OpenShift Cluster is Not Correctly Using Patched ose-sti-builder Image for CVE-2018-1102

Solution In Progress - Updated -

Issue

In my [3.1-3.3] cluster, I have pulled down the updated ose-sti-builder image that was patched for CVE-2018-1102. However, when I start new s2i builds, the system pulls an older image version.

# docker images
<docker_registry>/openshift3/ose-sti-builder       v3.2.1.34          b536950df3d8        11 days ago               1.05 GB
<docker_registry>/openshift3/ose-sti-builder       v3.2.1.31           6e0afbb1af12             12 months ago       472.9 MB

Our S2I build event logs show the old image being used:

 9:32:25 PM   Normal  Pulled   
Successfully pulled image "openshift3/ose-sti-builder:v3.2.1.31"   
 9:32:25 PM   Normal  Created   
Created container with docker id <HASH>   
 9:32:25 PM   Normal  Started   
Started container with docker id <HASH>   
 9:32:16 PM   Normal  Pulling   
pulling image "openshift3/ose-sti-builder:v3.2.1.31"   
 9:32:15 PM   Normal  Scheduled   
Successfully assigned cakephp-example-1-build to <pod>

Environment

Red Hat OpenShift Container Platform v3.1-3.3

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content