<div dir="ltr"><div class="gmail_default" style="font-family:comic sans ms,sans-serif">Hello,</div><div class="gmail_default" style="font-family:comic sans ms,sans-serif"><br></div><div class="gmail_default" style="font-family:comic sans ms,sans-serif">Any updates on the last 2 queries ?</div><div class="gmail_default" style="font-family:comic sans ms,sans-serif"><br></div><div class="gmail_default" style="font-family:comic sans ms,sans-serif">Thanks in advance.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Mar 19, 2020 at 4:46 PM Abhinay Purty <<a href="mailto:apurty@redhat.com">apurty@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:"comic sans ms",sans-serif">@ Petr, Thanks for the update and opening up a ticket for the mentioned issue.<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Mar 19, 2020 at 1:37 PM Petr Kubat <<a href="mailto:pkubat@redhat.com" target="_blank">pkubat@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>Hi Abhinay,<br>
</p>
<div>On 3/19/20 8:28 AM, Abhinay Purty
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_default" style="font-family:"comic sans ms",sans-serif">
<div class="gmail_default">Hello Team,</div>
<div class="gmail_default"><br>
</div>
<div class="gmail_default">IHAC with a few queries.</div>
<div class="gmail_default"><br>
</div>
<div class="gmail_default">
<pre style="white-space:pre-wrap;background:none;box-sizing:border-box;overflow:auto;font-size:12px;padding:0px;margin-top:0px;margin-bottom:0px;line-height:1.66667;color:rgb(40,45,51);word-break:normal;border:none;border-radius:1px"><span style="box-sizing:border-box">1. Does the following images contain the security fixes that is mentioned in '<a href="https://nodejs.org/en/blog/vulnerability/february-2020-security-releases" target="_blank">https://nodejs.org/en/blog/vulnerability/february-2020-security-releases</a>'
(CVE-2019-15604, CVE-2019-15605, CVE-2019-15606)?
[*] <a href="https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/nodejs-12" target="_blank">https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/nodejs-12</a>
[*] <a href="https://access.redhat.com/containers/#/registry.access.redhat.com/rhel8/nodejs-12" target="_blank">https://access.redhat.com/containers/#/registry.access.redhat.com/rhel8/nodejs-12</a>
If I understand correctly, the latest version of those images are built before security fixes CVE-2019-15604[1], CVE-2019-15605[2], CVE-2019-15606[3] were released.
[1] <a href="https://access.redhat.com/security/cve/CVE-2019-15604" target="_blank">https://access.redhat.com/security/cve/CVE-2019-15604</a>
[2] <a href="https://access.redhat.com/security/cve/CVE-2019-15605" target="_blank">https://access.redhat.com/security/cve/CVE-2019-15605</a>
[3] <a href="https://access.redhat.com/security/cve/CVE-2019-15606" target="_blank">https://access.redhat.com/security/cve/CVE-2019-15606</a>
</span></pre>
</div>
</div>
</div>
</blockquote>
<p>The released images seem to be affected by the CVEs mentioned,
but do not show up as such in the catalog. This is a problem and I
have opened up a ticket against container grading to check what
went wrong:
<a href="https://projects.engineering.redhat.com/projects/GRADING/issues/GRADING-125" target="_blank">https://projects.engineering.redhat.com/projects/GRADING/issues/GRADING-125</a></p>
<p>The CVEs will soon be fixed (I have checked fixed builds are
present) once the following advisory gets pushed:
<a href="https://errata.devel.redhat.com/advisory/52592" target="_blank">https://errata.devel.redhat.com/advisory/52592</a><br>
</p>
<p><br>
</p>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_default" style="font-family:"comic sans ms",sans-serif">
<div class="gmail_default">
<pre style="white-space:pre-wrap;background:none;box-sizing:border-box;overflow:auto;font-size:12px;padding:0px;margin-top:0px;margin-bottom:0px;line-height:1.66667;color:rgb(40,45,51);word-break:normal;border:none;border-radius:1px"><span style="box-sizing:border-box">2. Is there any plans to release ubi8/nodejs-12 and rhel8/nodejs-12 s2i builder images that would include current LTS version of nodejs (12.16.1)?
