[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [scl.org] Queries regarding nodejs 12 image



Version nodejs v12.16.1 is already available in the container, the updated container was released few days back.

Regards,
Honza

On 3/25/20 7:14 AM, Abhinay Purty wrote:
Hello,

Any updates on the last 2 queries ?

Thanks in advance.

On Thu, Mar 19, 2020 at 4:46 PM Abhinay Purty <apurty redhat com <mailto:apurty redhat com>> wrote:

    @ Petr, Thanks for the update and opening up a ticket for the
    mentioned issue.

    On Thu, Mar 19, 2020 at 1:37 PM Petr Kubat <pkubat redhat com
    <mailto:pkubat redhat com>> wrote:

        Hi Abhinay,

        On 3/19/20 8:28 AM, Abhinay Purty wrote:
        Hello Team,

        IHAC with a few queries.

        1. Does the following images contain the security fixes that
        is mentioned in
        'https://nodejs.org/en/blog/vulnerability/february-2020-security-releases'
        (CVE-2019-15604, CVE-2019-15605, CVE-2019-15606)? [*]
        https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/nodejs-12
        [*]
        https://access.redhat.com/containers/#/registry.access.redhat.com/rhel8/nodejs-12
        If I understand correctly, the latest version of those images
        are built before security fixes CVE-2019-15604[1],
        CVE-2019-15605[2], CVE-2019-15606[3] were released. [1]
        https://access.redhat.com/security/cve/CVE-2019-15604 [2]
        https://access.redhat.com/security/cve/CVE-2019-15605 [3]
        https://access.redhat.com/security/cve/CVE-2019-15606

        The released images seem to be affected by the CVEs mentioned,
        but do not show up as such in the catalog. This is a problem and
        I have opened up a ticket against container grading to check
        what went wrong:
        https://projects.engineering.redhat.com/projects/GRADING/issues/GRADING-125

        The CVEs will soon be fixed (I have checked fixed builds are
        present) once the following advisory gets pushed:
        https://errata.devel.redhat.com/advisory/52592


        2.  Is there any  plans to release ubi8/nodejs-12 and
        rhel8/nodejs-12 s2i builder images that would include current
        LTS version of nodejs (12.16.1)? 3. Does the ubi8/nodejs-12
        and rhel8/nodejs-12 have vanilla installation of the nodejs
        runtime? Or is the nodejs runtime in those images Red Hat's
        own implementation of the nodejs runtime ?

        I will leave these two to be answered by nodejs maintainers
        (added to CC).

        Petr



-- Regards,

        Abhinay Purty

        Associate Technical Support Engineer

        Red Hat India Pvt. Ltd. <https://www.redhat.com>

        <https://red.ht/sig>

        _______________________________________________
        SCLorg mailing list
        SCLorg redhat com  <mailto:SCLorg redhat com>
        https://www.redhat.com/mailman/listinfo/sclorg



-- Regards,

    Abhinay Purty

    Associate Technical Support Engineer

    Red Hat India Pvt. Ltd. <https://www.redhat.com>

    <https://red.ht/sig>



--
Regards,

Abhinay Purty

Associate Technical Support Engineer

Red Hat India Pvt. Ltd. <https://www.redhat.com>

<https://red.ht/sig>

_______________________________________________
SCLorg mailing list
SCLorg redhat com
https://www.redhat.com/mailman/listinfo/sclorg



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]