Description of problem: Respin of RHGS 3 S3 Server Container image container to include CVE fixed at python-jinja2 packages. RHEL 7 has shipped python-jinja2 update with fix for "Important" CVE = RHSA-2019:1022 - Security Advisory == https://access.redhat.com/errata/RHSA-2019:1022 CVE-2016-10745 - https://access.redhat.com/security/cve/cve-2016-10745
I see that the rhgs-s3-server container has the python-jinja2 package which has the CVE fix done. Moving the bug to verified state. [root@dhcp46-207 scripts]# oc rsh gluster-s3-dc-1-l8zws sh-4.2# cat /etc/redhat-storage-release Red Hat OCS S3 Interface 3.4.4 Tech Preview (Container) sh-4.2# rpm -qa | grep python-jinja2 python-jinja2-2.7.2-3.el7_6.noarch sh-4.2# ls -l /root/buildinfo/ total 12 -rw-r--r--. 1 root root 2798 Apr 16 15:34 Dockerfile-rhel7-7.6-252 -rw-r--r--. 1 root root 4317 May 9 09:48 Dockerfile-rhgs3-rhgs-s3-server-rhel7-3.11.3-2
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:1407