[scl.org] Need information regarding container image release.
Abey Jose
ajose at redhat.com
Thu Oct 28 20:00:52 UTC 2021
Hello Team,
On checking the rhel8/httpd-24 container image (1-156) [1], the httpd
package httpd-2.4.37-39.module+el8.4.0+9658+b87b2deb.x86_64 is present.
But when we check the package details in Red Hat site [2], there is an
update available (from 2021-09-30) which fixes the original vulnerability
(CVE-2021-40438). The container image (1-156) [1] is affected, since it
contains a non-fixed version of httpd.
Do we have any idea when an updated container image for httpd24 will be
available, that contains a fixed version? Any inputs will be really
helpful. Thanks in advance.
[1]
https://catalog.redhat.com/software/containers/rhel8/httpd-24/5ba0addbbed8bd6ee819856a?container-tabs=packages&tag=1-156&push_date=1632226439000
[2]
https://access.redhat.com/downloads/content/rhel---8/x86_64/7443/httpd/2.4.37-39.module+el8.4.0+12865+a7065a39.1/src/fd431d51/package-changelog
--
Regards,
*Abey Jose*
TSE, OpenShift Container Platform
<https://red.ht/sig> TRIED. TESTED. TRUSTED. <https://redhat.com/trusted>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/sclorg/attachments/20211028/829f8948/attachment.htm>
More information about the SCLorg
mailing list