Re: [scl.org] Queries regarding nodejs 12 image

Thu, 19 Mar 2020 04:17:13 -0700 

@ Petr, Thanks for the update and opening up a ticket for the mentioned
issue.

On Thu, Mar 19, 2020 at 1:37 PM Petr Kubat <pku...@redhat.com> wrote:

> Hi Abhinay,
> On 3/19/20 8:28 AM, Abhinay Purty wrote:
>
> Hello Team,
>
> IHAC with a few queries.
>
> 1. Does the following images contain the security fixes that is mentioned in 
> 'https://nodejs.org/en/blog/vulnerability/february-2020-security-releases'
> (CVE-2019-15604, CVE-2019-15605, CVE-2019-15606)?
> [*] 
> https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/nodejs-12
> [*] 
> https://access.redhat.com/containers/#/registry.access.redhat.com/rhel8/nodejs-12
> If I understand correctly, the latest version of those images are built 
> before security fixes CVE-2019-15604[1], CVE-2019-15605[2], CVE-2019-15606[3] 
> were released.
>
> [1] https://access.redhat.com/security/cve/CVE-2019-15604
> [2] https://access.redhat.com/security/cve/CVE-2019-15605
> [3] https://access.redhat.com/security/cve/CVE-2019-15606
>
> The released images seem to be affected by the CVEs mentioned, but do not
> show up as such in the catalog. This is a problem and I have opened up a
> ticket against container grading to check what went wrong:
> https://projects.engineering.redhat.com/projects/GRADING/issues/GRADING-125
>
> The CVEs will soon be fixed (I have checked fixed builds are present) once
> the following advisory gets pushed:
> https://errata.devel.redhat.com/advisory/52592
>
>
> 2.  Is there any  plans to release ubi8/nodejs-12 and rhel8/nodejs-12 s2i 
> builder images that would include current LTS version of nodejs (12.16.1)?
>
> 3. Does the ubi8/nodejs-12 and rhel8/nodejs-12 have vanilla installation of 
> the nodejs runtime? Or is the nodejs runtime in those images Red Hat's own 
> implementation of the nodejs runtime ?
>
> I will leave these two to be answered by nodejs maintainers (added to CC).
>
> Petr
>
>
>
> --
> Regards,
>
> Abhinay Purty
>
> Associate Technical Support Engineer
>
> Red Hat India Pvt. Ltd. <https://www.redhat.com>
>
> <https://red.ht/sig>
>
> _______________________________________________
> SCLorg mailing 
> listSCLorg@redhat.comhttps://www.redhat.com/mailman/listinfo/sclorg
>
>

-- 
Regards,

Abhinay Purty

Associate Technical Support Engineer

Red Hat India Pvt. Ltd. <https://www.redhat.com>

<https://red.ht/sig>

_______________________________________________
SCLorg mailing list
SCLorg@redhat.com
https://www.redhat.com/mailman/listinfo/sclorg

Reply via email to