[scl.org] Queries regarding nodejs 12 image

Abhinay Purty apurty at redhat.com
Wed Mar 25 06:14:58 UTC 2020 

Hello,

Any updates on the last 2 queries ?

Thanks in advance.

On Thu, Mar 19, 2020 at 4:46 PM Abhinay Purty <apurty at redhat.com> wrote:

> @ Petr, Thanks for the update and opening up a ticket for the mentioned
> issue.
>
> On Thu, Mar 19, 2020 at 1:37 PM Petr Kubat <pkubat at redhat.com> wrote:
>
>> Hi Abhinay,
>> On 3/19/20 8:28 AM, Abhinay Purty wrote:
>>
>> Hello Team,
>>
>> IHAC with a few queries.
>>
>> 1. Does the following images contain the security fixes that is mentioned in 'https://nodejs.org/en/blog/vulnerability/february-2020-security-releases'
>> (CVE-2019-15604, CVE-2019-15605, CVE-2019-15606)?
>> [*] https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/nodejs-12
>> [*] https://access.redhat.com/containers/#/registry.access.redhat.com/rhel8/nodejs-12
>> If I understand correctly, the latest version of those images are built before security fixes CVE-2019-15604[1], CVE-2019-15605[2], CVE-2019-15606[3] were released.
>>
>> [1] https://access.redhat.com/security/cve/CVE-2019-15604
>> [2] https://access.redhat.com/security/cve/CVE-2019-15605
>> [3] https://access.redhat.com/security/cve/CVE-2019-15606
>>
>> The released images seem to be affected by the CVEs mentioned, but do not
>> show up as such in the catalog. This is a problem and I have opened up a
>> ticket against container grading to check what went wrong:
>> https://projects.engineering.redhat.com/projects/GRADING/issues/GRADING-125
>>
>> The CVEs will soon be fixed (I have checked fixed builds are present)
>> once the following advisory gets pushed:
>> https://errata.devel.redhat.com/advisory/52592
>>
>>
>> 2.  Is there any  plans to release ubi8/nodejs-12 and rhel8/nodejs-12 s2i builder images that would include current LTS version of nodejs (12.16.1)?
>>
>> 3. Does the ubi8/nodejs-12 and rhel8/nodejs-12 have vanilla installation of the nodejs runtime? Or is the nodejs runtime in those images Red Hat's own implementation of the nodejs runtime ?
>>
>> I will leave these two to be answered by nodejs maintainers (added to
>> CC).
>>
>> Petr
>>
>>
>>
>> --
>> Regards,
>>
>> Abhinay Purty
>>
>> Associate Technical Support Engineer
>>
>> Red Hat India Pvt. Ltd. <https://www.redhat.com>
>>
>> <https://red.ht/sig>
>>
>> _______________________________________________
>> SCLorg mailing listSCLorg at redhat.comhttps://www.redhat.com/mailman/listinfo/sclorg
>>
>>
>
> --
> Regards,
>
> Abhinay Purty
>
> Associate Technical Support Engineer
>
> Red Hat India Pvt. Ltd. <https://www.redhat.com>
>
> <https://red.ht/sig>
>


-- 
Regards,

Abhinay Purty

Associate Technical Support Engineer

Red Hat India Pvt. Ltd. <https://www.redhat.com>

<https://red.ht/sig>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/sclorg/attachments/20200325/e9d7af66/attachment.htm>

More information about the SCLorg mailing list