Uploaded image for project: 'Openshift sandboxed containers'
  1. Openshift sandboxed containers
  2. KATA-3108

1.6.0 podvm builder container has many CVEs

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: High High
    • OSC 1.6.0
    • OSC 1.6.0
    • Operator
    • None
    • False
    • None
    • False
    • Approved
    • Kata Sprint #254
    • 0
    • 0

      Description

      <What were you trying to do that didn't work?>

      Container score is a B in the advisory.  THere are many CVEs listed from all severities.

      Steps to reproduce

      <What actions did you take to hit the bug?>
      1.
      2.
      3.

      Expected result

      <What did you expect to happen?>

      A score

      Actual result

      <What actually happened?>

      B score

      Impact

      <How badly does this interfere with using the software?>

      We can ship but we would need to fix the higher severity issues soon.

      Env

      <Where was the bug found, i.e. OCP build, operator build, kata-containers build, cluster infra, test case id>

      Additional helpful info

      <logs, screenshot, doc links, etc.>

      I noticed that the base image used in the dockerfile midstream uses the 9.3 tag

      FROM registry.access.redhat.com/ubi9/ubi:9.3

      We should at least be using 9.4, but maybe we should be using a golang builder image like we use for many of the other containers.

            rhgkurz Greg Kurz
            cmeadors@redhat.com Cameron Meadors
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: