[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [scl.org] Queries regarding nodejs 12 image



Thanks for the update @Honza Horak.

On Thu, Mar 26, 2020 at 7:18 PM Honza Horak <hhorak redhat com> wrote:
Version nodejs v12.16.1 is already available in the container, the
updated container was released few days back.

Regards,
Honza

On 3/25/20 7:14 AM, Abhinay Purty wrote:
> Hello,
>
> Any updates on the last 2 queries ?
>
> Thanks in advance.
>
> On Thu, Mar 19, 2020 at 4:46 PM Abhinay Purty <apurty redhat com
> <mailto:apurty redhat com>> wrote:
>
>     @ Petr, Thanks for the update and opening up a ticket for the
>     mentioned issue.
>
>     On Thu, Mar 19, 2020 at 1:37 PM Petr Kubat <pkubat redhat com
>     <mailto:pkubat redhat com>> wrote:
>
>         Hi Abhinay,
>
>         On 3/19/20 8:28 AM, Abhinay Purty wrote:
>>         Hello Team,
>>
>>         IHAC with a few queries.
>>
>>         1. Does the following images contain the security fixes that
>>         is mentioned in
>>         'https://nodejs.org/en/blog/vulnerability/february-2020-security-releases'
>>         (CVE-2019-15604, CVE-2019-15605, CVE-2019-15606)? [*]
>>         https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/nodejs-12
>>         [*]
>>         https://access.redhat.com/containers/#/registry.access.redhat.com/rhel8/nodejs-12
>>         If I understand correctly, the latest version of those images
>>         are built before security fixes CVE-2019-15604[1],
>>         CVE-2019-15605[2], CVE-2019-15606[3] were released. [1]
>>         https://access.redhat.com/security/cve/CVE-2019-15604 [2]
>>         https://access.redhat.com/security/cve/CVE-2019-15605 [3]
>>         https://access.redhat.com/security/cve/CVE-2019-15606
>
>         The released images seem to be affected by the CVEs mentioned,
>         but do not show up as such in the catalog. This is a problem and
>         I have opened up a ticket against container grading to check
>         what went wrong:
>         https://projects.engineering.redhat.com/projects/GRADING/issues/GRADING-125
>
>         The CVEs will soon be fixed (I have checked fixed builds are
>         present) once the following advisory gets pushed:
>         https://errata.devel.redhat.com/advisory/52592
>
>
>>         2.  Is there any  plans to release ubi8/nodejs-12 and
>>         rhel8/nodejs-12 s2i builder images that would include current
>>         LTS version of nodejs (12.16.1)? 3. Does the ubi8/nodejs-12
>>         and rhel8/nodejs-12 have vanilla installation of the nodejs
>>         runtime? Or is the nodejs runtime in those images Red Hat's
>>         own implementation of the nodejs runtime ?
>
>         I will leave these two to be answered by nodejs maintainers
>         (added to CC).
>
>         Petr
>
>>
>>
>>         --
>>         Regards,
>>
>>         Abhinay Purty
>>
>>         Associate Technical Support Engineer
>>
>>         Red Hat India Pvt. Ltd. <https://www.redhat.com>
>>
>>         <https://red.ht/sig>
>>
>>         _______________________________________________
>>         SCLorg mailing list
>>         SCLorg redhat com  <mailto:SCLorg redhat com>
>>         https://www.redhat.com/mailman/listinfo/sclorg
>
>
>
>     --
>     Regards,
>
>     Abhinay Purty
>
>     Associate Technical Support Engineer
>
>     Red Hat India Pvt. Ltd. <https://www.redhat.com>
>
>     <https://red.ht/sig>
>
>
>
> --
> Regards,
>
> Abhinay Purty
>
> Associate Technical Support Engineer
>
> Red Hat India Pvt. Ltd. <https://www.redhat.com>
>
> <https://red.ht/sig>
>
> _______________________________________________
> SCLorg mailing list
> SCLorg redhat com
> https://www.redhat.com/mailman/listinfo/sclorg
>



--
Regards,

Abhinay Purty

Associate Technical Support Engineer

Red Hat India Pvt. Ltd.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]