OpenShift Cluster is Not Correctly Using Patched ose-sti-builder Image for CVE-2018-1102

Solution In Progress - Updated -

Issue

In my [3.1-3.3] cluster, I have pulled down the updated ose-sti-builder image that was patched for CVE-2018-1102. However, when I start new s2i builds, the system pulls an older image version.

# docker images
<docker_registry>/openshift3/ose-sti-builder       v3.2.1.34          b536950df3d8        11 days ago               1.05 GB
<docker_registry>/openshift3/ose-sti-builder       v3.2.1.31           6e0afbb1af12             12 months ago       472.9 MB

Our S2I build event logs show the old image being used:

 9:32:25 PM   Normal  Pulled   
Successfully pulled image "openshift3/ose-sti-builder:v3.2.1.31"   
 9:32:25 PM   Normal  Created   
Created container with docker id <HASH>   
 9:32:25 PM   Normal  Started   
Started container with docker id <HASH>   
 9:32:16 PM   Normal  Pulling   
pulling image "openshift3/ose-sti-builder:v3.2.1.31"   
 9:32:15 PM   Normal  Scheduled   
Successfully assigned cakephp-example-1-build to <pod>

Environment

Red Hat OpenShift Container Platform v3.1-3.3

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In