Bug 1387309 - EAP7 with Hawkular Agent: CVEs on latest docker image by OpenSCAP
Summary: EAP7 with Hawkular Agent: CVEs on latest docker image by OpenSCAP
Keywords:
Status: VERIFIED
Alias: None
Product: Middleware Manager
Classification: JBoss
Component: Other
Version: unspecified
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: DR1
: ---
Assignee: Heiko W. Rupp
QA Contact: Hayk Hovsepyan
URL:
Whiteboard: hawkular:security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-10-20 15:18 UTC by Hayk Hovsepyan
Modified: 2022-03-31 04:28 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-11 19:17:48 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Hayk Hovsepyan 2016-10-20 15:18:48 UTC 
Description of problem:
Did run the CVE scan of OpenSCAP tool on "jboss/cassandra" and it showed Vulnerabilities.


Version-Release number of selected component (if applicable):
Digest: sha256:3672553c8d625666dc1b04e82ef243e2070ab0d2f69e60be8c62bb687bb07b5e
Comment 4 Federico Simoncelli 2016-10-28 12:00:52 UTC 
Matt, is this belonging to you?
Comment 5 Matt Wringe 2016-10-31 15:51:55 UTC 
@fsimonce I don't believe so, the jboss/cassandra image is not something that I use.
Comment 6 Federico Simoncelli 2016-11-01 11:28:28 UTC 
Paul, just to make sure. Is this really belonging to you?

I am concerned because this is still filed as a CFME bug but I think it should be moved to some component related to Jboss.

Can you move the BZ?
Comment 7 Paul Gier 2016-11-09 19:42:48 UTC 
Yes, this issue belongs to the middleware team.
Comment 14 Hayk Hovsepyan 2016-12-06 15:44:17 UTC 
Reopening this bug by moving to 'Middleware Manager' product.
Comment 17 Paul Gier 2017-02-08 15:51:02 UTC 
The containers have been updated with the latest RHEL/EAP base images.  I think there's not much we can do on this issue other than regularly update our images.
Comment 18 Hayk Hovsepyan 2017-02-10 10:42:03 UTC 
Verified on DR1: jboss/jboss-eap-7-hawkular-agent:0.26.0.Final_redhat_1-1
Digest: sha256:9149b8ec93d7ae37c4c062dcbc5999dfd73527629b43d4363334c79fab5ba1fd

All CVEs are there. OpenSCAP Report is green.
Note You need to log in before you can comment on or make changes to this bug.