[scl.org] Fix for the Node.js images

Vaibhav Pagar vpagar at redhat.com
Sun Jul 5 00:47:54 UTC 2020 

Hello,

Can you please take a look at my query regarding CVE 2020-8174, as customer
is pushing a lot to get the fix for this CVE in the latest version of
node.js container image.
Let me know if you need any more information from me so I can share it
accordingly.

Thanks & Regards,

Vaibhav Pagar

TECHNICAL SUPPORT ENGINEER,

Red Hat India Pvt. Ltd. <https://www.redhat.com>

vpagar at redhat.com    M: 7588040831
<http://redhatemailsignature-marketing.itos.redhat.com/>
<https://red.ht/sig>

@redhatnews <https://twitter.com/redhatnews>   Red Hat
<https://www.linkedin.com/company/red-hat>   Red Hat
<https://www.facebook.com/RedHatInc>


On Thu, Jul 2, 2020 at 1:26 PM Vaibhav Pagar <vpagar at redhat.com> wrote:

> Hello,
>
> I am Vaibhav Pagar and I am reaching out to you regarding query about the
> container images of Node.js which you are maintaining.
> One my customer is using below 2 container images which are affected by
> the given CVE's
>
> ~~~
> 1] Image Node.js 10
>
>
> https://catalog.redhat.com/software/containers/ubi8/nodejs-10/5c839aa3d70cc51dd4c425d9?container-tabs=overview
>
> Affected by two CVE's :-
>
>   > CVE-2020-13777       Fixed with >>  RHSA-2020:2637  on 2020-06-22
>   > CVE-2020-11080       Fixed with >>  RHSA-2020:2755  on 2020-06-25
>
> Both of the above CVE's are marked as important so their fix will be
> released in container images soon as the actual fix for the package is
> already released.
>
>
>
> 2] Image Node.js 12
>
>
> https://catalog.redhat.com/software/containers/ubi8/nodejs-12/5d3fff015a13461f5fb8635a?container-tabs=security
>
> Affected by two CVE's:-
>
>   > CVE-2020-13777       Fixed with >>  RHSA-2020:2637  on 2020-06-22
>   > CVE-2020-11080       Fixed with >>  RHSA-2020:2755  on 2020-06-25
> ~~~
>
> I can see for both the CVE's the fix is already released for the affected
> packages, so when can we expect the fix in Node.js  container images?
> Customers want to get this fix asap as the CVE is marked as important and
> they said that it's affecting their deployments.
> Can you please let me know any ETA for the fix?
>
> Thank you,
>
> Vaibhav Pagar
>
> TECHNICAL SUPPORT ENGINEER,
>
> Red Hat India Pvt. Ltd. <https://www.redhat.com>
>
> vpagar at redhat.com    M: 7588040831
> <http://redhatemailsignature-marketing.itos.redhat.com/>
> <https://red.ht/sig>
>
> @redhatnews <https://twitter.com/redhatnews>   Red Hat
> <https://www.linkedin.com/company/red-hat>   Red Hat
> <https://www.facebook.com/RedHatInc>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/sclorg/attachments/20200705/ebf73db6/attachment.htm>

More information about the SCLorg mailing list