
 * libgssapi-krb5-2: 7314-1
 * libk5crypto3: 7314-1
 * libkrb5-3: 7314-1
 * libkrb5support0: 7314-1

Revision rddbafb0fa9e1 (ppc64le; channels: 4.10-20.04_beta)
 * libgssapi-krb5-2: 7314-1
 * libk5crypto3: 7314-1
 * libkrb5-3: 7314-1
 * libkrb5support0: 7314-1

Revision re4ae4da9e70f (amd64; channels: edge, latest)
 * libgssapi-krb5-2: 7314-1
 * libk5crypto3: 7314-1
 * libkrb5-3: 7314-1
 * libkrb5support0: 7314-1

Simply rebuilding the rock will pull in the new security updates and
resolve this. If your rock also contains vendored code, now might be a
good time to review it for any needed updates.

Thank you for your rock and for attending to this matter.

References:
 * https://ubuntu.com/security/notices/USN-7314-1/