ACS detects wrong "glibc" version in scanned container image

Solution Verified - Updated -

Issue

  • Red Hat Advanced Cluster Security (RHACS) is detecting a wrong glibc version in a container image when scanning for vulnerabilities.

  • The container image contains glibc-2.34-100.el9_4.2, but glibc-2.34-100.el9.x86_64 is detected:

    podman run -it --entrypoint /usr/bin/rpm registry.example.com/test/example@sha256:fa1167b48a99c7add5301314086c99f3a096e178cd56e48be5530b44854954a9 -qi glibc
Name        : glibc
Version     : 2.34
Release     : 100.el9_4.2
Architecture: x86_64
[..]
Source RPM  : glibc-2.34-100.el9_4.2.src.rpm

    However roxctl detects the wrong version and a vulnerability (RHSA-2024:3339):

    $ roxctl image scan -e https://central-stackrox.apps.example.com --token-file /tmp/acs-token  -i registry.example.com/test/example@sha256:fa1167b48a99c7add5301314086c99f3a096e178cd56e48be5530b44854954a9  | jq '.scan.components[] | select(.name == "glibc")'
[..]
"name": "glibc",
"version": "2.34-100.el9.x86_64",
"vulns": [
{
  "cve": "RHSA-2024:3339",
  [..]
  "fixedBy": "0:2.34-100.el9_4.2",
[..]

Environment

  • Red Hat Advanced Cluster Security for Kubernetes (RHACS) 4.5

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content