1888292 – Fix CVE-2015-7501 affecting agent-maven-3.5

Bug 1888292 - Fix CVE-2015-7501 affecting agent-maven-3.5

Summary: Fix CVE-2015-7501 affecting agent-maven-3.5

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Jenkins
Sub Component:
Version:	4.6
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	4.7.0
Assignee:	Akram Ben Aissi
QA Contact:	Jitendar Singh
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1888650 (view as bug list)
Depends On:
Blocks:	1888650
TreeView+	depends on / blocked

Reported:	2020-10-14 14:15 UTC by Jitendar Singh
Modified:	2021-02-24 15:26 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-02-24 15:26:11 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift jenkins pull 1169	0	None	closed	Bug 1888292: updating the scl_source enable from rh-maven35 to rh-maven36	2020-12-17 06:21:23 UTC
Red Hat Product Errata	RHSA-2020:5633	0	None	None	None	2021-02-24 15:26:40 UTC

Description Jitendar Singh 2020-10-14 14:15:40 UTC

Description of problem:
We had customer issue which pointed out that our images have vulnerabilities.
Customer Case : https://access.redhat.com/support/cases/#/case/02771740


How reproducible:
Customer used jFrog xray tool to scan

Comment 5 Jitendar Singh 2020-10-15 04:06:36 UTC

Verified

Comment 6 Jitendar Singh 2020-10-15 16:48:40 UTC

- Pulled the maven agent from 4.7.0-0.nightly-2020-10-15-111254 and it works well and doesnt seems to e breaking anything
- used jenkins-agent-maven- quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2e7d39c86252a3edcca9aaed3871d18fb6f7030054e555a1b16524e245eae487
- Installed Quay Container Security to check for any vulnerabilities but it doesnt show any.

Comment 7 Jitendar Singh 2020-12-17 06:39:35 UTC

*** Bug 1888650 has been marked as a duplicate of this bug. ***

Comment 10 errata-xmlrpc 2021-02-24 15:26:11 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633

Note You need to log in before you can comment on or make changes to this bug.