Why is rhoar-nodejs/nodejs-10 image vulnerable to multiple CVEs and not updated?

Solution Verified - Updated -

Issue

  • Why is rhoar-nodejs/nodejs-10 image vulnerable to multiple CVEs and not updated?
  • The atomic scan shows below results for the image.
[root@master-0 ~]# docker pull registry.access.redhat.com/rhoar-nodejs/nodejs-10
Using default tag: latest
Trying to pull repository registry.access.redhat.com/rhoar-nodejs/nodejs-10 ... 
latest: Pulling from registry.access.redhat.com/rhoar-nodejs/nodejs-10
5af42566e7d1: Pull complete 
c48c210d9947: Pull complete 
caa1771d2710: Pull complete 
d49b8d97a29c: Pull complete 
dfa32611d40b: Pull complete 
Digest: sha256:fd2838b6d3a627f6e463d627495cf4ba16aba20f42b9126c58446624761bb851
Status: Downloaded newer image for registry.access.redhat.com/rhoar-nodejs/nodejs-10:latest


[root@master-0 ~]# atomic scan registry.access.redhat.com/rhoar-nodejs/nodejs-10:latest 
docker run -t --rm -v /etc/localtime:/etc/localtime -v /run/atomic/2019-11-04-06-52-38-328012:/scanin -v /var/lib/atomic/openscap/2019-11-04-06-52-38-328012:/scanout:rw,Z -v /etc/oscapd:/etc/oscapd:ro registry.access.redhat.com/rhel7/openscap oscapd-evaluate scan --no-standard-compliance --targets chroots-in-dir:///scanin --output /scanout -j1
Unable to find image 'registry.access.redhat.com/rhel7/openscap:latest' locally
Trying to pull repository registry.access.redhat.com/rhel7/openscap ... 
latest: Pulling from registry.access.redhat.com/rhel7/openscap
17942523bc4b: Pulling fs layer
4c98734f2433: Pulling fs layer
78d61df01997: Pulling fs layer
1d241cc76d4f: Pulling fs layer
1d241cc76d4f: Waiting
4c98734f2433: Verifying Checksum
4c98734f2433: Download complete
1d241cc76d4f: Verifying Checksum
1d241cc76d4f: Download complete
78d61df01997: Verifying Checksum
78d61df01997: Download complete
17942523bc4b: Verifying Checksum
17942523bc4b: Download complete
17942523bc4b: Pull complete
4c98734f2433: Pull complete
78d61df01997: Pull complete
1d241cc76d4f: Pull complete
Digest: sha256:034690d08e1c8c286910679148cb995a559d596d961c558244bab41028ecd6c8
Status: Downloaded newer image for registry.access.redhat.com/rhel7/openscap:latest

registry.access.redhat.com/rhoar-nodejs/nodejs-10:latest (0d01232685c9e17)

The following issues were found:

     RHSA-2019:3055: kernel security and bug fix update (Important)
     Severity: Important
       RHSA URL: https://access.redhat.com/errata/RHSA-2019:3055
       RHSA ID: RHSA-2019:3055
       Associated CVEs:
           CVE ID: CVE-2018-20856
           CVE URL: https://access.redhat.com/security/cve/CVE-2018-20856
           CVE ID: CVE-2019-10126
           CVE URL: https://access.redhat.com/security/cve/CVE-2019-10126
           CVE ID: CVE-2019-3846
           CVE URL: https://access.redhat.com/security/cve/CVE-2019-3846
           CVE ID: CVE-2019-9506
           CVE URL: https://access.redhat.com/security/cve/CVE-2019-9506

     RHSA-2019:2964: patch security update (Important)
     Severity: Important
       RHSA URL: https://access.redhat.com/errata/RHSA-2019:2964
       RHSA ID: RHSA-2019:2964
       Associated CVEs:
           CVE ID: CVE-2018-20969
           CVE URL: https://access.redhat.com/security/cve/CVE-2018-20969
           CVE ID: CVE-2019-13638
           CVE URL: https://access.redhat.com/security/cve/CVE-2019-13638

     RHSA-2019:2829: kernel security update (Important)
     Severity: Important
       RHSA URL: https://access.redhat.com/errata/RHSA-2019:2829
       RHSA ID: RHSA-2019:2829
       Associated CVEs:
           CVE ID: CVE-2019-14835
           CVE URL: https://access.redhat.com/security/cve/CVE-2019-14835


Files associated with this scan are in /var/lib/atomic/openscap/2019-11-04-06-52-38-328012.
  • When will it get updated with latest spin?

Environment

  • Red Hat OpenShift Application Runtimes

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In