Bug 1395091

Summary: RHSA-2016:2674: libgcrypt security update (Moderate)
Product: Red Hat Enterprise Linux 7 Reporter: Alex Jia <ajia>
Component: openscap-containerAssignee: Martin Preisler <mpreisle>
Status: CLOSED DUPLICATE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: high Docs Contact:
Priority: high    
Version: 7.3CC: ajia, ksrot, mhaicman
Target Milestone: rcKeywords: Extras
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-12-06 06:34:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Alex Jia 2016-11-15 06:18:18 UTC 
Description of problem:
atomic scan complains CVE error "RHSA-2016:2674: libgcrypt security update (Moderate)" in rhel7/openscap (26d9de88b340) image.

Version-Release number of selected component (if applicable):

[root@atomic-host-001 cloud-user]# cat /etc/redhat-release 
Red Hat Enterprise Linux Atomic Host release 7.3

[root@atomic-host-001 cloud-user]# atomic host status
State: idle
Deployments:
● rhel-atomic-host:rhel-atomic-host/7/x86_64/standard
       Version: 7.3.1 (2016-11-11 03:25:08)
        Commit: 6f182afa309da8df96470ba050845629f698946e9222f67eece5a1197e296c87
        OSName: rhel-atomic-host
  GPGSignature: (unsigned)
      Unlocked: development

[root@atomic-host-001 cloud-user]# getenforce
Permissive

[root@atomic-host-001 cloud-user]# rpm -q atomic skopeo docker
atomic-1.13.8-1.el7.x86_64
skopeo-0.1.17-0.5.git1f655f3.el7.x86_64
docker-1.12.3-2.el7.x86_64

[root@atomic-host-001 cloud-user]# atomic images list
   REPOSITORY                                  TAG      IMAGE ID       CREATED            VIRTUAL SIZE   TYPE       
☠  registry.access.redhat.com/rhel7/openscap   latest   26d9de88b340   2016-10-27 09:14   360.1 MB       Docker    
☠  rhel7                                       latest   f98706e16e41   2016-10-26 12:02   192.51 MB      Docker

How reproducible:
always

Steps to Reproduce:
1. atomic pull rhel7/openscap
2. atomic scan --scanner openscap --scan_type --images 


Actual results:

26d9de88b34078afad784bdbb00e314477890e53cae1a575ba21cd61404b0a27 (registry.access.redhat.com/rhel7/openscap:latest)

The following issues were found:

     RHSA-2016:2674: libgcrypt security update (Moderate)
     Severity: Moderate
       RHSA URL: https://rhn.redhat.com/errata/RHSA-2016-2674.html
       RHSA ID: RHSA-2016:2674-01
       Associated CVEs:
           CVE ID: CVE-2016-6313
           CVE URL: https://access.redhat.com/security/cve/CVE-2016-6313


Expected results:
fix cve.

Additional info:
Comment 2 Karel Srot 2016-11-21 07:55:35 UTC 
Hi Alex,
what is the purpose of this bug? The libgcrypt CVE was fixed in libgcrypt and the docker image will pull in the update with the next base image rebuild.
Comment 4 Alex Jia 2016-12-06 06:34:30 UTC 

*** This bug has been marked as a duplicate of bug 1395088 ***