Bug 1395091 - RHSA-2016:2674: libgcrypt security update (Moderate)
Summary: RHSA-2016:2674: libgcrypt security update (Moderate)
Keywords:
Status: CLOSED DUPLICATE of bug 1395088
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: openscap-container
Version: 7.3
Hardware: x86_64
OS: Linux
high
high
Target Milestone: rc
: ---
Assignee: Martin Preisler
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-11-15 06:18 UTC by Alex Jia
Modified: 2016-12-06 06:34 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-12-06 06:34:30 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Alex Jia 2016-11-15 06:18:18 UTC 
Description of problem:
atomic scan complains CVE error "RHSA-2016:2674: libgcrypt security update (Moderate)" in rhel7/openscap (26d9de88b340) image.

Version-Release number of selected component (if applicable):

[root@atomic-host-001 cloud-user]# cat /etc/redhat-release 
Red Hat Enterprise Linux Atomic Host release 7.3

[root@atomic-host-001 cloud-user]# atomic host status
State: idle
Deployments:
● rhel-atomic-host:rhel-atomic-host/7/x86_64/standard
       Version: 7.3.1 (2016-11-11 03:25:08)
        Commit: 6f182afa309da8df96470ba050845629f698946e9222f67eece5a1197e296c87
        OSName: rhel-atomic-host
  GPGSignature: (unsigned)
      Unlocked: development

[root@atomic-host-001 cloud-user]# getenforce
Permissive

[root@atomic-host-001 cloud-user]# rpm -q atomic skopeo docker
atomic-1.13.8-1.el7.x86_64
skopeo-0.1.17-0.5.git1f655f3.el7.x86_64
docker-1.12.3-2.el7.x86_64

[root@atomic-host-001 cloud-user]# atomic images list
   REPOSITORY                                  TAG      IMAGE ID       CREATED            VIRTUAL SIZE   TYPE       
☠  registry.access.redhat.com/rhel7/openscap   latest   26d9de88b340   2016-10-27 09:14   360.1 MB       Docker    
☠  rhel7                                       latest   f98706e16e41   2016-10-26 12:02   192.51 MB      Docker

How reproducible:
always

Steps to Reproduce:
1. atomic pull rhel7/openscap
2. atomic scan --scanner openscap --scan_type --images 


Actual results:

26d9de88b34078afad784bdbb00e314477890e53cae1a575ba21cd61404b0a27 (registry.access.redhat.com/rhel7/openscap:latest)

The following issues were found:

     RHSA-2016:2674: libgcrypt security update (Moderate)
     Severity: Moderate
       RHSA URL: https://rhn.redhat.com/errata/RHSA-2016-2674.html
       RHSA ID: RHSA-2016:2674-01
       Associated CVEs:
           CVE ID: CVE-2016-6313
           CVE URL: https://access.redhat.com/security/cve/CVE-2016-6313


Expected results:
fix cve.

Additional info:
Comment 2 Karel Srot 2016-11-21 07:55:35 UTC 
Hi Alex,
what is the purpose of this bug? The libgcrypt CVE was fixed in libgcrypt and the docker image will pull in the update with the next base image rebuild.
Comment 4 Alex Jia 2016-12-06 06:34:30 UTC 

*** This bug has been marked as a duplicate of bug 1395088 ***
Note You need to log in before you can comment on or make changes to this bug.