Why is rhoar-nodejs/nodejs-10 image vulnerable to multiple CVEs and not updated?

Solution Verified - Updated -


  • Why is rhoar-nodejs/nodejs-10 image vulnerable to multiple CVEs and not updated?
  • The atomic scan shows below results for the image.
[root@master-0 ~]# docker pull registry.access.redhat.com/rhoar-nodejs/nodejs-10
Using default tag: latest
Trying to pull repository registry.access.redhat.com/rhoar-nodejs/nodejs-10 ... 
latest: Pulling from registry.access.redhat.com/rhoar-nodejs/nodejs-10
5af42566e7d1: Pull complete 
c48c210d9947: Pull complete 
caa1771d2710: Pull complete 
d49b8d97a29c: Pull complete 
dfa32611d40b: Pull complete 
Digest: sha256:fd2838b6d3a627f6e463d627495cf4ba16aba20f42b9126c58446624761bb851
Status: Downloaded newer image for registry.access.redhat.com/rhoar-nodejs/nodejs-10:latest

[root@master-0 ~]# atomic scan registry.access.redhat.com/rhoar-nodejs/nodejs-10:latest 
docker run -t --rm -v /etc/localtime:/etc/localtime -v /run/atomic/2019-11-04-06-52-38-328012:/scanin -v /var/lib/atomic/openscap/2019-11-04-06-52-38-328012:/scanout:rw,Z -v /etc/oscapd:/etc/oscapd:ro registry.access.redhat.com/rhel7/openscap oscapd-evaluate scan --no-standard-compliance --targets chroots-in-dir:///scanin --output /scanout -j1
Unable to find image 'registry.access.redhat.com/rhel7/openscap:latest' locally
Trying to pull repository registry.access.redhat.com/rhel7/openscap ... 
latest: Pulling from registry.access.redhat.com/rhel7/openscap
17942523bc4b: Pulling fs layer
4c98734f2433: Pulling fs layer
78d61df01997: Pulling fs layer
1d241cc76d4f: Pulling fs layer
1d241cc76d4f: Waiting
4c98734f2433: Verifying Checksum
4c98734f2433: Download complete
1d241cc76d4f: Verifying Checksum
1d241cc76d4f: Download complete
78d61df01997: Verifying Checksum
78d61df01997: Download complete
17942523bc4b: Verifying Checksum
17942523bc4b: Download complete
17942523bc4b: Pull complete
4c98734f2433: Pull complete
78d61df01997: Pull complete
1d241cc76d4f: Pull complete
Digest: sha256:034690d08e1c8c286910679148cb995a559d596d961c558244bab41028ecd6c8
Status: Downloaded newer image for registry.access.redhat.com/rhel7/openscap:latest

registry.access.redhat.com/rhoar-nodejs/nodejs-10:latest (0d01232685c9e17)

The following issues were found:

     RHSA-2019:3055: kernel security and bug fix update (Important)
     Severity: Important
       RHSA URL: https://access.redhat.com/errata/RHSA-2019:3055
       RHSA ID: RHSA-2019:3055
       Associated CVEs:
           CVE ID: CVE-2018-20856
           CVE URL: https://access.redhat.com/security/cve/CVE-2018-20856
           CVE ID: CVE-2019-10126
           CVE URL: https://access.redhat.com/security/cve/CVE-2019-10126
           CVE ID: CVE-2019-3846
           CVE URL: https://access.redhat.com/security/cve/CVE-2019-3846
           CVE ID: CVE-2019-9506
           CVE URL: https://access.redhat.com/security/cve/CVE-2019-9506

     RHSA-2019:2964: patch security update (Important)
     Severity: Important
       RHSA URL: https://access.redhat.com/errata/RHSA-2019:2964
       RHSA ID: RHSA-2019:2964
       Associated CVEs:
           CVE ID: CVE-2018-20969
           CVE URL: https://access.redhat.com/security/cve/CVE-2018-20969
           CVE ID: CVE-2019-13638
           CVE URL: https://access.redhat.com/security/cve/CVE-2019-13638

     RHSA-2019:2829: kernel security update (Important)
     Severity: Important
       RHSA URL: https://access.redhat.com/errata/RHSA-2019:2829
       RHSA ID: RHSA-2019:2829
       Associated CVEs:
           CVE ID: CVE-2019-14835
           CVE URL: https://access.redhat.com/security/cve/CVE-2019-14835

Files associated with this scan are in /var/lib/atomic/openscap/2019-11-04-06-52-38-328012.
  • When will it get updated with latest spin?


  • Red Hat OpenShift Application Runtimes

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content