Bug 1707843

Summary: Respin of RHGS 3 S3 Server Container image container to include CVE fixed at python-jinja2 packages
Product: [Red Hat Storage] Red Hat Gluster Storage Reporter: RamaKasturi <knarra>
Component: rhgs-s3-server-containerAssignee: Saravanakumar <sarumuga>
Status: CLOSED ERRATA QA Contact: RamaKasturi <knarra>
Severity: high Docs Contact:
Priority: unspecified    
Version: ocs-3.11CC: hchiramm, jmulligan, kramdoss, madam, puebele, rcyriac, rhs-bugs, sankarshan, sarumuga
Target Milestone: ---Keywords: ZStream
Target Release: OCS 3.11.z Batch Update 3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
rhgs-s3-server-container includes fixes for CVE-2016-10745 in included packages.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-13 17:27:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description RamaKasturi 2019-05-08 14:21:57 UTC 
Description of problem:

Respin of RHGS 3 S3 Server Container image container to include CVE fixed at python-jinja2 packages.



RHEL 7 has shipped python-jinja2 update with fix for "Important" CVE

= RHSA-2019:1022 - Security Advisory
  == https://access.redhat.com/errata/RHSA-2019:1022

CVE-2016-10745 - https://access.redhat.com/security/cve/cve-2016-10745
Comment 5 RamaKasturi 2019-05-14 18:23:58 UTC 
I see that the rhgs-s3-server container has the python-jinja2 package which has the CVE fix done.

Moving the bug to verified state.

[root@dhcp46-207 scripts]# oc rsh gluster-s3-dc-1-l8zws
sh-4.2# cat /etc/redhat-storage-release 
Red Hat OCS S3 Interface 3.4.4 Tech Preview (Container)

sh-4.2# rpm -qa | grep python-jinja2
python-jinja2-2.7.2-3.el7_6.noarch

sh-4.2# ls -l /root/buildinfo/
total 12
-rw-r--r--. 1 root root 2798 Apr 16 15:34 Dockerfile-rhel7-7.6-252
-rw-r--r--. 1 root root 4317 May  9 09:48 Dockerfile-rhgs3-rhgs-s3-server-rhel7-3.11.3-2
Comment 7 errata-xmlrpc 2019-06-13 17:27:48 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:1407