1812986 – rebuild ceph 2.5 container for Important nss and sqlite RHSAs

Bug 1812986 - rebuild ceph 2.5 container for Important nss and sqlite RHSAs

Summary: rebuild ceph 2.5 container for Important nss and sqlite RHSAs

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	Container
Sub Component:
Version:	2.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	z5
Target Release:	2.5
Assignee:	Justin Caratzas
QA Contact:	Vasishta
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-03-12 16:03 UTC by Ken Dreyer (Red Hat)
Modified:	2022-02-21 18:19 UTC (History)
CC List:	6 users (show)
Fixed In Version:	rhceph-rhel7-container-2.5-16
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-03-23 09:21:31 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2020:0923	0	None	None	None	2020-03-23 09:21:34 UTC

Description Ken Dreyer (Red Hat) 2020-03-12 16:03:57 UTC

The RHCEPH 2 container includes nss and sqlite packages from RHEL 7 that are vulnerable to Important CVEs.

Important CVE-2019-6454 https://access.redhat.com/errata/RHSA-2019:0368

CVE-2019-13734 sqlite-3.7.17-8.el7

CVE-2019-11745 and CVE-2019-11729 nss-3.36.0-7.1.el7_6

This bug tracks rebuilding the ceph 2 container against the newer RHEL 7 base container image with the fixed packages.

Comment 6 errata-xmlrpc 2020-03-23 09:21:31 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0923

Note You need to log in before you can comment on or make changes to this bug.