Why is rhoar-nodejs/nodejs-10 image vulnerable to multiple CVEs and not updated?
Issue
- Why is
rhoar-nodejs/nodejs-10image vulnerable to multiple CVEs and not updated? - The
atomic scanshows below results for the image.
[root@master-0 ~]# docker pull registry.access.redhat.com/rhoar-nodejs/nodejs-10
Using default tag: latest
Trying to pull repository registry.access.redhat.com/rhoar-nodejs/nodejs-10 ...
latest: Pulling from registry.access.redhat.com/rhoar-nodejs/nodejs-10
5af42566e7d1: Pull complete
c48c210d9947: Pull complete
caa1771d2710: Pull complete
d49b8d97a29c: Pull complete
dfa32611d40b: Pull complete
Digest: sha256:fd2838b6d3a627f6e463d627495cf4ba16aba20f42b9126c58446624761bb851
Status: Downloaded newer image for registry.access.redhat.com/rhoar-nodejs/nodejs-10:latest
[root@master-0 ~]# atomic scan registry.access.redhat.com/rhoar-nodejs/nodejs-10:latest
docker run -t --rm -v /etc/localtime:/etc/localtime -v /run/atomic/2019-11-04-06-52-38-328012:/scanin -v /var/lib/atomic/openscap/2019-11-04-06-52-38-328012:/scanout:rw,Z -v /etc/oscapd:/etc/oscapd:ro registry.access.redhat.com/rhel7/openscap oscapd-evaluate scan --no-standard-compliance --targets chroots-in-dir:///scanin --output /scanout -j1
Unable to find image 'registry.access.redhat.com/rhel7/openscap:latest' locally
Trying to pull repository registry.access.redhat.com/rhel7/openscap ...
latest: Pulling from registry.access.redhat.com/rhel7/openscap
17942523bc4b: Pulling fs layer
4c98734f2433: Pulling fs layer
78d61df01997: Pulling fs layer
1d241cc76d4f: Pulling fs layer
1d241cc76d4f: Waiting
4c98734f2433: Verifying Checksum
4c98734f2433: Download complete
1d241cc76d4f: Verifying Checksum
1d241cc76d4f: Download complete
78d61df01997: Verifying Checksum
78d61df01997: Download complete
17942523bc4b: Verifying Checksum
17942523bc4b: Download complete
17942523bc4b: Pull complete
4c98734f2433: Pull complete
78d61df01997: Pull complete
1d241cc76d4f: Pull complete
Digest: sha256:034690d08e1c8c286910679148cb995a559d596d961c558244bab41028ecd6c8
Status: Downloaded newer image for registry.access.redhat.com/rhel7/openscap:latest
registry.access.redhat.com/rhoar-nodejs/nodejs-10:latest (0d01232685c9e17)
The following issues were found:
RHSA-2019:3055: kernel security and bug fix update (Important)
Severity: Important
RHSA URL: https://access.redhat.com/errata/RHSA-2019:3055
RHSA ID: RHSA-2019:3055
Associated CVEs:
CVE ID: CVE-2018-20856
CVE URL: https://access.redhat.com/security/cve/CVE-2018-20856
CVE ID: CVE-2019-10126
CVE URL: https://access.redhat.com/security/cve/CVE-2019-10126
CVE ID: CVE-2019-3846
CVE URL: https://access.redhat.com/security/cve/CVE-2019-3846
CVE ID: CVE-2019-9506
CVE URL: https://access.redhat.com/security/cve/CVE-2019-9506
RHSA-2019:2964: patch security update (Important)
Severity: Important
RHSA URL: https://access.redhat.com/errata/RHSA-2019:2964
RHSA ID: RHSA-2019:2964
Associated CVEs:
CVE ID: CVE-2018-20969
CVE URL: https://access.redhat.com/security/cve/CVE-2018-20969
CVE ID: CVE-2019-13638
CVE URL: https://access.redhat.com/security/cve/CVE-2019-13638
RHSA-2019:2829: kernel security update (Important)
Severity: Important
RHSA URL: https://access.redhat.com/errata/RHSA-2019:2829
RHSA ID: RHSA-2019:2829
Associated CVEs:
CVE ID: CVE-2019-14835
CVE URL: https://access.redhat.com/security/cve/CVE-2019-14835
Files associated with this scan are in /var/lib/atomic/openscap/2019-11-04-06-52-38-328012.
- When will it get updated with latest spin?
Environment
- Red Hat OpenShift Application Runtimes
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.