3. Does the ubi8/nodejs-12 and rhel8/nodejs-12 have vanilla installation of the nodejs runtime? Or is the nodejs runtime in those images Red Hat's own implementation of the nodejs runtime ?<font color="#888888">
</font></span></pre>
</div>
</div>
</div>
</blockquote>
<p>I will leave these two to be answered by nodejs maintainers
(added to CC). <br>
</p>
<p>Petr<br>
</p>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_default" style="font-family:"comic sans ms",sans-serif">
<div class="gmail_default"><font color="#888888"><br>
</font></div>
</div>
<div><br>
</div>
-- <br>
<div dir="ltr">
<div dir="ltr">
<div>Regards,<br>
</div>
<p style="font-weight:bold;margin:0px;padding:0px;font-size:14px;text-transform:capitalize;font-family:RedHatText,sans-serif">Abhinay
Purty<br>
</p>
<p style="font-size:12px;margin:0px;text-transform:capitalize;font-family:RedHatText,sans-serif"><span style="font-family:Arial,Helvetica,sans-serif;font-size:small;text-transform:none">Associate
Technical Support Engineer</span></p>
<p style="font-size:12px;margin:0px;text-transform:capitalize;font-family:RedHatText,sans-serif"><a href="https://www.redhat.com" style="color:rgb(0,136,206);margin:0px" target="_blank">Red Hat India Pvt. Ltd.</a><br>
</p>
<div style="margin-bottom:4px"> </div>
<p style="margin:0px;font-size:12px;font-family:RedHatText,sans-serif">
</p>
<a href="https://red.ht/sig" target="_blank"> <img src="https://static.redhat.com/libs/redhat/brand-assets/latest/corp/logo.png" width="90" height="auto"></a></div>
</div>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
SCLorg mailing list
<a href="mailto:SCLorg@redhat.com" target="_blank">SCLorg@redhat.com</a>
<a href="https://www.redhat.com/mailman/listinfo/sclorg" target="_blank">https://www.redhat.com/mailman/listinfo/sclorg</a>
</pre>
</blockquote>
</div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr"><div dir="ltr"><div>Regards,<br></div>
<p style="font-weight:bold;margin:0px;padding:0px;font-size:14px;text-transform:capitalize;font-family:RedHatText,sans-serif">Abhinay Purty<br></p>
<p style="font-size:12px;margin:0px;text-transform:capitalize;font-family:RedHatText,sans-serif"></p><p style="font-size:12px;margin:0px;text-transform:capitalize;font-family:RedHatText,sans-serif"><span style="font-family:Arial,Helvetica,sans-serif;font-size:small;text-transform:none">Associate Technical Support Engineer</span></p><p style="font-size:12px;margin:0px;text-transform:capitalize;font-family:RedHatText,sans-serif"><a href="https://www.redhat.com" style="color:rgb(0,136,206);margin:0px" target="_blank">Red Hat India Pvt. Ltd.</a><br></p>
<div style="margin-bottom:4px">
</div>
<p style="margin:0px;font-size:12px;font-family:RedHatText,sans-serif">
</p>
<a href="https://red.ht/sig" target="_blank"> <img src="https://static.redhat.com/libs/redhat/brand-assets/latest/corp/logo.png" width="90" height="auto"></a></div></div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div>Regards,<br></div>
<p style="font-weight:bold;margin:0px;padding:0px;font-size:14px;text-transform:capitalize;font-family:RedHatText,sans-serif">Abhinay Purty<br></p>
<p style="font-size:12px;margin:0px;text-transform:capitalize;font-family:RedHatText,sans-serif"></p><p style="font-size:12px;margin:0px;text-transform:capitalize;font-family:RedHatText,sans-serif"><span style="font-family:Arial,Helvetica,sans-serif;font-size:small;text-transform:none">Associate Technical Support Engineer</span></p><p style="font-size:12px;margin:0px;text-transform:capitalize;font-family:RedHatText,sans-serif"><a href="https://www.redhat.com" style="color:rgb(0,136,206);margin:0px" target="_blank">Red Hat India Pvt. Ltd.</a><br></p>
<div style="margin-bottom:4px">
</div>
<p style="margin:0px;font-size:12px;font-family:RedHatText,sans-serif">
</p>
<a href="https://red.ht/sig" target="_blank"> <img src="https://static.redhat.com/libs/redhat/brand-assets/latest/corp/logo.png" width="90" height="auto"></a></div></div>