Bug 2016036 - Include at OCS 4.7 MCG core Container image the CVE fixes from RHEL8 on "nodejs:14"
Summary: Include at OCS 4.7 MCG core Container image the CVE fixes from RHEL8 on "node...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenShift Container Storage
Classification: Red Hat Storage
Component: distribution
Version: 4.7
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: OCS 4.7.5
Assignee: Eran Tamir
QA Contact: Raz Tamir
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-10-20 16:34 UTC by Rejy M Cyriac
Modified: 2021-10-26 19:51 UTC (History)
7 users (show)

Fixed In Version: 4.7.5-246.ci
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-10-26 19:51:34 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2021:4002 0 None None None 2021-10-26 19:51:39 UTC

Description Rejy M Cyriac 2021-10-20 16:34:50 UTC 
The fixes to 'Important' CVEs on "nodejs:14" shipped by RHEL8 are to be included at OCS 4.7, through inclusion of the relevant updated "nodejs:14" packages at respin of the impacted OCS 4.7 MCG core Container image.


= RHSA-2021:3666 - Security Advisory
  == https://access.redhat.com/errata/RHSA-2021:3666


= CVE-2021-3672
  == https://access.redhat.com/security/cve/CVE-2021-3672

= CVE-2021-23343
  == https://access.redhat.com/security/cve/CVE-2021-23343

= CVE-2021-22931
  == https://access.redhat.com/security/cve/CVE-2021-22931

= CVE-2021-22930
  == https://access.redhat.com/security/cve/CVE-2021-22930

= CVE-2021-32804
  == https://access.redhat.com/security/cve/CVE-2021-32804

= CVE-2021-22939
  == https://access.redhat.com/security/cve/CVE-2021-22939

= CVE-2021-22940
  == https://access.redhat.com/security/cve/CVE-2021-22940

= CVE-2021-32803
  == https://access.redhat.com/security/cve/CVE-2021-32803


= RHSA Errata
  == https://errata.devel.redhat.com/advisory/80371

= Updated nodejs:14 build
  == nodejs-14-8040020210817165654.522a0ee4


= Impacted OCS 4.7 Container image
  == Multi-Cloud Object Gateway core container


= Impacted packages at OCS 4.x Container images
  == npm-6.14.11-1.14.16.0.2.module+el8.3.0+10180+b92e1eb6.x86_64
  == nodejs-14.16.0-2.module+el8.3.0+10180+b92e1eb6.x86_64
  == nodejs-docs-14.16.0-2.module+el8.3.0+10180+b92e1eb6.noarch
  == nodejs-full-i18n-14.16.0-2.module+el8.3.0+10180+b92e1eb6.x86_64
Comment 9 errata-xmlrpc 2021-10-26 19:51:34 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenShift Container Storage 4.7.5 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:4002
Note You need to log in before you can comment on or make changes to this bug.