OpenShift Cluster is Not Correctly Using Patched ose-sti-builder Image for CVE-2018-1102
Issue
In my [3.1-3.3] cluster, I have pulled down the updated ose-sti-builder image that was patched for CVE-2018-1102. However, when I start new s2i builds, the system pulls an older image version.
# docker images
<docker_registry>/openshift3/ose-sti-builder v3.2.1.34 b536950df3d8 11 days ago 1.05 GB
<docker_registry>/openshift3/ose-sti-builder v3.2.1.31 6e0afbb1af12 12 months ago 472.9 MB
Our S2I build event logs show the old image being used:
9:32:25 PM Normal Pulled
Successfully pulled image "openshift3/ose-sti-builder:v3.2.1.31"
9:32:25 PM Normal Created
Created container with docker id <HASH>
9:32:25 PM Normal Started
Started container with docker id <HASH>
9:32:16 PM Normal Pulling
pulling image "openshift3/ose-sti-builder:v3.2.1.31"
9:32:15 PM Normal Scheduled
Successfully assigned cakephp-example-1-build to <pod>
Environment
Red Hat OpenShift Container Platform v3.1-3.3
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
