- Issued:
- 2019-11-18
- Updated:
- 2019-11-18
RHBA-2019:3894 - Bug Fix Advisory
Synopsis
updated Red Hat Software Collections container images
Type/Severity
Bug Fix Advisory
Topic
Updated Red Hat Software Collections container images are now available in the Red Hat Container Registry.
Description
Red Hat Software Collections container images are based on the corresponding collection and the rhel7 or the ubi7 base image.
The following container images have been updated to provide a fix for CVE-2019-0155.
This update includes the following images:
rhscl/devtoolset-7-toolchain-rhel7
rhscl/devtoolset-7-perftools-rhel7
rhscl/devtoolset-8-toolchain-rhel7
rhscl/devtoolset-8-perftools-rhel7
rhscl/ror-50-rhel7
ubi7/s2i-base
rhscl/varnish-5-rhel7
rhscl/varnish-6-rhel7
rhscl/php-70-rhel7
rhscl/php-71-rhel7
ubi7/php-72
ubi7/python-27
ubi7/python-36
rhscl/perl-524-rhel7
rhscl/perl-526-rhel7
rhscl/ruby-24-rhel7
ubi7/ruby-25
rhscl/ruby-26-rhel7
ubi7/nodejs-8
ubi7/nodejs-10
To pull a container image, run the following command as root:
podman pull registry.access.redhat.com/<image_name>
For details regarding usage of the images, see Using Red Hat Software Collections Container Images linked from the References section.
All users of the Red Hat Software Collections container images are advised to pull these updated images from the Red Hat Container Registry.
Solution
The container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com using the "podman pull" command.
Affected Products
- Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
- Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
- Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
Fixes
- BZ - 1724398 - CVE-2019-0155 hw: Intel GPU blitter manipulation can allow for arbitrary kernel memory write
CVEs
References
- https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/using_red_hat_software_collections_container_images/
- https://access.redhat.com/documentation/en-us/red_hat_software_collections/2/html/using_red_hat_software_collections_container_images/
- https://access.redhat.com/containers
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
